Late last month, almost immediately after publishing a Tweet critical of Netflix for hiring Susan Rice, just months after leaked emails implicated her in the illegal smuggling of weapons and munitions into Libya directly in violation of a United Nations embargo, I began to experience a fairly large number of attempted Cross Site Scripting (XSS) attacks through a shared/syndicated connection I had established through Twitter on one of my previous domain names.
Setting up the remainder of the article, months ago when Bankrupt Medi4 was under the name/domain of The Daily Proletariat (https://proletariatdaily.com), I configured my WordPress site to automatically post any/all new articles directly to Twitter remotely. This process is known as Twitter syndication and can be set up manually through the wp-admin Dashboard. Honestly, after switching Twitter handles, transferring domains and making a number of other changes to my site I had completely forgotten about the connection, until the XSS attacks began to pile up.
How do I know this?
Cross referencing the 404 Error logs on my Firewall with the timing of the attacks, on multiple occasions I noticed well over 3 dozen hits attached to a URL associated with:
as the website/article currently exists, and has existed for months. ^^^
This means that hackers were attempting XSS attacks on the cached version of the article as it exist before I made the domain switch. For example, here is just a small sample of my firewall logs from 1 of the attacks, and there are over 3 dozens more logs just like it:
New research published by GoSecure on April 3rd 2017, the same day of one of the attacks above, explains how hackers have begun exploiting holes in cached servers to conduct advanced XSS attacks on the web, exactly the type of XSS attacks I had been experiencing in late March to early April. GoSecure‘s article goes on to explain how:
Read GoSecure’s Full Article Here: http://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/
How To Mitigate The Attack In The Future?
If you own a WordPress site like me they make plugins specifically designed to purge Varnish cache and/or force website traffic through, just simply enter a search for them to learn more.
Lastly, This Is An Extremely Advanced Attack
Considering that I am the first person on the internet to report this style of XSS attack, at least that I am aware of, and the attacks only started after I criticized the former National Security Advisor for “allegedly” violating international law and contributing to the genocide of thousands of people, I have no reason other than to believe that this attack originated from some of the highest levels of the United States Government – but that might just be the inner ‘tin foil hatter‘ in me talking.
Moreover, considering that the attack involved the attempted exploitation of cached versions of my website, of which new research about this was just published for the first time by GoSecure last week, it’s only testament to just how innovative these attacks really are.
Categories: Hacking News