When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. But the truth is, hacks don’t often singled out someone. Most of the time, hackers spot a website vulnerability. This is what determines why certain websites are […]
Tag Archives: Website Security
FTP Logs Used to Determine Attack Vector
Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a website has been compromised. Since our job at Sucuri is to clean website malware, we don’t have any access to logs, or what we can […]
Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world — even if their site is not hacked. It all began with a pretty regular sample of an infected WordPress index.php file containing a long, encrypted one-line injection in front of […]
Closed Source E-commerce Platforms Can Be Compromised
These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options. For the most part, these platforms typically allow users to customize a template, as well as add images, videos, and some external content via apps in order to enhance their store and automate some tasks. However, they don’t allow users […]
WordPress Hacks: 5 Ways to Protect WordPress from Hacking
WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking. Statistically, over 33% of websites currently run on WordPress. This post is not a “one size fits all” overview, as there are many other ways to protect WordPress from hacking. Here at Sucuri, […]
PHP Backdoor Evaluates XOR Encrypted Requests
In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code. This operator makes it more difficult to determine if encrypted code is malicious, or if it is trying to protect a legitimate developer’s code. However, that’s not the only way […]
Return to the City of Cron – Malware Infections on Joomla and WordPress
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites This […]
.htaccess Injector on Joomla and WordPress Websites
During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website, injected into all .htaccess files and redirecting visitors to the http[:]//portal-f[.]pw/XcTyTp advertisement website. Taking a Look at the .htaccess Injector Code Below is the code within the ./modules/mod_widgetread_twitt/ index.php file […]
Slimstat: Stored XSS from Visitors
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser and operating system details, plus page visits to optimize the website analytics. Versions below 4.8.1 are affected by an unauthenticated stored XSS on the administrator […]
W97M/Downloader Malware Dropper Served from Compromised Websites
W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a year, which serves as a doorway to Vawtrak and Dridex banking trojans. This malware campaign targets a wide array of users via their operating system and browser to deliver the […]
