RSS (WP COmments),Teamviewer, are creating a growing DDOS Web and is not jumping into system files

  • Comments are being replicated on mirrored servers once infected and the main source that i tracked it to was http://momu-it.dk/ they even left a encrypted message about what they were doing in the RSS feed http://momu-it.dk/?feed=comments-rss2. They had another company called 55printing.com that seem to be the source of the spread but once i stopped the teamviewer socket client side they started shutting things off. They were stupid enough to have a encoded message with the actually domain. The crazy thing is they are in Denmark, The Domain is registered to Scottsdale Arizona which is Exactly the center my go daddy server is on. Either they are replicating and spreading or they have slowly been growing for the past 2 years with it. The bad part is something has changed because i literally recented today watch it infect mt Window Machine now and rewrite the windowsLogon.exe file and start its own host like teamviewer.

  • religionishate.com has the corrupted RSS comment feeds and they only have to place one comment an the admin does not even have to open it to give them writable permissions. The general user is fine but not the servers, or admins and that is how it is spreading.

  • Thanks for the report but it sounds to me like you should post this in the support forums for sites using standalone WordPress. https://wordpress.org/support/ You’ve posted it in the forums for hosted WordPressdotcom.

    I’ve left this tagged for Staff as I can no longer locate the link to report possible security issues here.

  • Seems as though it is the main culprit in how DDoS Operates and keeps happening on WordPress and the fact that they run their mirror servers using the shell of Teamviewer makes it darn near impossible to even detect it is coming from you. Plus I monitored my server and it was going crazy but for the last week i have been tracking the group who seems to be at the source..

  • Hi there,

    You can report security issues with the self-hosted WordPress software using the guidelines here:

    Reporting Security Vulnerabilities

  • The topic ‘RSS (WP COmments),Teamviewer, are creating a growing DDOS Web and is not jumping into system files’ is closed to new replies.