One of my company’s WordPress installations has been hacked by Turkish hackers recently. After quick investigation I’ve found that script version was little bit old (not a very popular website, mea culpa, not updated very often). In case you didn’t know, WordPress is bundled with readme file by default. I’ve found that malicious scripts or people use that to determine your version’s branch. So I’ve decided to Troll them a little bit…
To check if your site is vulnerable to version checking go to: http://yourwebsite.com/readme.html. If you can see something like this:
Download .htaccess file from your hosting using your favorite FTP client and edit it. Add redirect line like in example below:
RewriteEngine On RewriteBase / Redirect 301 /readme.html https://youtu.be/dQw4w9WgXcQ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
In this case I’m redirecting any readme.html request to Rick Astley’s song, you know which one ๐
Let’s make Turkish hackers life harder ๐
PS. Polish website dedicated to security uses this technique to redirect their visitors to application form for training course. Check this: http://niebezpiecznik.pl/readme.html