Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden iframes that deliver spam-seo or other malware as easy to spot. Take this injection, for example (Thanks to Sucuri team member, Rafael C., for the sample): This is not a traditional iframe src=’http://… code, […]
Tag Archives: sucuri
Desktop AVs and Website Security
Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all attacks, but from where we sit, that’s really just half the story. Does Brian mean that antivirus defenses–also know as “AV”– are useless? Probably not. Just like you should […]
Watch a Layer 7 DDOS Attack – WordPress Security
A few weeks back we reported on very large Layer 7 DDOS attacks within the WordPress ecosystem. Today we decided to provide you a little illustration of what that looks like. Remember, there is a big difference between Brute Force and Denial of Service attacks, this is specifically for a large DDOS attack involving 40k […]
Does Sucuri work with my host? Yes, Yes we do.
We’ve been scanning and removing malware from websites for years, and in this time frame we have seen the website security domain grow by leaps and bounds. Over the same period, the ubiquity of the internet has reached to all corners of the globe, and the number of websites worldwide has skyrocketed (estimated at 955 […]
SiteCheck Extended – Making It Easier to Scan Your Websites
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and other similar indicators of a compromised website. It is widely used by Webmasters to verify if their sites have not been compromised or blacklisted. And now we’re extending it to other platfroms, […]
AdSense Blackmail – Hacking Websites for Profit
We deal with different types of malware injections and compromises everyday and the most common question our clients ask us is, “Why me? Why my small little site?” There are so many answers to this question. In some cases, someone may attack a site for fun, they may do so in the name of “Hacktivism” […]
PHP Callback Functions: Another Way to Hide Backdoors
We often find new techniques employed by malware authors. Some are very interesting, others are pretty funny, and then there are those that really stump us in their creativity and effectiveness. This post is about the latter. Everyone who writes code in PHP knows what the eval() function is for. It evaluates a string as […]
Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware
As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will also […]
Thumb Wars: Sucuri Acquires Google Webmaster Tools
Today Sucuri unofficially acquires Google Webmaster Tools. In an effort to combine forces of good, Sucuri officials challenged Google to a thumb wrestling war. Here is a breakdown of the event. Over The Top In a best-of-5 style tournament, the competition got heated. The underdog had fought well, and stayed in it to win it, […]
Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just this week we put out a post titled More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack. What’s the Big Deal? Remember life before social media? How quiet and […]