911 Hack Removal

WordPress Websites Showing “1800ForBail – One+Number” As Titles

Updated on: March 29, 2020

WordPress Websites Showing “1800ForBail – One+Number” As Titles

A bizarre hack has come to notice on WordPress websites. A huge number of WordPress websites are showing “1800ForBail – One+Number” or this “1800ForBail” as its SEO title/Blog name. Till now, it looks like a massive black hat SEO campaign. However, it could be more than that.

Here is how it appears in Google search results:

Attack Details

Typically in these cases, hackers change the standard WordPress setting “blogname” to display desired keywords/titles. This could also be confirmed by the HTML page analysis of these hacked sites. Here is the malicious HTML responsible for this hack in these sites-

<meta property="og:title" content="Home - 1800ForBail" />

<meta property="og:url" content="hxxps://deliverygoodstrategy[.]com/destiny?tt=2&/" />

<meta property="og:site_name" content="1800ForBail" /

The reason that the attacker was able to manipulate these HTML codes could be attributed to plugin vulnerabilities. In most of these cases, the victim sites were using outdated and unpatched plugins and themes. Some of the plugins that were previously found as a culprit in the site URL attacks are WordPress GDPR ComplianceTagDiv themesFreemius Library (and all plugins that use it), Convert Plus, etc.

Other Similar Attacks

This “1800ForBail” blog name attack is similar to cases we have seen in the past. Cases like Japanese SEO spam, Korean SEO spam where the hackers change a site’s URL to render Japanese/Korean keywords to increase the visibility of his site.

Another attack that it resembles is the Site URL attack. In Site URL attacks, hacker changes the URL of the hacked websites to that of his domain. The purpose of this is to redirect visitors of the site to his domain.

Mitigation Measures

To restore your website from this nightmare, you should change the “Blog title” setting from their WordPress admin interface (or the “blogname” option in the wp_options table). Also, since a lot of trouble arises from outdated & vulnerable plugins/themes, updating them is the most prudent measure.

In addition to this, installing a premium website protection on your website will make you more immune to defacing attacks like these. In case you are infected by the “1800ForBail” attack, contact us and we will be happy to help you out.

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany