Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig deeper and conduct a complete investigation. A license key is a place where a webmaster might not expect to find an infection, however, in this particular […]
Tag Archives: wordpress themes
Backdoor Uses Paste Site to Host Payload
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to […]
Google and Facebook Used in Phishing Campaigns
We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam messages are designed to be deceiving. They use methods that appear valid or of some urgent matter, encouraging its victim to hand over their data. Phishing […]
Unwanted Ads via Baidu Links
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented asUpdates at the bottom of the original blog post, however, every week we see minor modifications in the way they obfuscate the scripts or the files they inject them into. […]
New WordPress Security Guide
WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target for malicious hackers that are looking for vulnerabilities to exploit. If an attacker is able to gain unauthorized access into an insecure website, they can leverage valuable resources […]
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks. Typical injected scripts look like this: <s cript type='text/javascript' src='hxxps://con1.sometimesfree[.]biz/c.js’> […]
Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites helped to investigate this case. Shorte[.]st is a service that hijacks links, […]
Exploited Script in WordPress Theme Sends Spam
As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code […]
How To Create Your Own Social Network With WordPress
by Brenda Barron Who today hasn’t heard of Facebook? Facebook has now become the number one social network in the world and it has 665 million active users on average each day as was recorded on March 31st 2015 and disclosed by Facebook. Every month, around 751 million people use Facebook from mobile devices alone. It […]