stoickp

Thank you for your reply, @wbrubaker !

This is a mandatory protocol in my country. Most transactions are authenticated using an OTP. I don’t think I’ve turned on any setting for that. But is there a way I can disable this on Stripe?

I am pretty sure others would also be facing the same issue

@zabnabs That’s what I was thinking. They seem to be careless about it and might have launched a mass attack, just hoping to infect any number of website they could. For now, it’s best to block the domain & name using @wigster plugin.

I have added some more htaccess rules to prevent XSS attacks & SQL injection. Not sure if that would be of any use here.

Also, do refresh your WP Salt keys after you have deleted the dummy users.

@zabnabs : Yes, I had bot protection enabled in CloudWays & had also disabled any user registrations. They seem to be exploiting either a plugin or wordpress core files.

@wigster Thanks, have tested & installed it. It’s working fine.

I think the attacker is also using POST requests to alter stuff. Do you think we can block these POST requests using htaccess rules?

@wigster : Thanks a lot for this! I think this is only blocking orders in the name of “bbbbb”

Would it be possible for you to also block orders using the domain name “abbuzz.com”

Because I am pretty sure the attacker will try and change tactics soon

Another thing we can try is to ban registrations for the “abbuzz.com” using the following code :

https://www.cozmoslabs.com/docs/profile-builder-2/developers-knowledge-base/login-logout-register/block-certain-email-domains-registering/

I googled and found out this .htaccess rule. This will prevent any registration.

Please backup your website/db & htaccess file before testing these.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login.php\?action=register).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

I can confirm the same. In fact this is happening across multiple web hosts. I have websites on Siteground & Cloudways where these orders have been placed.

On one of the website, user registrations are disabled altogether, still they somehow managed to create a user with “Customer” role.

Any luck with figuring out the solution to this?

I have added some new rules to my .htaccess file – Preventing XSS attacks & preventing SQL injections. Not sure if that will help.

Reference : https://thrivewp.com/sql-injections-hack-wordpress-security/