A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites. While it doesn’t actually kill the Magento installation, it does allow the attacker to modify data in the core_config_data table of the targeted Magento database. $ConfKiller: Malicious Operations Used to Steal Payment Info During the initial […]
Tag Archives: Website Security
7 Things You Should Monitor in WordPress Activity Logs
WordPress activity logs can be helpful when troubleshooting or trying to identify a hack. In this article, you’ll learn about the seven things you should monitor in your WordPress logs. Over the years, WordPress has grown more complex. WordPress is used by people in a variety of environments, ranging from small shops to large enterprises. […]
Spam That Fits Your Website
Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to drugs, accessories, or essays. But what if a hacker tried to convince your clients to click on malicious links based on the content of your website? A Customized Spam Campaign […]
WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations
The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7. This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable. Timeline 2019/06/26 – Initial contact to the developer. 2019/06/27 – Response from the developer, disclosure of […]
How to Know If You Are under DDoS Attack
Nowadays, DDoS is a pretty recognizable term. Though many webmasters don’t know exactly what a DDoS attack is—its method is very subtle to identify—they’re pretty sure it’s a bad thing. And that’s a correct assumption. In this article, we will focus on how to know if your website is under attack and how to protect […]
Fake Instagram Verification
Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our our Twitter page: These verification checkmarks exist as a credibility indicator to help show authenticity and integrity to social media page visitors. In order to […]
Why is Your Website a Target? The SEO Value of a Website
Website security is what we eat, sleep, and breathe. It’s what we do best because we deal with hacked websites every single day, thousands of them. Among the various types and evolution in attack scenarios, one has remained the same for all these years—spam infections. A spam infection could be a serious problem for online […]
Malware vs Virus: What’s the Difference?
There appears to be a general misunderstanding among internet users about the difference between malware and viruses. The two terms are often used interchangeably and to an extent, this is perfectly fine. This article seeks to clarify the difference between them while helping to identify other common types of malware. We spend a lot of […]
Cryptomining Dropper and Cronjob Creator
Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU, which is not unusual when a cryptominer process is running without any throttling. Below is an example of what this kind of process looks like when using the ps -aux […]
Lightbox Adware – From Innocent Scripts to Malicious Redirects
It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the worse quite easily. What if other scripts start behaving the same? What if they start to use your website to spread ransomware? Visitors Redirected to Random Websites on Mobile Recently, […]
