Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side… […]
Tag Archives: Website Security
Product Update: Sucuri Firewall in Tokyo, Japan
For the last couple of years, we have been transitioning the Sucuri Firewall (WAF) away from the cloud and expanding it to run on top of our own Anycast content delivery network (CDN). We provide security for websites using our service and felt we needed to couple the performance benefits of a CDN with the… […]
IoT Home Router Botnet Leveraged in Large DDoS Attack
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distributed across 47,000 IP addresses and has been pushing over 120,000 HTTPS requests per second (RPS) to the website. Unlike volumetric attacks that target the network link (measured in… […]
PCI for SMB – Requirement 2- Do Not Use Defaults
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card Industry – Data Security Standard) is a standard containing series of security requirements that every merchant, big or small, must follow to be in compliance. PCI was created… […]
The Growing DDoS Threat to Website Owners
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The monetization potential of attacking websites continues to grow exponentially as more website come online (currently estimated to be over a billion live sites). With this evolution comes new tactics that we’ve… […]
Phishers Abuse Hosting Temporary URLs
Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar trick used by phishers. Phishing web pages get blacklisted very fast. That’s why hackers need to purchase many domains or compromise many websites so that they can point… […]
Website Hacked Trend Report – 2016/Q1
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our customers in an effort to identify and remove website infections to include malware, SEO spam and a number of other malicious actions attackers take once successfully penetrating a websites defenses.Read […]
Secure Coding: How to Account for Input Sanitization
On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website’s functionality and in some instances extend the applications core capabilities. It’s great for website owners because they can pick and choose from different plugins and check which ones better fit their personal blog or businesses. On the otherRead […]
Domain Validation: SSL’s Other Job
SSL certificates are a hot topic today. Website owners are becoming increasingly aware that collecting information on non-HTTPS secured pages is a bad idea and the larger web ecosystem is definitely moving in the direction of full web encryption. Google has indicated they’re giving a ranking boost to HTTPS encrypted sites with heavier rankings likelyRead […]
Ask Sucuri: What is an XSS Vulnerability?
Question: What is an XSS vulnerability? Should I be concerned about an XSS vulnerability? XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser toRead […]
