Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silently. It turns out that the vulnerability was disclosed via some underground forums, this led to a fix by the developers a few weeks later. The developer did not see a need to […]
Archive | Security
RSS feed for this sectionQuick Analysis of a DDoS Attack Using SSDP
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case was that it was a multi-faceted DDoS attack. The first issue we noticed was a Layer 7 – HTTP Flood (DDoS) Attack attack generating thousands of HTTP requests per […]
SXSW Interactive 2015: Vote for CloudFlare’s Submissions
Has your Twitter feed been flooded with “vote for my SXSW panel” tweets? With so much buzz all over the place, we wanted to keep it simple and share all of the presentations and panels affiliated with CloudFlare, in one place. Check out CloudFlare’s presentations and panels below. If our topics interest you, casting a […]
My WordPress Website Was Hacked
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hosting companies. From Virtual Private Servers (VPS) to shared environments, to managed environments. In most instances we pay and configure them like any other consumer would so that we […]
Security Advisory – Akeeba Backup for Joomla!
Advisory for: Akeeba for Joomla! Security Risk: Low Exploitation level: Difficult/Remote Vulnerability: Access control bypass If you’re a user of the very popular “Akeeba Backup for Joomla!” extension (with over 8m downloads), you need to update it right away! During a routine audit for our WAF, we found a vulnerability that could allow an attacker […]
DIY Web Server: Raspberry Pi + CloudFlare
The Raspberry Pi was created with a simple mission in mind: change the way people interact with computers. This inexpensive, credit card-sized machine is encouraging people, especially kids, to start playing with computers, not on them. When the first computers came out, basic programming skills were necessary. This was the age of the Amigas, BBC […]
Tinfoil Security vulnerability scanning now easy in CloudFlare Apps
We’re pleased to introduce a new CloudFlare App: Tinfoil Security. Tinfoil Security is a service designed to find possible web application vulnerabilities. Security is central to CloudFlare’s service. Our security features operate at the network level to identify and block malicious traffic from ever reaching your website or application. However, even with that protection in […]
Thoughts on WordPress Security and Vulnerabilities
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet and Custom Contact Forms drove the bulk of the engagement, but those using WPTouch, TimThumb and vBulletin were also made aware of vulnerabilities. If it […]
Website Malware: Mobile Redirect to BaDoink Porn App Evolving
Recently, we wrote about a malware redirection on this blog where the malware was causing compromised sites to redirect their visitors to pornographic content (specifically, the BaDoink app). You can read more about what we found by going to our previous blog post. As described in the original post, some particular files were infected (examples […]
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required). The vulnerability was disclosed to the plugin developer a few weeks ago, […]
