Fake Google chrome update malware, often associated with the notorious SocGholish infection, is something that we have been tracking for a number of years. It is one of the most common types of website malware. It tricks unsuspecting users into downloading what appears to be an update to their Chrome browser, but is actually a […]
Tag Archives: Website Security
Shifting Malware Tactics & Stealthy Use of Non-Executable .txt & .log Files
The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware nestled within JavaScript or PHP files, which can be directly executed by browsers or servers. However, we’re encountering more and more instances of malware that use code from non-executable files […]
What is HSTS: HTTP Strict Transport Security
HSTS or HTTP Strict Transport Security is a protocol that can make it more difficult for attackers to modify or intercept traffic between a user and your website. Understanding what HSTS is and how it functions is crucial for anyone keen on protecting their site, as proper implementation can help to ensure that your website’s […]
Password Security & Password Managers
In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a lax approach to their sensitive credentials. Weak passwords make it easier for bad actors to […]
How to Find & Fix Japanese SEO Spam
Japanese SEO Spam, also known as “Japanese keyword hack” or “Japanese SEO poisoning,” is a spammy search engine optimization technique used by black hat SEO artists to make a website show up in search engine results for spam keywords in Japanese language when they shouldn’t. In this post, we’ll detail what Japanese SEO spam is, […]
How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect your site’s SEO because search engines like Google flag sites without an HTTPS (HyperText Transfer […]
Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning of 2023, this malware campaign had expanded to over a hundred domain names to redirect traffic to low quality Q&A sites and monetize traffic via Google AdSense. In fact, since […]
How to Quickly Find & Fix Mixed Content Issues (SSL/HTTPS)
With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content issues and warnings. In this post, we’ll take a look […]
Why WordPress Gets Hacked
A question we frequently get from new users as they’re onboarding is: why does WordPress get hacked? Of course, this question makes sense in this context; it’s extremely frustrating to find out that your WordPress website has been compromised and you need to tackle an infection or increase security controls. Surely you’d want to understand […]
From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of UDP packets, bruteforce tools trying to guess SSH credentials, phishing and credit card skimming malware […]
