this post was submitted on 08 Mar 2024
70 points (98.6% liked)
Technology
59605 readers
3415 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is the best summary I could come up with:
A web search for the JavaScript that performs the attack showed it was hosted on 708 sites at the time this post went live on Ars, up from 500 two days ago.
Like the hacked websites hosting the malicious JavaScript, all the targeted domains are running the WordPress content management system.
When this data is fed into the browser visiting the hacked site, it attempts to log into the targeted user account using the candidate passwords.
Roughly 0.5 percent of cases returned a 200 response code, leaving open the possibility that password guesses may have been successful.
As Sinegubko notes, the more recent campaign is significant because it leverages the computers and Internet connections of unwitting visitors who have done nothing wrong.
NoScript breaks enough sites that it’s not suitable for less experienced users, and even those with more experience often find the hassle isn’t worth the benefit.
The original article contains 609 words, the summary contains 148 words. Saved 76%. I'm a bot and I'm open source!