Archive by Author

Website Ransomware – CTB-Locker Goes Blockchain

During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling “malware removal” services to users of infected computers. But unlike fake anti-viruses, that were mostly harmless, and used as aRead […]

Sucuri – 2016 Redesign

A few weeks ago, while enjoying a fine lunch on a bright sunny day in Southern California, our researcher and marketing teams found themselves across the table from each other enjoying a fine feast. Unbeknownst to them, they quickly find themselves in the middle of a childish debate between Tony and I on the merits ofRead […]

Beware of Unverified TLS Certificates in PHP & Python

Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your website, or clear your CDN’s cache. The HTTPS protocol is used to secure the connection with the API server. However, if your web app doesn’t verify the TLS certificate, aRead […]

Hacked Websites Redirect to Porn from PDF / DOC Links

We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we’ll tell you about yet another interesting black hat SEO attack that we’ve been watching for the last year. Let’s begin with symptoms: When peopleRead […]

Ask Sucuri: How Does Sucuri Clean a Website?

Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To understand how we do it, you have to understand where it all comes from. The biggest challenge with providing incident response services (remediation) on compromised websites is that a majorityRead […]

Server Security: Indicators of Compromised Behavior with OSSEC

We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, rootkit detection, real-time alerting, and active response. It provides complete coverageRead […]

When a WordPress Plugin Goes Bad

Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin. When this plugin was removed from the official WordPress Plugin directory, the authors revived another WordPress account with a long abandoned plugin and uploaded SweetCaptcha as a “new version” of that plugin. InRead […]

Behind the Malware – Botnet Analysis

While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerability led to massive website compromises in 2015, was being leveraged again in an attempt to infect websites over a year since its initial disclosure. The original hack required sending an AJAX request containing the action revslider_ajax_action toRead […]

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March 2014. The problem, as previously described,was that any WordPress website with the pingback feature enabled (which is on by default) could be used to attack the availability of other websites. The attacks wouldRead […]