At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, advice can often be too broad; different content management systems (CMS) exist in this ecosystem and each require a unique security configuration. That’s exactly why the Sucuri Firewall contains an application profiling engine that adapts to the CMS and regular […]
Tag Archives: Website Security
New Malware Variants Serve Bogus CloudFlare DDoS Captcha
When attackers shift up their campaigns, change their payload or exfiltration domains, and put some extra effort into hiding their malware it’s usually a telltale sign that they are making some money off of their exploits. One such campaign is the fake CloudFlare DDoS pages which we reported on last month. The attack is simple: […]
How to Fix Google Ads Disapproved Due to Malicious Software
It’s estimated that 98.5% of sites who advertise use Google Ads to generate revenue and bring in traffic. That’s a hefty number of websites who leverage the popular platform to publish and serve ads. And while most webmasters are keenly aware that a hack can significantly impact your site’s revenue and organic rankings, malicious code […]
A Guide to Virtual Patching for Website Vulnerabilities
All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and try to attack it. That’s why keeping your website up-to-date with the latest patches and […]
Magento Supply Chain Attack Targets Extension Developer FishPig
Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a detailed security announcement on September 13th, 2022. The attack is estimated to have occurred on or before August 19th of this year so any eCommerce stores which have installed FishPig […]
Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly find on compromised sites involves spammy links hidden inside a with the following style “overflow:hidden;height:1px” that makes them invisible to a regular site visitor. Our […]
What Is Clickjacking and How Do I Prevent It?
There are a plethora of techniques that attackers use to redirect site visitors and harvest sensitive information on compromised websites. But when most webmasters think about securing their website, they often don’t think about how attackers can inject clicks on it from another site. In today’s article, we’ll explain what clickjacking is, outline the types […]
How Are Favicon (.ico) Files Used in Website Malware?
When a website is hacked symptoms can sometimes include unexpected, unfamiliar and strangely located favicon or .ico files. Other symptoms might include: ”This site may be hacked” warnings Strange redirects to spam websites Blocklisting by Google, Bing and other search authorities Randomly named folders containing spam files and big spam sitemaps If you’re experiencing these […]
What Is a 500 Internal Server Error & How to Fix It
A frustrating interruption to anyone’s day is the infamous 500 internal server error. When it happens not only do you lose traffic or potential site revenue, but it can also reflect badly on your site’s reputation and even affect your Google rankings. Furthermore, 500 server errors can sometimes be an indicator of compromise — the […]
WordPress Vulnerabilities & Patch Roundup — August 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
