As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a “phisher-man” will try their luck baiting users with fake pages, often in the form of login pages. These copied website pages are cast into […]
Archive | Security
RSS feed for this sectionSecurity Advisory – High severity – WP-Statistics WordPress Plugin
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched Version: 8.3.1 If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall product, we discovered […]
RSS Reveals Malware Injections
There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check for […]
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object Injection Work? Object Injection occurs when raw user input is passed to an unserialize() function call. When this happens, […]
The Art of Website Malware Removal – The Basics
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand the anatomy of the attack and prevent it from happening again. However, there is a less glamorous task that must take place once an attack vector is exploited; that is […]
The Psychology Behind Why Websites Get Hacked
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because everything seems fine, doesn’t mean that the best security practices shouldn’t be followed, or that being safe so far doesn’t grant future invincibility. The question, “Why should I worry?” is heard so […]
Migrating to the Ghost Blogging Platform
For those of you that follow the CloudFlare blog, you’ll know that we try to be prolific. We have industry leaders like Matthew Prince, John Graham-Cumming, Nick Sullivan, and others publishing pieces weekly from the front lines of internet performance and security. We’re also big fans of open source software, which is used in almost […]
The Dangers of Hosted Scripts – Hacked jQuery Timers
Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was moderately popular 5-6 years ago. Right now, […]
Combat Blackhat SEO Infections with SEO Insights
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming more common every day: innocent websites are hacked, and their best pages begin linking to spam. These Blackhat SEO spam tactics are fighting for expensive, high-competition keywords […]
Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to drop a binary browser exploit with .SWF files, infecting the client machine. This time we saw the opposite, where a binary .SWF file injects an invisible iFrame. This is an […]
