A bizarre hack has come to notice on WordPress websites. A huge number of WordPress websites are showing “1800ForBail – One+Number” or this “1800ForBail” as its SEO title/Blog name. Till now, it looks like a massive black hat SEO campaign. However, it could be more than that.

Here is how it appears in Google search results:

Attack Details

Typically in these cases, hackers change the standard WordPress setting “blogname” to display desired keywords/titles. This could also be confirmed by the HTML page analysis of these hacked sites. Here is the malicious HTML responsible for this hack in these sites-

<meta property="og:title" content="Home - 1800ForBail" />

<meta property="og:url" content="hxxps://deliverygoodstrategy[.]com/destiny?tt=2&#038;/" />

<meta property="og:site_name" content="1800ForBail" /

The reason that the attacker was able to manipulate these HTML codes could be attributed to plugin vulnerabilities. In most of these cases, the victim sites were using outdated and unpatched plugins and themes. Some of the plugins that were previously found as a culprit in the site URL attacks are WordPress GDPR ComplianceTagDiv themesFreemius Library (and all plugins that use it), Convert Plus, etc.

Other Similar Attacks

This “1800ForBail” blog name attack is similar to cases we have seen in the past. Cases like Japanese SEO spam, Korean SEO spam where the hackers change a site’s URL to render Japanese/Korean keywords to increase the visibility of his site.

Another attack that it resembles is the Site URL attack. In Site URL attacks, hacker changes the URL of the hacked websites to that of his domain. The purpose of this is to redirect visitors of the site to his domain.

Mitigation Measures

To restore your website from this nightmare, you should change the “Blog title” setting from their WordPress admin interface (or the “blogname” option in the wp_options table). Also, since a lot of trouble arises from outdated & vulnerable plugins/themes, updating them is the most prudent measure.

In addition to this, installing a premium website protection on your website will make you more immune to defacing attacks like these. In case you are infected by the “1800ForBail” attack, contact us and we will be happy to help you out.

Was this post helpful?



Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Aakanchha Keshri

Aakanchha is a tech & cybersecurity enthusiast. She is an active reader and writer of the cybersecurity genre.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close