The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4.X, 5.X. They recommend that anyone using vBulletin apply these patches as soon as possible. Here is part of their announcement: A security issue has been found that affects all […]
What do you do when the world’s attention is on you?
Today’s guest blogger is Rodney Gibbs. Rodney is the CIO of The Texas Tribune, a nonprofit media organization that covers public policy, politics, and government. He and his team recently supported major livestreamed events at South by Southwest (SXSW), a conference that attracts more than 70,000 music, arts and digital media aficionados. A few days […]
Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just this week we put out a post titled More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack. What’s the Big Deal? Remember life before social media? How quiet and […]
WordPress Pingback Attacks and our WAF
At CloudFlare a lot of our customers use WordPress, that’s why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall. WordPress’ ubiquity on the web can make it an ideal target for Layer 7 attacks, and its powerful features as a blogging […]
ECDSA: The digital signature algorithm of a better internet
This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014. At CloudFlare we are constantly working on ways to make the Internet better. An important part of this is enabling our customers to serve their […]
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every website owner. Today I want to talk about a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. Any WordPress site with XML-RPC enabled […]
Joomla Security Updates – Version 2.5.19 and 3.2.3 Released
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to update and apply these patches ASAP to ensure that your site continues to run securely. If you are behind our CloudProxy Firewall, we will virtually patch […]
Highly Effective Joomla Backdoor with Small Profile
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. The things they are doing, and by they I mean the attackers, are in some instance ingenious. I think you’ll agree that […]
CloudFlare Publishes Transparency Report for 2013
On January 27, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security Orders, affording slightly more latitude in how companies could report the number of National Security Orders which they had received. Within several hours, CloudFlare presented its initial Transparency Report on National […]
Sucuri CloudProxy Website Firewall Improvements
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, our team has been extremely focused on improving it everyday. If you are not familiar with CloudProxy, I highly recommend reading some of the documentation and benefits of […]
