In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to use them to better account for client website security. In this post I will touch on some of the key areas in a project’s lifecycle that can be leveraged to build stronger […]
Archive | Security
RSS feed for this sectionUnrestricted Backend Login Method Seen in OpenCart
From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them […]
Exploited Script in WordPress Theme Sends Spam
As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code […]
Ask Sucuri: Can Your cPanel Page Be Maliciously Redirected?
Many webmasters may not be aware that hackers are able to maliciously redirect cPanel pages. The specific tactic we describe in this article is unique. Included are recommendations to prevent it, along with other suspicious issues, through logs kept on cPanel servers. A lot of websites owners already know about the .htaccess file (short for […]
Spotlight: How StreetHunters Fixed a Website Hack
Two years ago, we started compiling reviews from Sucuri customers. Today we have over 60 case studies, most of them from web developers and designers. Interestingly enough, we also have a lot of case studies from photographers who run their own websites. Our very first case study came from Spyros Papaspyropolous – street photographer, blogger, […]
Malicious Redirect Injected in Magento One Page Checkout
With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have been targeting Magento installations in order to steal sensitive information like credit card data or PayPal logins, but in this case, promote websites for their monetary gain. Being PCI compliant is becoming increasingly […]
Website Spam Infection via Zip File Upload
Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware. The malware creates doorways for hundreds of random trending keywords – from news to porn. For its templates, it uses mobile pages of some legitimate sites (probably taking into account the latest Google’s “mobile first” approach). Infection Details […]
IPv4 vs IPv6 Performance Comparison – Part 2
A few months ago, we posted an article about the difference between IPv4 and IPv6. Our research team has expanded on those findings with additional performance tests, more domains, and more locations. In addition to assessing the speed and performance, the analysis we are presenting today leverages statistical hypothesis tests to clearly identify winners and […]
Cloned Spam Sites in Subdirectories
In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products – a very bold move. This time around, […]
New Guide on How to Fix Hacked Joomla! Sites
Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! […]
