Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU, which is not unusual when a cryptominer process is running without any throttling. Below is an example of what this kind of process looks like when using the ps -aux […]
Tag Archives: Website Security
Lightbox Adware – From Innocent Scripts to Malicious Redirects
It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the worse quite easily. What if other scripts start behaving the same? What if they start to use your website to spread ransomware? Visitors Redirected to Random Websites on Mobile Recently, […]
Why Do Hackers Hack? – 3 Reasons Explained
When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. But the truth is, hacks don’t often singled out someone. Most of the time, hackers spot a website vulnerability. This is what determines why certain websites are […]
FTP Logs Used to Determine Attack Vector
Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a website has been compromised. Since our job at Sucuri is to clean website malware, we don’t have any access to logs, or what we can […]
Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world — even if their site is not hacked. It all began with a pretty regular sample of an infected WordPress index.php file containing a long, encrypted one-line injection in front of […]
Closed Source E-commerce Platforms Can Be Compromised
These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options. For the most part, these platforms typically allow users to customize a template, as well as add images, videos, and some external content via apps in order to enhance their store and automate some tasks. However, they don’t allow users […]
WordPress Hacks: 5 Ways to Protect WordPress from Hacking
WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking. Statistically, over 33% of websites currently run on WordPress. This post is not a “one size fits all” overview, as there are many other ways to protect WordPress from hacking. Here at Sucuri, […]
PHP Backdoor Evaluates XOR Encrypted Requests
In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code. This operator makes it more difficult to determine if encrypted code is malicious, or if it is trying to protect a legitimate developer’s code. However, that’s not the only way […]
Return to the City of Cron – Malware Infections on Joomla and WordPress
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites This […]
.htaccess Injector on Joomla and WordPress Websites
During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website, injected into all .htaccess files and redirecting visitors to the http[:]//portal-f[.]pw/XcTyTp advertisement website. Taking a Look at the .htaccess Injector Code Below is the code within the ./modules/mod_widgetread_twitt/ index.php file […]
