One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. The phishing page prompts victims to provide their payment details to prevent account lockout: What’s interesting about this phishing page is that it selectively targets victims within […]
Tag Archives: Website Security
PCI Compliance, Penetration testing, and the Sucuri WAF
Our support team is often asked, “Can we test our site through the Sucuri Web Application Firewall?” The answer is always yes, with a caveat. Tests that are intended to cause a disruption of the service, such as DoS attacks, are not allowed. We are there to help you if you do come under a […]
Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug
Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you would certainly want to avoid it at all costs, correct? Let’s Encrypt SSL, a certificate authority run by the Internet Security Research Group (ISRG) and responsible for around 116 millions […]
7 Tips for Protecting Your Website
For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security Guide cut through much of the clutter of the threat landscape, some folks might need it simplified even further. Okay, we hear ya. If you’re […]
What is Pharma Hack Spam?
Have you ever seen a website advertising products that seem unrelated to the apparent purpose of the site? Often, this suspicious content is promising pharmacy drugs, available quickly and without a prescription. That’s a classic example of a pharma hack. It’s very important to understand what a pharma hack is and how to stop it […]
Website Vulnerability vs. Malware – What’s the Difference?
To better understand the difference between website malware and vulnerabilities, imagine your online property is a brick-and-mortar structure. You’d want to keep safe from burglars, so you take measures to protect your house, like locked doors and windows, and installing an alarm system. It’s the same thing with website security. But with your online property, […]
How to Find & Remove SEO Spam on WordPress
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis. Without clicking anything (seriously, don’t), take a close look at the results. […]
Is My Site Hacked?
It’s a day every website owner fears. You open the website you’ve poured your time, energy, and money into, only to find your home page looking very different. After your stomach sinks and you take a long gasp, you’ll likely shout out in frustration, “My site has been hacked! What do I do!?” But not […]
SSL Testing Methods
Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser. Some simple online tools provide a fast SSL report. They are SSL configuration checkers, which do not just check a certificate, which is really […]
Abused CloudFlare Workers Service Used to Inject Korean SEO Spam
We were recently contacted by a website owner about some malicious injected spam links that were being indexed by Google’s search engine crawler Googlebot. What was especially frustrating for the website owner was that these spammy links were not being loaded on the website when viewing it from a variety of devices — making it […]
