This new error exposes millions of websites and their visitors to great danger
This new error exposes millions of websites and their visitors to great danger.. This is how you protect yourself and your website
Not all web pages on the Internet are safe, something that should always be kept in mind to avoid making mistakes. However, we can find reliable sites, created without any malicious intent, but which have some vulnerabilities and are very dangerous for a moment. This is what happens with several million pages that have a security hole.
This is a bug that has affected around six million WordPress websites. This leaves them vulnerable to phishing attacks. Basically, an attacker is able to take control of that website, and from there, they can distribute malware, phishing attacks, and redirect visitors to other malicious pages...
This vulnerability has been registered as CVE-2024-44000. It affects LiteSpeed Cache and was discovered a few days ago, so sites of all kinds can be hacked and many users are at risk.
The bug affects the functionality of this plugin, which is responsible for recording HTTP headers for the file. These types of headers contain session cookies that authenticate users of this website. If stolen by an attacker, they could impersonate the page administrator and take full control.
Users will be asked to log in to that website. This way, they can steal session cookies and take control of them. From there, they can modify that page and influence other users who access it.
If you have a WordPress site and use the LiteSpeed Cache plugin, security researchers recommend clearing all debug.log files from your servers to remove potentially stolen cookies. Additionally, they recommend creating a .htaccess rule to prevent direct access to log files.
However, the most important thing is to update everything. They have already released LiteSpeed Cache v6.5.0.1 to fix the issue. However, at the moment, there have only been about 400,000 downloads of the update since this version became available, so we are talking about over 5 and a half million pages that are still vulnerable.