We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already blacklisted about seven thousand sites because of this malware.

Lees hier het Magento

discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs
More information: http://bit.ly/1Oyu2pN

as this overload is caused by regular requests (although those requests are coming sometimes in a big amount), there is nothing a control panel can detect about them.

The requests to xmlrpc.php are a quite common problem - and are not solved by deleting that file, as then the requests are redirected to the index.php and overloading your site again.


Here you will find a strategie how to protect yourself with a simple rule in the .htaccess of your WordPress installation:

We herhalen het nog maar eens!

The bruteforce attacks against WordPress and Joomla login pages - as written here already: https://www.helpburo.eu/index.php?/News/NewsItem/View/67/massale-brute-force-pogingen-op-wordpress-sites - are getting worse all over the internet, not only on your server.

Even worse are the WordPress xmlrpc pingback attacks which are well known
since years - see here a description and also a solution to this
problem:

Patchman op alle webhosting accounts & reseller pakketten 

Patchman scant alle websites op onze hosting servers dagelijks en detecteert software lekken en malware.
Mocht er een softwarelek of malware op uw website gevonden worden dan ontvangt u hierover per omgaande een e-mail.
Bent u niet de gelegenheid om het probleem zelf op te lossen dan doet Patchman dit automatisch voor u, na afloop ontvangt u dan een bevestiging van de uitgevoerde patch en via

Critical severity vulnerability in the WordPress WooCommerce plugin

The vulnerability is only present when WooCommerce’s “PayPal Identity Token” option is set. If it is, your site is vulnerable to an Object Injection type of vulnerability, which essentially means that depending on the context the site is running in, it may be used to do a variety of things. We managed to use a combination of WordPress and WooCommerce components with a known PHP bug (CVE-2013-1643) to