Try to remember what you ate for lunch yesterday. It took you about 3-5 seconds, right? Ok. Now recall that memory once more. Took you less than a second this time, for sure. You remembered much faster the second time around because you didn’t have to “query” that information again from your brain’s “storage”. The […]
Tag Archives: Website Security
The Story of an Expired WHOIS Server
We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into the WHOIS results for a domain name. If you are not familiar with “WHOIS“, it is a protocol used to check who owns a specific domain name. These simple text […]
Website Application Firewalls (WAF) – Practical Approach to Website Security
In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate between the types of firewalls they might encounter. Today, I will shift my focus specifically to website application firewalls (WAF). WAFs are not new, but […]
WordPress Performance Optimization Guide
Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordPress websites. Many website owners are not aware how slow their sites are, so we are excited to help shed some light on the matter. There are a number of different […]
vBulletin Malware – When Hackers Compete for Backdoor Control
A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had a PHP-based backdoor hidden within the site. Attackers experiment with various techniques and types of malware to abuse server resources and distribute spam […]
Injection of Unwanted Google AdSense Ads
During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It’s not […]
Hacked Website Report – 2016/Q3
Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of over 8,000 infected websites. This […]
Website Malware Targets Mobile Platforms
Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility of harmful mobile malware. The increase in mobile internet browsing has prompted attackers to adapt their techniques, targeting mobile-specific platforms and distributing spam and […]
PrestaShop Attack Steals Login Credentials
Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources or gain SEO power, and in others they are seeking access to sensitive data, also known as data exfiltration. The Rise in Cyber Stealing Lately we’ve noticed an increase […]
Ask Sucuri: How to Stop Brute Force Attacks?
Ask Sucuri: My site is under a brute force attack. What can I do? How can we solve this password guessing problem known as brute forcing? This is a common question we get from users of our WordPress plugin and from the overall community. Brute force attacks are very common, but most people do not […]
