Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a few different attacks targeting the vulnerability. Interestingly enough, the attacks themselves seem to be targeted against specific customers and not mass blanket attacks, which is what you’d expect when these typeRead […]
Tag Archives: Website Attacks
Hacked Websites Redirect to Porn from PDF / DOC Links
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we’ll tell you about yet another interesting black hat SEO attack that we’ve been watching for the last year. Let’s begin with symptoms: When peopleRead […]
Analyzing Proxy Based Spam Networks
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven’t shared, however, is the idea of Proxy-based Spam Networks (PSN). It’s not because it wasn’t interesting, it’s just not something we’d seenRead […]
WordPress Brute Force Attacks – 2015 Threat Landscape
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker set up a test server and chose a very weak root password. A few days later, the box was compromised and the attackers installedRead […]
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search Console (formerly Webmaster Tools). Google Search Console provides really useful information and tools to webmasters who want to: Know how their websites perform in search results. Receive notification about performance, configuration and securityRead […]
Analyzing Popular Layer 7 Application DDoS Attacks
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken down and kept offline because of them. Even over-provisioned servers can be taken offline by the smallest of DDoS attacks; caused by IP addresses being null routed byRead […]
FunWebProducts UserAgent Bloating Traffic
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an educated guess. Our main business is preventingRead […]
Common Website Security Terminology Defined
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabilities and access control issues are two of the main causes of website infections, and in this post we will define some of the terminology used to describe them. WeRead […]
JetPack and TwentyFifteen Vulnerable to DOM-based XSS – Millions of WordPress Websites Affected
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact countRead […]
Critical Persistent XSS 0day in WordPress
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s affected If your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s databaseRead […]