Archive by Author

Ask Sucuri: How to Stop Brute Force Attacks?

Ask Sucuri: My site is under a brute force attack. What can I do? How can we solve this password guessing problem known as brute forcing? This is a common question we get from users of our WordPress plugin and from the overall community. Brute force attacks are very common, but most people do not […]

How Scammers Abuse Baidu Search Results

If you use Skype, recently you may have received Baidu link spam from some of your contacts. The links look like this: www.baidu[.]com/link?url=_QIcrpeV-oOPb6HGTgigvW00e0fiBQyFjSui12FrARO#emubahyt= When you click these links you end up on fake news sites with articles about a new miracle medicine that may help you lose weight or double your IQ. Here are the typical headlines […]

How to Secure Websites for Clients

In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to use them to better account for client website security. In this post I will touch on some of the key areas in a project’s lifecycle that can be leveraged to build stronger […]

Unrestricted Backend Login Method Seen in OpenCart

From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them […]

Exploited Script in WordPress Theme Sends Spam

As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code […]

Spotlight: How StreetHunters Fixed a Website Hack

Two years ago, we started compiling reviews from Sucuri customers. Today we have over 60 case studies, most of them from web developers and designers. Interestingly enough, we also have a lot of case studies from photographers who run their own websites. Our very first case study came from Spyros Papaspyropolous – street photographer, blogger, […]

Malicious Redirect Injected in Magento One Page Checkout

With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have been targeting Magento installations in order to steal sensitive information like credit card data or PayPal logins, but in this case, promote websites for their monetary gain. Being PCI compliant is becoming increasingly […]

Website Spam Infection via Zip File Upload

Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware. The malware creates doorways for hundreds of random trending keywords – from news to porn. For its templates, it uses mobile pages of some legitimate sites (probably taking into account the latest Google’s “mobile first” approach). Infection Details […]

IPv4 vs IPv6 Performance Comparison – Part 2

A few months ago, we posted an article about the difference between IPv4 and IPv6. Our research team has expanded on those findings with additional performance tests, more domains, and more locations. In addition to assessing the speed and performance, the analysis we are presenting today leverages statistical hypothesis tests to clearly identify winners and […]