Survey Questions That Work: How to Unlock Your Customers’ Deepest Desires How well do you know your customers and their needs? And, how well do you meet those needs? Do you just create a product and send it out? Or, do you take the trouble to analyze who your customers are, what they need, and […]
How to Add SSL and HTTPS in WordPress
In this article, the following concerns below will be tackled; What is HTTPS and SSL? Why do you need HTTPS and SSL? Requirements for using HTTPS and SSL on a WordPress Site How to setup WordPress to use SSL and HTTPS Find out how.
Vulnerability Disclosures – A Note To Developers
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the most secure, can, with time, can be used for nefarious actions. We ourselves find weaknesses in our code, internally and externally, and have to work […]
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the details explaining how attackers could use this vulnerability to inject malicious iframes on websites using this plugin. Technical details This vulnerability exploited a somewhat well-known attack vector amongst WordPress plugins: unprotected […]
The Dynamics of Passwords
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Are you re-using any of the same passwords to make it easier to remember them? We see it all too often: weak passwords used for FTP, […]
Analyzing Malicious Redirects in the IP.Board CMS
Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller CMS’s and we help clean all kinds of sites. This post will be about conditional redirects in IP.Board forums (currently #27 with 0.3% of the CMS market). Conditional redirects The symptoms of […]
Get Started with CloudFlare ServerShield for Plesk
ServerShield makes it easy to activate CloudFlare and StopTheHacker. CloudFlare has partnered with Parallels, the leading hosting solutions provider, to make server protection, content acceleration and malware removal easier than ever. We recently launched CloudFlare ServerShield® to all Plesk 12 users as an extension. ServerShield combines the performance and security features of CloudFlare with the […]
Updating the DNS Registration Model to Keep Pace with Today’s Internet.
CloudFlare is, arguably, the largest third-party DNS Authoritative operator in the world. We manage well over 1 million domains and have registrations in almost every TLD open for registrations. Our role as a DNS operator is to maintain customer information and publish their records in the global DNS. In this blog, we’ll introduce a significant […]
Zero-day in the Fancybox-for-WordPress Plugin
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203koko” injected into the website. We were also directed to a forum thread where users were sharing their concerns and describing similar issues they were experiencing. In analyzing the infected websites, we […]
Advisory – Dangerous “nonce” leak in UpdraftPlus
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF), we detected a “nonce” leak vulnerability that could allow a malicious actor […]
