At CloudFlare a lot of our customers use WordPress, that’s why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall. WordPress’ ubiquity on the web can make it an ideal target for Layer 7 attacks, and its powerful features as a blogging […]
ECDSA: The digital signature algorithm of a better internet
This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014. At CloudFlare we are constantly working on ways to make the Internet better. An important part of this is enabling our customers to serve their […]
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every website owner. Today I want to talk about a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. Any WordPress site with XML-RPC enabled […]
Joomla Security Updates – Version 2.5.19 and 3.2.3 Released
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to update and apply these patches ASAP to ensure that your site continues to run securely. If you are behind our CloudProxy Firewall, we will virtually patch […]
Highly Effective Joomla Backdoor with Small Profile
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. The things they are doing, and by they I mean the attackers, are in some instance ingenious. I think you’ll agree that […]
CloudFlare Publishes Transparency Report for 2013
On January 27, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security Orders, affording slightly more latitude in how companies could report the number of National Security Orders which they had received. Within several hours, CloudFlare presented its initial Transparency Report on National […]
Sucuri CloudProxy Website Firewall Improvements
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, our team has been extremely focused on improving it everyday. If you are not familiar with CloudProxy, I highly recommend reading some of the documentation and benefits of […]
SiteCheck Chrome Extension Now Available
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user, then you’re in luck because we’ve made it much simpler for you to utilize SiteCheck, our website malware scanner. Whether you want to scan your own […]
Malicious iFrame Injections Host Payload on Tumblr
It’s always fun to watch malware developers using different techniques to code their creations. Sometimes it’s a matter of obfuscation, placement, injection, but this time it’s how they code it to be dynamic. I believe this is not the first one that uses this service, but it’s the first time I’m seeing it. Twitter and […]
PHP Backdoors: Hidden With Clever Use of Extract Function
When a site gets compromised, one thing we know for sure is that attackers love to leave malware that allows them access back to the site; this type of malware is called a backdoor. This type of malware was named this because it allows for remote control of a compromised website in a way that […]
