Wix Website Security Gaff: ‘Is this a Bug?’

Wix is an online platform for building your website and getting a free start on your business at the basic level.

In the top tier (having paid for Wix), you can get many more features and a brilliant working website.

From Our Video Partners

At least, that was the thought.

Recently, Wix has come under fire by many people in the community who use the editor to make their online livelihood a reality.

So the reports go, the integrity of the user’s security has been called into question.

Like something right out of a hacker flick, users were getting an annoying quantity of emails from an address by the name of “messwiththebest.boi”.

Related image
This screenshot from the movie “Hackers” released in 1995 by Suftly Entertainment and United Artists depicts a screen display used by the characters computer in the film. The email address is clearly an Anti-Hacking reference to boost user morale.

These were no handfuls of emails either.  They were coming in the tens if not hundreds of thousands.

User AxxiosGrey added screenshots for us to use concerning this matter and depicts the process of his website going down due to Wix’s security debacle.

As seen by this screenshot submitted by a KNNP-TV viewer, the emails coming in numbered in the thousands and thankfully were stacked in this Gmail thread.

The “Mess With the Best” emails were telling the user that there were hacking attempts made against their domain.

As can be seen in the screenshot, these hacking attempts were beginning to flood in before the site was even made live.

The final email sent in the thread to this user by Wix states that the website was removed for safety concerns related to Wix’s security gaff.

Eventually, Wix made contact with AxxiosGrey and let him know that the website was removed due to security concerns.

This is not an isolated incident and according to an article on ThreatPost, this is not a new issue.

“Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites.
Cloud-based web host Wix.com is vulnerable to a DOM-based cross-site scripting vulnerability that can give attackers control over any of the millions of websites hosted on the platform.
“Simply by adding a single parameter to any site created on Wix, the attacker can cause their JavaScript to be loaded and run as part of the target website,” according to Matt Austin, senior security research engineer with Contrast Security.
Austin said Wednesday the vulnerability was still unpatched despite repeated attempts to warn and notify Wix.com since early October. On Thursday Wix.com representatives sent Threatpost a brief statement stating the problem has been solved.
“We take the security of our customers very seriously. After thorough examination we can state that the issue has been addressed. We do operate a formal bug bounty program and are taking steps to widen the community,” said Matt Rosenberg, Wix.com spokesperson. According to Wix.com’s own estimates, there are 86 million users of its platform.”

While confirmation of this issue being fixed has floated around for a long time, the issue is still being widely reported.

ZDNet wrote an article on May 2nd of this year detailing that the same kind of attack is being used against Wix as well as a few other DOM and Cloud Managed Web Hosts up to and including Shopify, Weebly, SquareSpace, Magneto and OpenCart (including other sites that run off of its technology.)

With Wix being by far the easiest and largest editor in the modern market, these concerns are shared among 137 Million users, according to Wix themselves.

UPDATE:

The updated number of emails

Advertisements
Show More

Related Articles

Leave a Reply

Back to top button
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker