The Firewall service deploys various heuristic checks and methods to protect your site. One of our most popular security settings, and questions, utilizes geolocation in order to protect and filter requests made to your site depending on where that user/client is. This setting is our ‘GeoBlock’ feature. How does the firewall GeoBlock? With geolocation information […]
Tag Archives: Website Security
Duplicated Vulnerabilities in WordPress Plugins
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities. SQL Injections in Vulnerable […]
Obfuscated WordPress Malware Dropper
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make it unreadable to the naked eye. In our recent post we demonstrated how the PHP function file_put_contents is used to inject malicious data into a […]
Web Skimmer with a Domain Name Generator
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogletagmanager[.]online/get.php. This approach is pretty typical for skimmers. However, we noticed one interesting feature of the script — […]
OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This specific wave uses the XSS vulnerability to inject malicious JavaScript and redirect visitors to the attacker’s landing page. The malware also detects and leverages existing […]
What is online gambling spam and what can I do about it?
When it comes to online gambling spam, first think about fantasies of fame and fortune. Who hasn’t imagined defying the odds at an exotic casino? Splitting a pair of sevens. Going all in on the flop. Your baccarat dealer declaring, La grande! For most of us, though, a ticket to Monte Carlo and an Aston […]
Analysis of a WordPress Credit Card Swiper
While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection. Typically this type of malware targets dedicated ecommerce platforms such as Magento and Prestashop (due to their focus in handling payment information, which we have documented extensively in […]
Top 10 Hacks & Attacks from 2019
Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the point of infection, up 4% over 2018. SEO spam remained a universal threat, while backdoors allowed hackers to reinfect sites recovering from an initial attack. […]
Analyzing & Decrypting L4NC34’s Simple Ransomware
We’re constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact can be serious if the affected website is the webmaster’s only source of income or a business relies entirely on it’s website and online presence. When the word ransomware is […]
How to Find & Fix the Japanese Keyword Hack
If you’re wondering how to find and fix the Japanese keyword hack, get started by identifying a real-life example. First, open Google Translate, and then get the Japanese characters for the search term buy Ralph Lauren. Copy and paste that into your favorite search engine, and take a look at the results. Your results may […]
