butlincat's blog - a blog...a seeker of the truth

“As long as justice is postponed we always stand on the verge of these darker nights of social disruption...so said Martin Luther King Jr. in a speech on March 14, 1968, just three weeks before he was assassinated.

...hello + welcome!

FAIR USE NOTICE: This site may contain copyrighted (© ) material. Such material is made available to advance understanding of ecological, political, human rights, economic, democracy, scientific, moral, ethical, and social justice issues. This constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, this material is distributed for analysis, commentary, educational and intellectual purposes. In some cases comedy and parody have been recognized as fair use - Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License..... For more information please visit: http://www.law.cornell.edu/uscode/text/17/107

This blog is for regular updates + info connected to the ILLUMINATI, 911, 7/7, recent UFO sightings, CHEMTRAILS, MORGELLONS [98% OF WORLDS POPULATION HAS MORGELLONS DISEASE, they claim - see "Morgellons & SmartDust Infect Individuals to be Tracked via Satellite" https://www.youtube.com/watch?v=Baua4QzgAjc - MIND CONTROL {MK ULTRA, MANNEQUIN etc.}, ELECTRONIC SURVEILLANCE, JOHN LEAR, ALEX COLLIER, PROJECT CAMELOT, PROJECT AVALON, MICHAEL TSARION, JORDAN MAXWELL, PRESTON NICHOLS, AL BIELEK, STEWART SWERDELOW, DUNCAN CAMERON, WILLIAM COOPER, PHIL SCHNEIDER, David Wilcock, FRITZ SPRINGMEIER, BILLY MEIER, MAX IGAN, STEW WEBB, "Democracy Now!", Henry Makow, Linda Moulton-Howe, Dan Burisch, Webster Tarpley, Brother Nathanael, Timothy Good, Miles Johnson, Jim Marrs, John Hutchison, Wikileaks, Julian Assange #FreeAssange #FreeManning #FreeHammond, Dr. John Hall, Edward Snowden, Vladimir Putin, John Lennon, Bob Zimmerman [Dylan], award winning journalist John Pilger's site is www.johnpilger.com + many more who can only be described as heroes...

Like many, this site is shadowbanned, as daily viewing figures prove since March 2018, when before then the figures were 10 times as much as they are since [from approx. 5000 views per day to 500]: "Shadowbanning" is the "act of blocking or partially blocking a user or their content from an online community" - see more: What is "shadowbanning - truther sites are often targeted:

NewsGuard Launches War on Alternative Media ...

Targeted? victimised?...been dealt "rough justice"? see more: VICTIMS OF THE STATE https://butlincat.com/

my Twitter: http://www.twitter.com/butlincat

my Facebook: https://www.facebook.com/butlin.cat.9

"Do not be deceived, God is not mocked; for whatever a man sows, this he will also reap" Galatians 6:7

......Namaste.....John Graham - butlincat

Jai guru deva om जय गुरुदेव ॐ ... peace!

frank zappa: “The illusion of freedom will continue as long as it’s profitable to continue the illusion. At the point where the illusion becomes too expensive to maintain, they will just take down the scenery, they will pull back the curtains, they will move the tables and chairs out of the way and you will see the brick wall at the back of the theater.”

Saturday, 9 December 2017

More than 5,000 WordPress websites plagued with Keylogger – 08 Dec. 2017

WordPress is one of the most used platforms in the world with more than 75 million websites using its content management system (CMS), and that is good enough reason for hackers to target WordPress-based websites.

Old Malware New Capabilities

Recently, researchers at website security platform Sucuri discovered that 5,500 WordPress websites are infected with malware that was initially identified in April this year as Cloudflare.solutions. At that time, the malware had cryptomining capabilities, but now, it is equipped with keyloggers.
The malware works in such a way that it exploits functions.php file used by WordPress themes. It queues Cloudflare[.]solutions scripts and uses a fake CloudFlare domain in the URLs who loads a copy of a legitimate ReconnectingWebSocket library.

What Has Changed Since April

Previously when researchers identified the fake domain; its homepage displayed the message “This Server is part of Cloudflare Distribution Network, ” but the new message claims “This server is part of an experimental science machine learning algorithms project.”
Another change identified by researchers is the cors.js script. Upon decoding, there is no outright suspicious code like those banner images in the previous version. However, the script loads Yandex.Metrika, Yandex’s alternative to Google Analytics.
Furthermore, Sucuri researchers found two fake CloudFlare domains, one of which contains long hexadecimal parameters. These domains might look legitimate, but one of those domains does not exist while the other one (cdnjs.cloudflare.com) delivers payloads that are hexadecimal numbers after the question mark in the URLs. Moreover, the script according to researchers decodes and injects the result into web pages making it a keylogger.
More than 5,000 WordPress website plagued with Keylogger
(Image Credit: Sucuri)

This script adds a handler to every input field on the websites to send its value to the attacker (wss://cloudflare[.]solutions:8085/) when a user leaves that field, wrote Sucuri’s malware researcher Denis Sinegubko.What Does This Keylogger Do

The keylogger is designed to steal login credentials from WordPress sites while its prime target is e-commerce platforms to steal customers banking and card payment details. In case the platform requires users to log in with their social media details, personal email address or any other sensitive and useful data, the keylogger will also steal and send them to the attackers. 
More than 5,000 WordPress website plagued with Keylogger
Websocket traffic on an infected login page (Image Credit: Sucuri)
The Cloudflare.solutions malware also injects websites with CoinHive cryptocurrency miner scripts that uses visitor’s CPU power to mine Monero digital coins

What WordPress Site Owners Should Do

Since the malicious code for this malware exists in the function.php file of the WordPress theme, users are advised by Suciri to “remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts.” 
It is highly advised that WordPress site owners should check if their site is infected with Cloudflare.solutions malware and change all login credentials including username and password. In case you are looking for tips on how to secure your WordPress site from ongoing threats follow this link.