Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen […]
Tag Archives: Website Security
Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infected web page, they are served questionable ads. Plugin Location The malicious plugins possess a very similar file structure: Injectbody wp-content/plugins/injectbody/ […]
How to Add Security to Your Client’s Websites
Website security has crossed the mind of nearly every website owner. However, as a website security company, we know that most webmasters come to us after the fact, when their website has already been compromised. Once hackers have taken over, website owners regret not having protected it when the website was initially launched. Today, we […]
Formidable Forms / Shortcodes Ultimate Exploits In The Wild
On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation. Over the past couple of weeks, we’ve noticed a large influx in the number of malicious requests testing for the presence of the […]
Why Attackers Hack Small Sites
You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity of stealing your valuables. That’s the same way you can look at website hacking. Leaving your website unprotected is like establishing an open-door policy with hackers, giving them […]
Hacked Websites Mine Cryptocurrencies
Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday in news now. Everyone seems to be trying to jump on this bandwagon. This trend resulted in emergence of online platforms that allow webmasters to install coin miners into their websites as an […]
Malicious Backdoors: Fake Images and Strrev Functions
When a website is compromised, attackers frequently leave behind a backdoor – according to our research around 70% of all website hacks include a backdoor. These backdoors are not designed to attack a website or destroy data, instead they allow an attacker to re-enter a targeted website with little to no authentication, providing them with […]
Creating a Basic Website Security Framework
When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions secure. But what happens if you ignore proper building codes and inspections? The resulting risks to health and security are unacceptable. The same concept applies to how you secure your websites […]
Affiliate Cookie Stuffing in iFrames
Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside an HTML page and can be really useful for embedding interactive applications like Google maps, advertisements and ecommerce applications. iFrame elements are also popular with website attackers because it allows […]
Mining Adminers – Hackers Scan the Internet For DB Scripts
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better […]
