Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key. The world was up to the task: two people independently retrieved private keys using the Heartbleed exploit. The first valid submission was received at 16:22:01PST by Software […]
Jetpack for WordPress: automatic protection
As we’ve said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent. Jetpack is an extremely popular plugin to provide self-hosted blogs with all of the additional functionality that WordPress provide to sites hosted with […]
Critical Update for JetPack WordPress Plugin
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to bypass the site’s access control and publish posts on the site. All versions of JetPack since October, 2012 (Jetpack 1.9) are vulnerable, and all users should update to version 2.9.3 […]
Patching The Heartbleed OpenSSL Vulnerability
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are now covering the story, and we recommend reading their articles to understand the scope of what is happening and the impact of the threat: Critical crypto bug in OpenSSL opens […]
Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware
As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will also […]
Thumb Wars: Sucuri Acquires Google Webmaster Tools
Today Sucuri unofficially acquires Google Webmaster Tools. In an effort to combine forces of good, Sucuri officials challenged Google to a thumb wrestling war. Here is a breakdown of the event. Over The Top In a best-of-5 style tournament, the competition got heated. The underdog had fought well, and stayed in it to win it, […]
JCE Joomla Extension Attacks in the Wild
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content Editor) vulnerability. JCE is a very popular component that can be found enabled on almost any Joomla site. It has had a few serious vulnerabilities in the past (around 2011 […]
Unmasking “Free” Premium WordPress Plugins
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for premium plugins. Premium plugins are especially popular when they help blogs make money: eCommerce, SEO, affiliate and customer management, and so on. Such plugins may be really great and […]
Windigo Linux Analysis – Ebury and Cdorked
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thousands of Linux servers over the years. When you hear terms like Ebury, CDorked, Calfbot and others, they are all related to each other. Over the last few years, our team […]
How to ensure your server’s software stays secure?
At CloudFlare, security is on the top of our minds. We are always looking for ways to better secure the data we are entrusted with and improve the security of our customers’ websites. With this in mind, Nick Sullivan, one of our system engineers, will hold a security-themed webcast this Thursday. Some of you may […]
