Many webmasters may not be aware that hackers are able to maliciously redirect cPanel pages. The specific tactic we describe in this article is unique. Included are recommendations to prevent it, along with other suspicious issues, through logs kept on cPanel servers. A lot of websites owners already know about the .htaccess file (short for […]
Tag Archives: Redirects
Malicious Redirect Injected in Magento One Page Checkout
With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have been targeting Magento installations in order to steal sensitive information like credit card data or PayPal logins, but in this case, promote websites for their monetary gain. Being PCI compliant is becoming increasingly […]
Website Spam Infection via Zip File Upload
Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware. The malware creates doorways for hundreds of random trending keywords – from news to porn. For its templates, it uses mobile pages of some legitimate sites (probably taking into account the latest Google’s “mobile first” approach). Infection Details […]
WordPress Hack Modifies Core Files to Share Spam
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even website owners with the best intentions can lose control of their website. When hackers gain access to your site, they can use it to host phishing content, distribute malware, steal… […]
Fake FreeDNS Used to Redirect Traffic to Malicious Sites
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads, spam and malicious downloads. One of our security analysts, Andrey Kucherov, did some research in conjunction with our research team to find what was going on. In all cases the redirect… […]
New Wave of the Test0/Test5.com Redirect Hack
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down but the attackers returned with a new wave of site infections and the new redirecting domain – test5 .xyz (registered just a fewRead […]
WordPress Redirect Hack via Test0.com/Default7.com
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / test246 .com domains. In this post, we’ll provide you with a review of this attack, investigated by our malware analyst, John Castro. Header.php Injection In all cases, theRead […]
My Website Was Blacklisted By Google and Distributing Email Spam
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning page can literally destroy any online business, I am speaking from personal experience before joining the Sucuri team. When a website is blacklisted, users are unable toRead […]
Website Malware – Curious .htaccess Conditional Redirect Case
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting investigations. Take a look at this last one we identified: The curious aspect about it is the usage of a not so common .htaccess feature: variables. Most conditional injections rely […]
Is my website hacked? If you have to ask then, “Yes.”
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot because it usually looks almost exactly like legitimate code. Oftentimes, a website owner won’t know their site is hacked with a phishing scam until site visitors […]