Archive by Author

Fake Media Download Sites

Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engines. You spend time working hard to build authority and trustworthiness. When your pages rank high enough, you may find yourself with a whole new setRead […]

Using WPScan: Finding WordPress Vulnerabilities

When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead […]

Vulnerability Details: Joomla! Remote Code Execution

The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead […]

Website Malware – Evolution of Pseudo Darkleech

Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the random parts changed on every page load. Back then, we identified that it was not a server-level infection. TheRead […]

Server Security: OSSEC Updated With GeoIP Support

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response. It provides aRead […]

Increased Popularity in DDoS Extortion Campaigns

Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different cyber crime groups, including DD4BC, Armada Collective and a few more unnamed ones. These DDoS extortion attempts are starting to exploit smaller websites that may be less able to defendRead […]

Sucuri += HTTP/2 — Announcing HTTP/2 Support

We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already supports HTTP/2 (including this blog) and we will be rolling out HTTP/2 to all account dashboards very soon. We have always supported SPDY (the HTTP/2 predecessor) and decided to upgradeRead […]

Unwanted Software and Harmful Programs

We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs, firewalls and and e-mail spam. Recently I came across an interesting case where Google was flagging a website due to unwanted software. Via our response platform we were able to get toRead […]

Spam Campaign Causes “DDoS” by Googlebot

Every once in a while we get a glimpse into rare and strange behavior that doesn’t involve the website being hacked, but causes major problems for website owners. We have spoken recently about malicious referral spam in Google Analytics and Google Search Console being used by attackers after they gain access to a website. Today,Read […]