Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF), we detected a “nonce” leak vulnerability that could allow a malicious actor […]
Creative Evasion Technique Against Website Firewalls
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win and surely there had to be a way through the existing evasion controls. This post is going to be a bit code-heavy for most end-users, […]
8 Keys to Creating More Meaningful Content
A new take on those symbols! 8 Keys to Creating More Meaningful Content by Barry Feldman Hello ! @ # $ % ^ & * I was staring at my keyboard when I got the idea for this post. And there they were, right in front of my eyes and at my fingertips: eight keys […]
Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selling luxury goods. Most of the time this involves injecting hundreds of spam links into the site’s database but in this case a deceptive, fake plugin called mobile-shortcuts was able […]
DNSSEC Done Right
This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare. I’ve been working on DNSSEC evolution for a long time as implementor, IETF working group chair, protocol experimenter, DNS operator, consultant, and evangelist. These different perspectives allow me to look at the protocol in a holistic way. […]
How to Use Google Webmaster Tools to Improve Your Website
Don’t have any idea what Google Webmaster tools can do for you? Here is a good article from Elegant Themes that explains the things that you need to know. How to Use Google Webmaster Tools to Improve Your Website by Brenda Barron Google has been collecting data about websites for a long time. They use […]
Critical “GHOST” Vulnerability Released
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security researchers and will probably cause a lot of headaches to those who won’t update right away. Where does the issue come from? This is a buffer overflow issue in glibc’s function __nss_hostname_digits_dots(), which is […]
DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we thought it was a Distributed Denial of Service (DDoS) attack, mainly due to the high concentration of requests (thousands per second). Looking further however, it actually seemed like […]
How to Block a WordPress User Without Deleting Their Account
Here is another trick that you can add in you arsenal. How to Block a WordPress User Without Deleting Their Account Did you ever want to block a user from logging into WordPress? The simplest way to accomplish this is by deleting the user profile. The downside is that will move all content written by […]
16 Plugins to Help You Communicate With Your Users
by Rachel McColli A website is a communications tool. You create one to communicate with visitors, and to give them somewhere they can communicate with you. Whether your site is for blogging, marketing, selling, fundraising or passing on information, one of your key concerns will be making sure you can communicate with your visitors to […]
