Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We’ve seen Google talk about giving SSL a ranking boost and flagging non-HTTPS websites within the browser (Chrome) as insecure. We have also seen various organizations take the call to arms – with StartSSL offering free SSLRead […]
Tag Archives: website firewall
SEO Spam Technique Designed to Avoid Detection
Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you recall when most sites used clashing colors, font types, and animated gifs? It seems that website spammers haven’t forgotten those days. We often find spam hidden inRead […]
Ask Sucuri: Differentiate Between Security Firewalls
Question: How should a website owner differentiate between Firewalls? What do they do? The term “firewall” is not new. It is common terminology in the world of technology and security, and possibly common enough that even non-technical people have a basic understanding of what a firewall is. Its meaning actually extends beyond security. The brick walls thatRead […]
Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone
Last year we partnered and sponsored the LetsEncrypt initiative. Today we’re happy to announce that we have fully integrated with them and we are now offering their free SSL Certificates to all customers who leverage the Sucuri Firewall. We’re very excited about this integration and we have mass-enabled their certificates for all of our customers that didRead […]
The Risks of Hiring a Bad SEO Company
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO). We recently received a report from one our clients claiming that their website was experiencing a DistributedRead […]
Increased Popularity in DDoS Extortion Campaigns
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different cyber crime groups, including DD4BC, Armada Collective and a few more unnamed ones. These DDoS extortion attempts are starting to exploit smaller websites that may be less able to defendRead […]
Sucuri += HTTP/2 — Announcing HTTP/2 Support
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already supports HTTP/2 (including this blog) and we will be rolling out HTTP/2 to all account dashboards very soon. We have always supported SPDY (the HTTP/2 predecessor) and decided to upgradeRead […]
Brute Force Amplification Attacks Against WordPress XMLRPC
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most likely being hit right now. It could be via protocols like SSH or FTP, and if it’s a web server, via web-based brute force attempts againstRead […]
Analyzing Popular Layer 7 Application DDoS Attacks
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken down and kept offline because of them. Even over-provisioned servers can be taken offline by the smallest of DDoS attacks; caused by IP addresses being null routed byRead […]
Malicious Google Analytics Referral Spam
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems. If you use analytics software on yourRead […]