Posts by Category

Security

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

The Importance of Website Logs

less than 1 minute read

As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...

Add Security to Your Website Agency Portfolio

less than 1 minute read

As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you...

Googlebot or a DDoS Attack?

less than 1 minute read

A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...

Improvements to SiteCheck Website Scanner

less than 1 minute read

<p>SiteCheck is Sucuri’s free website malware and security scanner offered to anyone who wants to scan their websites for malware and blacklist status....

OWASP Top 10 Security Risks – Part V

less than 1 minute read

<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...

OWASP Top 10 Security Risks – Part IV

less than 1 minute read

<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...

New Year Tips from Security Professionals

less than 1 minute read

<p>Have you included website security as a part of your new year’s resolutions for 2019?</p> Here is a quick retrospective on tips some of our te...

My Website Was Hacked on Christmas Eve

less than 1 minute read

<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...

Clever SEO Spam Injection

less than 1 minute read

<p>It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly i...

Naughty or Nice Websites

less than 1 minute read

<p>Santa Claus is coming! Was your website naughty or nice this year?</p> Here is a quick checklist of the top 10 bad things that can harm your w...

OWASP Top 10 Security Risks – Part III

less than 1 minute read

<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...

Using Innocent Roles to Hide Admin Users

less than 1 minute read

<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...

What is Phishing?

less than 1 minute read

<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...

Fear, Uncertainty, and Doubt

less than 1 minute read

<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...

Navigating Data Responsibility

less than 1 minute read

<p>As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made availa...

Real-Time Fine-Tuning of the WAF via API

less than 1 minute read

<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...

Hackers Change WordPress Siteurl to Pastebin

less than 1 minute read

<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...

10 Tips to Improve Your Website Security

less than 1 minute read

<p>Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management s...

New WordPress Security Email Course

less than 1 minute read

<p>Recent statistics show that over 32% of website administrators across the web use WordPress.</p> Unfortunately, the CMSs popularity comes at a...

Website Security Tips for Marketers

less than 1 minute read

<p>In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some secur...

Web Marketers Should Learn Security

less than 1 minute read

<p>Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills...

Saskmade[.]net Redirects

less than 1 minute read

<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...

OWASP Top 10 Security Risks – Part II

less than 1 minute read

<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...

Creating a Response Plan You Can Trust

less than 1 minute read

<p>As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficul...

Security Monitoring Saves the Day

less than 1 minute read

<p>For the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security p...

Obfuscated JavaScript Cryptominer

less than 1 minute read

<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...

OWASP Top 10 Security Risks – Part I

less than 1 minute read

<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...

October Cybersecurity Month

less than 1 minute read

<p>Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance ...

SSL vs. Website Security

less than 1 minute read

<p>Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site gene...

Backdoor Uses Paste Site to Host Payload

less than 1 minute read

<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...

Outdated Duplicator Plugin RCE Abused

less than 1 minute read

<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...

Unsuccessfully Defaced Websites

less than 1 minute read

<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...

WordPress Database Upgrade Phishing Campaign

less than 1 minute read

<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...

Core Integrity Verifications

less than 1 minute read

<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...

Fake Font Dropper

less than 1 minute read

<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...

Switching to HTTPS Before It’s Too Late

less than 1 minute read

<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...

Persistent Malicious Redirect Variants

less than 1 minute read

<p>It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if yo...

What are Website Backdoors?

less than 1 minute read

<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...

Magento Credit Card Stealer Reinfector

less than 1 minute read

<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...

The Importance of Website Backups

less than 1 minute read

<p>Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is do...

How APIs Can Streamline Your Operations

less than 1 minute read

<p>Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens...

Shell Logins as a Magento Reinfection Vector

less than 1 minute read

<p>Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following fi...

The Impacts of a Data Breach

less than 1 minute read

<p>Have you ever wondered what happens if your e-commerce site is breached?</p> Usually, when you think about data breaches, you think about big ...

What is PCI Compliance?

less than 1 minute read

<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...

Massive localstorage[.]tk Drupal Infection

less than 1 minute read

<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...

A Puzzling Backdoor Upload

less than 1 minute read

<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...

Analysis of a Malicious Blackhat SEO Script

less than 1 minute read

<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...

From Baidu to Google’s Open Redirects

less than 1 minute read

<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...

Malicious Activities with Google Tag Manager

less than 1 minute read

<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...

Content Security Policy

less than 1 minute read

<p>As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks...

Unwanted Ads via Baidu Links

less than 1 minute read

<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...

Hacked Website Trend Report – 2017

less than 1 minute read

<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...

Obfuscation Through Legitimate Appearances

less than 1 minute read

<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...

What is Virtual Hardening?

less than 1 minute read

<p>If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of pr...

GitHub Hosts Lokibot Infostealer

less than 1 minute read

<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered t...

Intro to Securing an Online Store – Part 2

less than 1 minute read

<p>Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These ...

The Impacts of Zero-Day Attacks

less than 1 minute read

<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...

New Guide on How to Clean a Hacked Website

less than 1 minute read

<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...

Wikipedia Page Review Reveals Minr Malware

less than 1 minute read

<p>Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag...

Sucuri Website Backups Product Update

less than 1 minute read

<p>We’re excited to be sharing some changes we’ve recently pushed for our Website Backups product.</p> If you’re not familiar with this feature, ...

What is a WAF?

less than 1 minute read

<p>Have you ever wondered what WAF means?</p> WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your...

Deprecating SPDY

4 minute read

Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...

The Curious Case of Caching CSRF Tokens

15 minute read

<p>It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, th...

Malicious Cryptominers from GitHub

less than 1 minute read

<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...

Make SSL boring again

7 minute read

It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...

The New DDoS Landscape

13 minute read

<p>News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? Th...

Living In A Multi-Cloud World

7 minute read

<p>A few months ago at Cloudflare’s Internet Summit, we hosted a discussion on A Cloud Without Handcuffs with Joe Beda, one of the creators of Kubernet...

SQL Injection in bbPress

less than 1 minute read

<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...

Privacy Pass - “The Math”

17 minute read

<p>This is a guest post by Alex Davidson, a PhD student in Cryptography at Royal Holloway, University of London, who is part of the team that developed...

Why Attackers Hack Small Sites

less than 1 minute read

<p>You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity...

New WordPress Security Guide

less than 1 minute read

<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...

Cryptominers on Hacked Sites – Part 2

less than 1 minute read

<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...

Malware Serving SEO Spam from External Sites

less than 1 minute read

<p>We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to ...

Cloudflare London Meetup Recap

1 minute read

<p>Cloudflare helps make over 6 million websites faster and more secure. In doing so, Cloudflare has a vast and diverse community of users throughout t...

A New Cybersecurity Strategy for Europe

3 minute read

October is European Cybersecurity Month, an annual advocacy campaign to raise awareness of cyber risks among citizens and businesses, and to share best pract...

Hacked Websites Mine Cryptocurrencies

less than 1 minute read

<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...

A Cloud Without Handcuffs

4 minute read

Brandon Philips, Co-Founder & CTO, CoreOS, and Joe Beda, CTO, Heptio, & Co-Founder, Kubernetes

Creating a Basic Website Security Framework

less than 1 minute read

<p>When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions ...

Affiliate Cookie Stuffing in iFrames

less than 1 minute read

<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...

Intro to Securing an Online Store

less than 1 minute read

<p>Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make t...

Evasion Techniques in Phishing Attacks

less than 1 minute read

<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...

Personal Security Guide – iOS/Android

less than 1 minute read

<p>We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with pers...

Decoding Complex Malware – Step-by-Step

less than 1 minute read

<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...

How to use Cloudflare for Service Discovery

5 minute read

Cloudflare runs 3,588 containers, making up 1,264 apps and services that all need to be able to find and discover each other in order to communicate -- a pro...

Labs Notes Monthly Recap – June/2017

less than 1 minute read

<p>This month, our Malware Research and Incident Response teams wrote about redirects that deliver malware and ads to visitors, as well as a backdoor m...

Code Injection in Signed PHP Archives (Phar)

less than 1 minute read

<p>PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications...

How to make your site HTTPS-only

2 minute read

<p>The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla re...

A container identity bootstrapping tool

9 minute read

Everybody has secrets. Software developers have many. Often these secrets -- API tokens, TLS private keys, database passwords, SSH keys, and other sensitive ...

SQL Injection Vulnerability in WP Statistics

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....

When Your Plugins Turn Against You

less than 1 minute read

<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...

Phishing Targeting Sucuri Customers

less than 1 minute read

<p>We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the iss...

Labs Notes Monthly Recap – May/2017

less than 1 minute read

<p>Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on tre...

Personal Security Guide – WiFi Network

less than 1 minute read

<p>This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic appr...

Reflections on reflection (attacks)

14 minute read

Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 20...

Personal Security Guide – Online Accounts

less than 1 minute read

<p>In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to ...

Personal Security Guide – Web Browsers

less than 1 minute read

<p>If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute f...

SQL Injection Vulnerability in Joomla! 3.7

less than 1 minute read

<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...

Anonymity and Abuse Reports

8 minute read

Last Thursday, ProPublica published an article critiquing our handling of some abuse reports that we receive. Feedback from the article caused us to reevalua...

Labs Notes Recap – Apr/2017

less than 1 minute read

<p>This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on s...

IoT Security Anti-Patterns

5 minute read

<p>From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can b...

Sucuri Firewall Dashboard Update

less than 1 minute read

<p>If you are a customer of ours, you may have noticed the recent updates we’ve made to our dashboard. These changes enhance your ability to manage the...

How to Use Splunk with Sucuri Audit Trails

less than 1 minute read

<p>The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there i...

The Principle of Least Privilege

less than 1 minute read

<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...

Sucuri Monitoring Dashboard Update

less than 1 minute read

<p>We are happy to share some big changes to the monitoring dashboard. The Sucuri Platform features a monitoring dashboard that provides information re...

Introducing SSL for SaaS

12 minute read

If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. Your custo...

Labs Notes Monthly Recap – Mar/2017

less than 1 minute read

<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT).</p> Sucuri ...

Malicious Subdirectories Strike Again

less than 1 minute read

<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...

Stored XSS in WordPress Core

less than 1 minute read

<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...

Bank Phishing Incident Analysis

less than 1 minute read

<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...

Cloudflare at Google NEXT 2017

3 minute read

The Cloudflare team is headed down the street to Google NEXT 2017 from March 8th - 10th at Moscone Center booth C7 in San Francisco, CA. We’re excited to mee...

Labs Notes Monthly Recap – Feb/2017

less than 1 minute read

<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT).</p> The Suc...

The Story of an Expired WHOIS Server

less than 1 minute read

<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...

Quantifying the Impact of “Cloudbleed”

19 minute read

Last Thursday we released details on a bug in Cloudflare's parser impacting our customers. It was an extremely serious bug that caused data flowing through C...

New Guide on How to Fix Hacked Magento Sites

less than 1 minute read

<p>Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website securit...

Labs Notes Monthly Recap – Jan/2017

less than 1 minute read

<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Teams (IRT).</p> The Su...

Cloudflare Crypto Meetup

2 minute read

Come join us on Cloudflare HQ in San Francisco on Tuesday, Febrary 28, 2017 for another cryptography meetup. We again had a great time at the last one, we de...

Content Injection Vulnerability in WordPress

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...

WordPress Performance Optimization Guide

less than 1 minute read

<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...

Labs Notes Monthly Recap – Dec/2016

less than 1 minute read

<p>Last month there were a number of interesting website hacks being analyzed by our Malware Research Team (MRT) and Incident Response Teams (IRT).<...

Injection of Unwanted Google AdSense Ads

less than 1 minute read

<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...

Hacked Website Report – 2016/Q3

less than 1 minute read

<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...

Website Malware Targets Mobile Platforms

less than 1 minute read

<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...

Session Stealer Script Used In OpenCart

less than 1 minute read

<p>With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few c...

PrestaShop Attack Steals Login Credentials

less than 1 minute read

<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...

Labs Notes Monthly Recap – Nov/2016

less than 1 minute read

<p>Time for another monthly recap! If you haven’t seen the other monthly recaps, make sure to check out October and September. Our malware research and...

Cloudflare acquires Eager

2 minute read

In 2011 we launched the Cloudflare Apps platform in an article that first declared Cloudflare as “not ... the sexiest business in the world.” Sexy or not, Cl...

How Scammers Abuse Baidu Search Results

less than 1 minute read

<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...

How to Secure Websites for Clients

less than 1 minute read

<p>In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to u...

Website Spam Infection via Zip File Upload

less than 1 minute read

<p>Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware.</p> The malware creates doorways for h...

Cloned Spam Sites in Subdirectories

less than 1 minute read

<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...

New Guide on How to Fix Hacked Joomla! Sites

less than 1 minute read

<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...

New XM1RPC SEO Spam and Backdoor Campaign

less than 1 minute read

<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...

Labs Notes Monthly Recap – Oct/2016

less than 1 minute read

<p>In our September Labs Notes Recap, we listed recent discoveries made by our Incident Response and Malware Research Teams. These monthly recaps serve...

Cloudflare Crypto Meetup

2 minute read

Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided ...

Joomla Account Creation Vulnerability

less than 1 minute read

<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...

Credentials Stealer on Prestashop

less than 1 minute read

<p>In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the wo...

Magento Credit Card Swiper Exports to Image

less than 1 minute read

Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding new variants nearl...

Security through Confusion – The FUD Factor

less than 1 minute read

The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first...

TLS nonce-nse

5 minute read

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that tw...

Labs Notes Monthly Recap – Sep/2016

less than 1 minute read

Sharing what we learn in the form of content and tools has been a staple here at Sucuri since our inception. Our greatest challenge is having enough hours to...

Introducing Dedicated SSL Certificates

8 minute read

When we launched Universal SSL in September 2014 we eliminated the costly and confusing process of securing a website or application with SSL, and replaced i...

SSH Brute Force Compromises Leading to DDoS

less than 1 minute read

A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...

What is the Status of IPv6 Adoption?

less than 1 minute read

The internet is a complex ecosystem of interconnected devices, and at its core is the Internet Protocol (IP). This protocol is currently in its second major ...

An overview of TLS 1.3 and Q&A

9 minute read

The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version...

Hacked Website Report – 2016/Q2

less than 1 minute read

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...

Encryption Week

6 minute read

Since CloudFlare’s inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we’ve made Cloud...

CloudFlare’s new WordPress plugin

1 minute read

Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...

Hacking WordPress Sites on Shared Servers

less than 1 minute read

A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...

Cleaning the Wp-Page Pharma Hack in WordPress

less than 1 minute read

Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...

IPv4 vs IPv6 Performance Comparison

less than 1 minute read

IPv6 usage has been growing very slowly through the last 10 to 15 years. Since mid-2015 it started to pick up and increase adoption at a rapid pace. Google, ...

Evenly Distributed Future

7 minute read

Traveling back and forth between the UK and US I often find myself answering the question “What does CloudFlare do?”. That question gets posed by USCIS on ar...

The Cuban CDN

6 minute read

On a recent trip to Cuba I brought with me a smartphone and hoped to get Internet access either via WiFi or 3G. I managed that (at a price) but also saw for ...

SQL Injection Vulnerability in Ninja Forms

less than 1 minute read

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...

Large CCTV Botnet Leveraged in DDoS Attacks

less than 1 minute read

Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...

Domain Renewal Phishing Scams

less than 1 minute read

When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...

The Growing DDoS Threat to Website Owners

less than 1 minute read

As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...

Phishers Abuse Hosting Temporary URLs

less than 1 minute read

Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...

Backdoor in Fake Joomla! Core Files

less than 1 minute read

We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog.  Sometimes we write about free tools to obfuscate your code that aren’t...

Website Hacked Trend Report – 2016/Q1

less than 1 minute read

Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...

The Sleepy User Agent

6 minute read

From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand...

New Wave of the Test0/Test5.com Redirect Hack

less than 1 minute read

Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...

Finding Conditional SEO Spam in Drupal

less than 1 minute read

Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...

Analyzing ImageTragick Exploits in the Wild

less than 1 minute read

Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...

Cloned Websites Stealing Google Rankings

less than 1 minute read

We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...

It takes two to ChaCha (Poly)

9 minute read

Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only ...

Sucuri – 2016 Redesign

less than 1 minute read

A few weeks ago, while enjoying a fine lunch on a bright sunny day in Southern California, our researcher and marketing teams found themselves across the tab...

Introducing CFSSL 1.2

11 minute read

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...

The Trouble with Tor

11 minute read

The Tor Project makes a browser that allows anyone to surf the Internet anonymously. Tor stands for "the Onion router" and that describes how the service wor...

Going to IETF 95? Join the TLS 1.3 hackathon

less than 1 minute read

If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the f...

When a WordPress Plugin Goes Bad

less than 1 minute read

Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....

Behind the Malware – Botnet Analysis

less than 1 minute read

While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...

Fake SUPEE-5344 Patch Steals Payment Details

less than 1 minute read

In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to v...

Seo-moz.com SEO Spam Campaign

less than 1 minute read

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...

Massive Admedia/Adverting iFrame Infection

less than 1 minute read

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...

The Risks of Hiring a Bad SEO Company

less than 1 minute read

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...

Flexible, secure SSH with DNSSEC

5 minute read

<p>If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation Ope...

Ransomware Strikes Websites

less than 1 minute read

Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...

Malicious Pastebin Replacement for jQuery

less than 1 minute read

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...

Fake Media Download Sites

less than 1 minute read

Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...

HTTP/2 is here! Goodbye SPDY? Not quite yet

7 minute read

Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. Th...

Unwanted Software and Harmful Programs

less than 1 minute read

We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...

Spam Campaign Causes “DDoS” by Googlebot

less than 1 minute read

Every once in a while we get a glimpse into rare and strange behavior that doesn’t involve the website being hacked, but causes major problems for website ow...

vBulletin Exploits in the Wild

less than 1 minute read

The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...

Joomla SQL Injection Attacks in the Wild

less than 1 minute read

  Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...

Massive Magento Guruincsite Infection

less than 1 minute read

We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already...

Redirect to Microsoft Word Macro Virus

less than 1 minute read

These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s n...

Phishing for Anonymous Alligators

less than 1 minute read

Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...

Analyzing Black Hat URL Shorteners

less than 1 minute read

Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hacke...

.htaccess Tricks in Global.asa Files

less than 1 minute read

As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

Malicious Google Search Console Verifications

less than 1 minute read

This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...

Demystifying File and Folder Permissions

less than 1 minute read

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...

FunWebProducts UserAgent Bloating Traffic

less than 1 minute read

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...

Wigo Means Bingo for Blackseo Agent

less than 1 minute read

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...

Ensuring the web is for everyone

1 minute read

This is the text of an internal email I sent at CloudFlare that we thought worth sharing more widely. I annotated it a bit with links that weren't in the ori...

DNS parser, meet Go fuzzer

9 minute read

Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...

Prestige Conference Means Business

less than 1 minute read

A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the...

SweetCaptcha Returns Hijacking Another Plugin

less than 1 minute read

Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-par...

Malicious Google Analytics Referral Spam

less than 1 minute read

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Analyzing a Facebook Clickbait Worm

less than 1 minute read

Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...

Websites Hacked Via Website Backups

less than 1 minute read

The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...

10 Tips to Improve Your Website Security

less than 1 minute read

In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...

Your Website Hacked but No Signs of Infection

less than 1 minute read

Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

Hacked Websites Redirect to Bitcoin.org

less than 1 minute read

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...

An introduction to JavaScript-based DDoS

7 minute read

<p> CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distrib...

CloudFlare’s New Dashboard

4 minute read

When we started CloudFlare, we thought we were building a service to make websites faster and more secure, and we wanted to make the service as easy and acce...

Critical Persistent XSS 0day in WordPress

less than 1 minute read

Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...

Of Phishing Attacks and WordPress 0days

9 minute read

Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside...

Contributing back to the security community

3 minute read

This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I'm speaking about a version of The ...

How To Create a Website Backup Strategy

less than 1 minute read

We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...

Why Website Reinfections Happen

7 minute read

I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...

OpenSSL Security Advisory of 19 March 2015

1 minute read

Today there were multiple vulnerabilities released in OpenSSL, a cryptographic library used by CloudFlare (and most sites on the Internet). There has been a...

The Impacts of a Hacked Website

7 minute read

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...

Inverted WordPress Trojan

6 minute read

Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...

Deprecating the DNS ANY meta-query type

3 minute read

DNS, one of the oldest technologies running the Internet, keeps evolving. There is a constant stream of new developments, from DNSSEC, through DNS-over-TLS, ...

Why A Free Obfuscator Is Not Always Free.

3 minute read

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...

Why Websites Get Hacked

8 minute read

I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...

The Dynamics of Passwords

8 minute read

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...

DNSSEC Done Right

5 minute read

This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare.

Critical “GHOST” Vulnerability Released

1 minute read

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...

AdSense Abused with Malvertising Campaign

12 minute read

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...

2014 Website Defacements

1 minute read

Defacements are the most visual and obvious hack that a website can suffer from. They also come parcelled with their own exquisite sense of dread. Nothing gi...

Kyoto Tycoon Secure Replication

3 minute read

Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Targeted Phishing Against GoDaddy Customers

1 minute read

I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...

Leveraging the WordPress Platform for SPAM

4 minute read

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...

JoomDonation Compromised

2 minute read

We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into ...

Deep Dive into the HikaShop Vulnerability

5 minute read

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...

Threat Introduced via Browser Extensions

6 minute read

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...

Google Blacklists Bit.ly

2 minute read

If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

Quick Analysis of a DDoS Attack Using SSDP

4 minute read

Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Experimenting with mozjpeg 2.0

2 minute read

One of the services that CloudFlare provides to paying customers is called Polish. Polish automatically recompresses images cached by CloudFlare to ensure th...

SQL Injection Vulnerability – vBulletin 5.x

less than 1 minute read

The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...

Making code better with reviews

3 minute read

In the past we've written about how CloudFlare isn't afraid to rip out and replace chunks of code that have proved to be hard to maintain or have simply reac...

Q&A with Ryan Lackey

5 minute read

Lackey being hoisted onto Sealand in the North Sea circa 2000 How did you get into computer security? I started using the Internet when I was young—in the e...

CloudFlare Acquires CryptoSeal

1 minute read

We're excited to announce that CloudFlare has acquired the Trusted Computing and virtual private network (VPN) as a service company CryptoSeal. CryptoSeal w...

Naming Project Galileo

1 minute read

What’s in a Name Earlier today, CloudFlare announced Project Galileo to protect free speech on the Web by using its sophisticated anti-DDoS resources. Seve...

CloudProxy + SPDY = A Faster Website

1 minute read

Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...

CloudFlare is PCI Certified

less than 1 minute read

Great news for everyone using CloudFlare on an e-commerce site, or a site accepting or processing credit card transactions. After undergoing a Payment Card I...

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Malicious Redirections to Porn Websites

3 minute read

The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...

Desktop AVs and Website Security

2 minute read

Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...

Tracking our SSL configuration

less than 1 minute read

Over time we've updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we've documented those changes in b...

Joomla Plugin Constructor Backdoor

3 minute read

We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...

Upcoming Meetups at CloudFlare

1 minute read

At CloudFlare, we love connecting with our communities, and so we are excited to announce two meetups to be hosted here at the CloudFlare headquarters in Sa...

HeartBleed in the Wild

2 minute read

As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...

The Results of the CloudFlare Challenge

1 minute read

Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its ...

JCE Joomla Extension Attacks in the Wild

3 minute read

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...

WordPress Pingback Attacks and our WAF

2 minute read

At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for ...

SiteCheck Chrome Extension Now Available

1 minute read

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...

Fighting back responsibly

3 minute read

Today on The Day We Fight Back, companies are coming together to protest the NSA’s mass surveillance programs. CloudFlare is proud to be one of those compani...

CloudFlare DNS is simple, fast and flexible

8 minute read

Over the past few years, the CloudFlare blog has covered a great range of different topics, drilling down into the technology we use to both protect websites...

Killing RC4 (softly)

1 minute read

Back in 2011, the BEAST attack on the cipher block chaining (CBC) encryption mode used in TLS v1.0 was demonstrated. At the time the advice of experts (inclu...

Website Mesh Networks Distributing Malware

7 minute read

Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...

The Hidden Backdoors to the City of Cron

2 minute read

An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...

Sucuri Company Meeting – Brazil 2014

less than 1 minute read

2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...

Keeping our open source promise

2 minute read

Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the...

What we’ve been doing with Go

4 minute read

Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, pro...

Why secure systems require random numbers

6 minute read

(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...

Details Behind Today’s Internet Hacks

6 minute read

When I woke up this morning I had no idea I'd be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day— Rajiv Pant (@ra...

Updating Our Privacy Policy

2 minute read

Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to...

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

What CloudFlare Logs

2 minute read

Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...

The DDoS That Almost Broke the Internet

10 minute read

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...

What We Just Did to Make SSL Even Faster

5 minute read

A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...

Pushing Nginx to its limit with Lua

4 minute read

At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...

Two-factor Authentication Now Available

2 minute read

With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...

SEO and your website

6 minute read

*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...

The many sites of CloudFlare

3 minute read

Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...

Back to top ↑

Website Security

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

The Importance of Website Logs

less than 1 minute read

As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...

Add Security to Your Website Agency Portfolio

less than 1 minute read

As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you...

Googlebot or a DDoS Attack?

less than 1 minute read

A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...

Improvements to SiteCheck Website Scanner

less than 1 minute read

<p>SiteCheck is Sucuri’s free website malware and security scanner offered to anyone who wants to scan their websites for malware and blacklist status....

OWASP Top 10 Security Risks – Part V

less than 1 minute read

<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...

OWASP Top 10 Security Risks – Part IV

less than 1 minute read

<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...

New Year Tips from Security Professionals

less than 1 minute read

<p>Have you included website security as a part of your new year’s resolutions for 2019?</p> Here is a quick retrospective on tips some of our te...

My Website Was Hacked on Christmas Eve

less than 1 minute read

<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...

Clever SEO Spam Injection

less than 1 minute read

<p>It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly i...

Naughty or Nice Websites

less than 1 minute read

<p>Santa Claus is coming! Was your website naughty or nice this year?</p> Here is a quick checklist of the top 10 bad things that can harm your w...

What is Phishing?

less than 1 minute read

<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...

Fear, Uncertainty, and Doubt

less than 1 minute read

<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...

Navigating Data Responsibility

less than 1 minute read

<p>As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made availa...

Real-Time Fine-Tuning of the WAF via API

less than 1 minute read

<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...

Hackers Change WordPress Siteurl to Pastebin

less than 1 minute read

<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...

10 Tips to Improve Your Website Security

less than 1 minute read

<p>Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management s...

Web Marketers Should Learn Security

less than 1 minute read

<p>Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills...

OWASP Top 10 Security Risks – Part II

less than 1 minute read

<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...

Creating a Response Plan You Can Trust

less than 1 minute read

<p>As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficul...

Security Monitoring Saves the Day

less than 1 minute read

<p>For the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security p...

Obfuscated JavaScript Cryptominer

less than 1 minute read

<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...

OWASP Top 10 Security Risks – Part I

less than 1 minute read

<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...

SSL vs. Website Security

less than 1 minute read

<p>Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site gene...

Backdoor Uses Paste Site to Host Payload

less than 1 minute read

<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...

Outdated Duplicator Plugin RCE Abused

less than 1 minute read

<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...

Unsuccessfully Defaced Websites

less than 1 minute read

<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...

WordPress Database Upgrade Phishing Campaign

less than 1 minute read

<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...

Core Integrity Verifications

less than 1 minute read

<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...

Fake Font Dropper

less than 1 minute read

<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...

Switching to HTTPS Before It’s Too Late

less than 1 minute read

<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...

What are Website Backdoors?

less than 1 minute read

<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...

Magento Credit Card Stealer Reinfector

less than 1 minute read

<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...

The Importance of Website Backups

less than 1 minute read

<p>Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is do...

How APIs Can Streamline Your Operations

less than 1 minute read

<p>Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens...

Shell Logins as a Magento Reinfection Vector

less than 1 minute read

<p>Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following fi...

The Impacts of a Data Breach

less than 1 minute read

<p>Have you ever wondered what happens if your e-commerce site is breached?</p> Usually, when you think about data breaches, you think about big ...

What is PCI Compliance?

less than 1 minute read

<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...

A Puzzling Backdoor Upload

less than 1 minute read

<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...

Analysis of a Malicious Blackhat SEO Script

less than 1 minute read

<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...

From Baidu to Google’s Open Redirects

less than 1 minute read

<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...

Malicious Activities with Google Tag Manager

less than 1 minute read

<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...

Content Security Policy

less than 1 minute read

<p>As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks...

Unwanted Ads via Baidu Links

less than 1 minute read

<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...

Hacked Website Trend Report – 2017

less than 1 minute read

<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...

Obfuscation Through Legitimate Appearances

less than 1 minute read

<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...

GitHub Hosts Lokibot Infostealer

less than 1 minute read

<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered t...

Intro to Securing an Online Store – Part 2

less than 1 minute read

<p>Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These ...

The Impacts of Zero-Day Attacks

less than 1 minute read

<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...

New Guide on How to Clean a Hacked Website

less than 1 minute read

<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...

Wikipedia Page Review Reveals Minr Malware

less than 1 minute read

<p>Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag...

Why Attackers Hack Small Sites

less than 1 minute read

<p>You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity...

Hacked Websites Mine Cryptocurrencies

less than 1 minute read

<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...

Creating a Basic Website Security Framework

less than 1 minute read

<p>When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions ...

Affiliate Cookie Stuffing in iFrames

less than 1 minute read

<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...

Evasion Techniques in Phishing Attacks

less than 1 minute read

<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...

Personal Security Guide – iOS/Android

less than 1 minute read

<p>We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with pers...

Code Injection in Signed PHP Archives (Phar)

less than 1 minute read

<p>PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications...

The Principle of Least Privilege

less than 1 minute read

<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...

The Story of an Expired WHOIS Server

less than 1 minute read

<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...

WordPress Performance Optimization Guide

less than 1 minute read

<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...

Injection of Unwanted Google AdSense Ads

less than 1 minute read

<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...

Hacked Website Report – 2016/Q3

less than 1 minute read

<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...

Website Malware Targets Mobile Platforms

less than 1 minute read

<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...

PrestaShop Attack Steals Login Credentials

less than 1 minute read

<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...

How to Secure Websites for Clients

less than 1 minute read

<p>In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to u...

Security through Confusion – The FUD Factor

less than 1 minute read

The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first...

Hacked Website Report – 2016/Q2

less than 1 minute read

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...

The Growing DDoS Threat to Website Owners

less than 1 minute read

As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...

Phishers Abuse Hosting Temporary URLs

less than 1 minute read

Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...

Website Hacked Trend Report – 2016/Q1

less than 1 minute read

Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...

Massive Admedia/Adverting iFrame Infection

less than 1 minute read

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...

Ransomware Strikes Websites

less than 1 minute read

Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...

Malicious Pastebin Replacement for jQuery

less than 1 minute read

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...

Fake Media Download Sites

less than 1 minute read

Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...

Unwanted Software and Harmful Programs

less than 1 minute read

We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...

Phishing for Anonymous Alligators

less than 1 minute read

Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...

Analyzing Black Hat URL Shorteners

less than 1 minute read

Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hacke...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

Demystifying File and Folder Permissions

less than 1 minute read

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...

FunWebProducts UserAgent Bloating Traffic

less than 1 minute read

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...

Malicious Google Analytics Referral Spam

less than 1 minute read

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Websites Hacked Via Website Backups

less than 1 minute read

The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...

10 Tips to Improve Your Website Security

less than 1 minute read

In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...

Your Website Hacked but No Signs of Infection

less than 1 minute read

Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

Hacked Websites Redirect to Bitcoin.org

less than 1 minute read

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...

How To Create a Website Backup Strategy

less than 1 minute read

We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...

Why Website Reinfections Happen

7 minute read

I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...

The Impacts of a Hacked Website

7 minute read

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...

Why A Free Obfuscator Is Not Always Free.

3 minute read

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...

Why Websites Get Hacked

8 minute read

I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...

The Dynamics of Passwords

8 minute read

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...

Critical “GHOST” Vulnerability Released

1 minute read

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...

AdSense Abused with Malvertising Campaign

12 minute read

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Targeted Phishing Against GoDaddy Customers

1 minute read

I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...

Threat Introduced via Browser Extensions

6 minute read

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

Back to top ↑

WordPress Security

The Importance of Website Logs

less than 1 minute read

As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...

OWASP Top 10 Security Risks – Part III

less than 1 minute read

<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...

Using Innocent Roles to Hide Admin Users

less than 1 minute read

<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...

Hackers Change WordPress Siteurl to Pastebin

less than 1 minute read

<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...

Saskmade[.]net Redirects

less than 1 minute read

<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...

Backdoor Uses Paste Site to Host Payload

less than 1 minute read

<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...

Outdated Duplicator Plugin RCE Abused

less than 1 minute read

<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...

WordPress Database Upgrade Phishing Campaign

less than 1 minute read

<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...

Core Integrity Verifications

less than 1 minute read

<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...

Fake Font Dropper

less than 1 minute read

<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...

Unwanted Ads via Baidu Links

less than 1 minute read

<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...

Obfuscation Through Legitimate Appearances

less than 1 minute read

<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...

New Guide on How to Clean a Hacked Website

less than 1 minute read

<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...

Malicious Cryptominers from GitHub

less than 1 minute read

<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...

SQL Injection in bbPress

less than 1 minute read

<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...

New WordPress Security Guide

less than 1 minute read

<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...

Cryptominers on Hacked Sites – Part 2

less than 1 minute read

<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...

SQL Injection Vulnerability in WP Statistics

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....

Malicious Subdirectories Strike Again

less than 1 minute read

<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...

Stored XSS in WordPress Core

less than 1 minute read

<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...

Content Injection Vulnerability in WordPress

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...

Hacked Website Report – 2016/Q3

less than 1 minute read

<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...

Cloned Spam Sites in Subdirectories

less than 1 minute read

<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...

New XM1RPC SEO Spam and Backdoor Campaign

less than 1 minute read

<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...

Hacked Website Report – 2016/Q2

less than 1 minute read

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...

Hacking WordPress Sites on Shared Servers

less than 1 minute read

A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...

Cleaning the Wp-Page Pharma Hack in WordPress

less than 1 minute read

Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...

SQL Injection Vulnerability in Ninja Forms

less than 1 minute read

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...

When a WordPress Plugin Goes Bad

less than 1 minute read

Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....

Behind the Malware – Botnet Analysis

less than 1 minute read

While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...

Seo-moz.com SEO Spam Campaign

less than 1 minute read

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...

Massive Admedia/Adverting iFrame Infection

less than 1 minute read

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...

Malicious Pastebin Replacement for jQuery

less than 1 minute read

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...

Wigo Means Bingo for Blackseo Agent

less than 1 minute read

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...

SweetCaptcha Returns Hijacking Another Plugin

less than 1 minute read

Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-par...

10 Tips to Improve Your Website Security

less than 1 minute read

In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...

Hacked Websites Redirect to Bitcoin.org

less than 1 minute read

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...

Inverted WordPress Trojan

6 minute read

Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...

Critical “GHOST” Vulnerability Released

1 minute read

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...

Leveraging the WordPress Platform for SPAM

4 minute read

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...

Threat Introduced via Browser Extensions

6 minute read

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...

Back to top ↑

WordPress

CloudFlare’s new WordPress plugin

1 minute read

Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...

Critical Persistent XSS 0day in WordPress

less than 1 minute read

Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...

How to Create a Video Slider in WordPress

less than 1 minute read

This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...

WordPress Plugins to Streamline Your Business

less than 1 minute read

Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Back to top ↑

website firewall

Googlebot or a DDoS Attack?

less than 1 minute read

A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...

Real-Time Fine-Tuning of the WAF via API

less than 1 minute read

<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...

What is PCI Compliance?

less than 1 minute read

<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...

What is Virtual Hardening?

less than 1 minute read

<p>If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of pr...

What is a WAF?

less than 1 minute read

<p>Have you ever wondered what WAF means?</p> WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your...

How to Use Splunk with Sucuri Audit Trails

less than 1 minute read

<p>The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there i...

WordPress Performance Optimization Guide

less than 1 minute read

<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...

SSH Brute Force Compromises Leading to DDoS

less than 1 minute read

A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...

IPv4 vs IPv6 Performance Comparison

less than 1 minute read

IPv6 usage has been growing very slowly through the last 10 to 15 years. Since mid-2015 it started to pick up and increase adoption at a rapid pace. Google, ...

Large CCTV Botnet Leveraged in DDoS Attacks

less than 1 minute read

Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...

Analyzing ImageTragick Exploits in the Wild

less than 1 minute read

Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...

The Risks of Hiring a Bad SEO Company

less than 1 minute read

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...

Malicious Google Analytics Referral Spam

less than 1 minute read

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

Quick Analysis of a DDoS Attack Using SSDP

4 minute read

Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...

Back to top ↑

Vulnerability Disclosure

SQL Injection in bbPress

less than 1 minute read

<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...

SQL Injection Vulnerability in WP Statistics

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....

SQL Injection Vulnerability in Joomla! 3.7

less than 1 minute read

<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...

Content Injection Vulnerability in WordPress

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...

Joomla Account Creation Vulnerability

less than 1 minute read

<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...

SQL Injection Vulnerability in Ninja Forms

less than 1 minute read

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...

Critical Persistent XSS 0day in WordPress

less than 1 minute read

Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...

Deep Dive into the HikaShop Vulnerability

5 minute read

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...

Back to top ↑

javascript

Obfuscated JavaScript Cryptominer

less than 1 minute read

<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...

Unsuccessfully Defaced Websites

less than 1 minute read

<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...

Massive localstorage[.]tk Drupal Infection

less than 1 minute read

<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...

Unwanted Ads via Baidu Links

less than 1 minute read

<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...

Malicious Cryptominers from GitHub

less than 1 minute read

<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...

Hacked Websites Mine Cryptocurrencies

less than 1 minute read

<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...

Malicious Subdirectories Strike Again

less than 1 minute read

<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...

Stored XSS in WordPress Core

less than 1 minute read

<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...

Injection of Unwanted Google AdSense Ads

less than 1 minute read

<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...

Session Stealer Script Used In OpenCart

less than 1 minute read

<p>With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few c...

Massive Admedia/Adverting iFrame Infection

less than 1 minute read

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...

Hacked Websites Redirect to Bitcoin.org

less than 1 minute read

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...

Why A Free Obfuscator Is Not Always Free.

3 minute read

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Back to top ↑

sucuri

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

CloudProxy + SPDY = A Faster Website

1 minute read

Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Desktop AVs and Website Security

2 minute read

Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...

SiteCheck Chrome Extension Now Available

1 minute read

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...

Website Mesh Networks Distributing Malware

7 minute read

Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...

Sucuri Company Meeting – Brazil 2014

less than 1 minute read

2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...

Back to top ↑

Learn

The Risks of Hiring a Bad SEO Company

less than 1 minute read

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

Demystifying File and Folder Permissions

less than 1 minute read

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Analyzing a Facebook Clickbait Worm

less than 1 minute read

Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...

Websites Hacked Via Website Backups

less than 1 minute read

The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...

10 Tips to Improve Your Website Security

less than 1 minute read

In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...

Your Website Hacked but No Signs of Infection

less than 1 minute read

Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

How To Create a Website Backup Strategy

less than 1 minute read

We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...

Why Website Reinfections Happen

7 minute read

I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...

The Impacts of a Hacked Website

7 minute read

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...

Why Websites Get Hacked

8 minute read

I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...

The Dynamics of Passwords

8 minute read

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Leveraging the WordPress Platform for SPAM

4 minute read

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...

Deep Dive into the HikaShop Vulnerability

5 minute read

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...

Back to top ↑

Tutorials

How to Rollback WordPress Plugins

less than 1 minute read

Here’s another tutorial from WPBeginner. How to Rollback WordPress Plugins (Version Control for Beginners) Have you ever updated a WordPress plugin only to r...

How to Create a Video Slider in WordPress

less than 1 minute read

This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...

How to Add SSL and HTTPS in WordPress

less than 1 minute read

In this article, the following concerns below will be tackled; What is HTTPS and SSL? Why do you need HTTPS and SSL? Requirements for using HTTPS and SSL...

Back to top ↑

Joomla! Security

Hacked Website Trend Report – 2017

less than 1 minute read

<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...

New Guide on How to Clean a Hacked Website

less than 1 minute read

<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...

Cryptominers on Hacked Sites – Part 2

less than 1 minute read

<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...

SQL Injection Vulnerability in Joomla! 3.7

less than 1 minute read

<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...

Hacked Website Report – 2016/Q3

less than 1 minute read

<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...

New Guide on How to Fix Hacked Joomla! Sites

less than 1 minute read

<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...

Joomla Account Creation Vulnerability

less than 1 minute read

<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...

Hacked Website Report – 2016/Q2

less than 1 minute read

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...

Backdoor in Fake Joomla! Core Files

less than 1 minute read

We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog.  Sometimes we write about free tools to obfuscate your code that aren’t...

Joomla SQL Injection Attacks in the Wild

less than 1 minute read

  Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...

JoomDonation Compromised

2 minute read

We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into ...

Deep Dive into the HikaShop Vulnerability

5 minute read

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...

Back to top ↑

Tips

9 Best Audio Player Plugins for WordPress

less than 1 minute read

For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...

How to Create a Social Media Marketing Plan

less than 1 minute read

Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...

The 11 Best Code Editors Available in 2015

less than 1 minute read

This is for all the Web Developers out there! Both free and paid code editors are discussed in the article.  Some of them are: Atom UltraEdit Sublime Tex...

8 Keys to Creating More Meaningful Content

less than 1 minute read

A new take on those symbols! 8 Keys to Creating More Meaningful Content by Barry Feldman Hello ! @ # $ % ^ & * I was staring at my keyboard when I got ...

WordPress Plugins to Streamline Your Business

less than 1 minute read

Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...

Back to top ↑

Wordpress plugins

The Importance of Website Logs

less than 1 minute read

As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...

Using Innocent Roles to Hide Admin Users

less than 1 minute read

<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...

Hackers Change WordPress Siteurl to Pastebin

less than 1 minute read

<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...

New WordPress Security Email Course

less than 1 minute read

<p>Recent statistics show that over 32% of website administrators across the web use WordPress.</p> Unfortunately, the CMSs popularity comes at a...

Outdated Duplicator Plugin RCE Abused

less than 1 minute read

<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...

Core Integrity Verifications

less than 1 minute read

<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...

Unwanted Ads via Baidu Links

less than 1 minute read

<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...

SQL Injection in bbPress

less than 1 minute read

<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...

New WordPress Security Guide

less than 1 minute read

<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...

SQL Injection Vulnerability in WP Statistics

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....

When Your Plugins Turn Against You

less than 1 minute read

<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...

SQL Injection Vulnerability in Ninja Forms

less than 1 minute read

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...

9 Best Audio Player Plugins for WordPress

less than 1 minute read

For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...

WordPress Plugins to Streamline Your Business

less than 1 minute read

Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...

Back to top ↑

Redirects

Saskmade[.]net Redirects

less than 1 minute read

<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...

Persistent Malicious Redirect Variants

less than 1 minute read

<p>It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if yo...

From Baidu to Google’s Open Redirects

less than 1 minute read

<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...

Malicious Activities with Google Tag Manager

less than 1 minute read

<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...

Website Malware Targets Mobile Platforms

less than 1 minute read

<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...

How Scammers Abuse Baidu Search Results

less than 1 minute read

<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...

Website Spam Infection via Zip File Upload

less than 1 minute read

<p>Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware.</p> The malware creates doorways for h...

New Wave of the Test0/Test5.com Redirect Hack

less than 1 minute read

Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...

Back to top ↑

google

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

Googlebot or a DDoS Attack?

less than 1 minute read

A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...

Switching to HTTPS Before It’s Too Late

less than 1 minute read

<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...

Analysis of a Malicious Blackhat SEO Script

less than 1 minute read

<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...

From Baidu to Google’s Open Redirects

less than 1 minute read

<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...

Malicious Activities with Google Tag Manager

less than 1 minute read

<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...

When Your Plugins Turn Against You

less than 1 minute read

<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...

Malicious Subdirectories Strike Again

less than 1 minute read

<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...

Injection of Unwanted Google AdSense Ads

less than 1 minute read

<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...

Finding Conditional SEO Spam in Drupal

less than 1 minute read

Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...

Cloned Websites Stealing Google Rankings

less than 1 minute read

We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...

SiteCheck Chrome Extension Now Available

1 minute read

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...

Back to top ↑

Website Backdoor

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

My Website Was Hacked on Christmas Eve

less than 1 minute read

<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...

Using Innocent Roles to Hide Admin Users

less than 1 minute read

<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...

Backdoor Uses Paste Site to Host Payload

less than 1 minute read

<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...

Outdated Duplicator Plugin RCE Abused

less than 1 minute read

<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...

What are Website Backdoors?

less than 1 minute read

<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...

Magento Credit Card Stealer Reinfector

less than 1 minute read

<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...

A Puzzling Backdoor Upload

less than 1 minute read

<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...

Hacked Website Trend Report – 2017

less than 1 minute read

<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...

Decoding Complex Malware – Step-by-Step

less than 1 minute read

<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...

Bank Phishing Incident Analysis

less than 1 minute read

<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...

New XM1RPC SEO Spam and Backdoor Campaign

less than 1 minute read

<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...

Backdoor in Fake Joomla! Core Files

less than 1 minute read

We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog.  Sometimes we write about free tools to obfuscate your code that aren’t...

Finding Conditional SEO Spam in Drupal

less than 1 minute read

Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...

Back to top ↑

Website Attacks

Analyzing ImageTragick Exploits in the Wild

less than 1 minute read

Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

Malicious Google Search Console Verifications

less than 1 minute read

This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...

FunWebProducts UserAgent Bloating Traffic

less than 1 minute read

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Critical Persistent XSS 0day in WordPress

less than 1 minute read

Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

Back to top ↑

ddos

Real-Time Fine-Tuning of the WAF via API

less than 1 minute read

<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...

The New DDoS Landscape

13 minute read

<p>News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? Th...

SSH Brute Force Compromises Leading to DDoS

less than 1 minute read

A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...

Large CCTV Botnet Leveraged in DDoS Attacks

less than 1 minute read

Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...

The Growing DDoS Threat to Website Owners

less than 1 minute read

As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...

The Risks of Hiring a Bad SEO Company

less than 1 minute read

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Quick Analysis of a DDoS Attack Using SSDP

4 minute read

Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...

The DDoS That Almost Broke the Internet

10 minute read

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...

Back to top ↑

vulnerability

JCE Joomla Extension Attacks in the Wild

3 minute read

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...

Back to top ↑

phishing

What is Phishing?

less than 1 minute read

<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...

WordPress Database Upgrade Phishing Campaign

less than 1 minute read

<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...

Evasion Techniques in Phishing Attacks

less than 1 minute read

<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...

Phishing Targeting Sucuri Customers

less than 1 minute read

<p>We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the iss...

Bank Phishing Incident Analysis

less than 1 minute read

<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...

Domain Renewal Phishing Scams

less than 1 minute read

When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...

Phishers Abuse Hosting Temporary URLs

less than 1 minute read

Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...

Phishing for Anonymous Alligators

less than 1 minute read

Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

Targeted Phishing Against GoDaddy Customers

1 minute read

I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

malware cleanup

Fear, Uncertainty, and Doubt

less than 1 minute read

<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...

Magento Credit Card Stealer Reinfector

less than 1 minute read

<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...

Malicious Activities with Google Tag Manager

less than 1 minute read

<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...

Hacked Website Trend Report – 2017

less than 1 minute read

<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...

New Guide on How to Clean a Hacked Website

less than 1 minute read

<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...

Evasion Techniques in Phishing Attacks

less than 1 minute read

<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...

Decoding Complex Malware – Step-by-Step

less than 1 minute read

<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...

New Guide on How to Fix Hacked Magento Sites

less than 1 minute read

<p>Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website securit...

New Guide on How to Fix Hacked Joomla! Sites

less than 1 minute read

<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...

Cleaning the Wp-Page Pharma Hack in WordPress

less than 1 minute read

Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Back to top ↑

Website Malware

New Wave of the Test0/Test5.com Redirect Hack

less than 1 minute read

Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...

vBulletin Exploits in the Wild

less than 1 minute read

The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...

.htaccess Tricks in Global.asa Files

less than 1 minute read

As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...

Inverted WordPress Trojan

6 minute read

Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...

Why A Free Obfuscator Is Not Always Free.

3 minute read

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...

Back to top ↑

tls

TLS nonce-nse

5 minute read

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that tw...

An overview of TLS 1.3 and Q&A

9 minute read

The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version...

Introducing CFSSL 1.2

11 minute read

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...

Going to IETF 95? Join the TLS 1.3 hackathon

less than 1 minute read

If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the f...

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

Back to top ↑

malvertising

Malicious Activities with Google Tag Manager

less than 1 minute read

<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...

Injection of Unwanted Google AdSense Ads

less than 1 minute read

<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...

Website Malware Targets Mobile Platforms

less than 1 minute read

<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...

Cloned Spam Sites in Subdirectories

less than 1 minute read

<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...

New Wave of the Test0/Test5.com Redirect Hack

less than 1 minute read

Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...

Malicious Pastebin Replacement for jQuery

less than 1 minute read

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

AdSense Abused with Malvertising Campaign

12 minute read

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Threat Introduced via Browser Extensions

6 minute read

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...

Back to top ↑

Website Spam

Finding Conditional SEO Spam in Drupal

less than 1 minute read

Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...

Seo-moz.com SEO Spam Campaign

less than 1 minute read

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...

Fake Media Download Sites

less than 1 minute read

Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...

Spam Campaign Causes “DDoS” by Googlebot

less than 1 minute read

Every once in a while we get a glimpse into rare and strange behavior that doesn’t involve the website being hacked, but causes major problems for website ow...

Phishing for Anonymous Alligators

less than 1 minute read

Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

Malicious Google Search Console Verifications

less than 1 minute read

This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...

Wigo Means Bingo for Blackseo Agent

less than 1 minute read

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...

Malicious Google Analytics Referral Spam

less than 1 minute read

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...

Analyzing a Facebook Clickbait Worm

less than 1 minute read

Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...

AdSense Abused with Malvertising Campaign

12 minute read

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...

Leveraging the WordPress Platform for SPAM

4 minute read

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...

Back to top ↑

security

Make SSL boring again

7 minute read

It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...

DNS parser, meet Go fuzzer

9 minute read

Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

Back to top ↑

sql injection

OWASP Top 10 Security Risks – Part I

less than 1 minute read

<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...

SQL Injection in bbPress

less than 1 minute read

<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...

SQL Injection Vulnerability in WP Statistics

less than 1 minute read

<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....

SQL Injection Vulnerability in Joomla! 3.7

less than 1 minute read

<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...

SQL Injection Vulnerability in Ninja Forms

less than 1 minute read

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...

Joomla SQL Injection Attacks in the Wild

less than 1 minute read

  Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

SQL Injection Vulnerability – vBulletin 5.x

less than 1 minute read

The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...

Back to top ↑

passwords

OWASP Top 10 Security Risks – Part II

less than 1 minute read

<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...

Intro to Securing an Online Store

less than 1 minute read

<p>Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make t...

Personal Security Guide – WiFi Network

less than 1 minute read

<p>This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic appr...

Personal Security Guide – Online Accounts

less than 1 minute read

<p>In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to ...

The Principle of Least Privilege

less than 1 minute read

<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...

Credentials Stealer on Prestashop

less than 1 minute read

<p>In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the wo...

The Dynamics of Passwords

8 minute read

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

Back to top ↑

joomla

Joomla SQL Injection Attacks in the Wild

less than 1 minute read

  Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...

Joomla Plugin Constructor Backdoor

3 minute read

We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...

JCE Joomla Extension Attacks in the Wild

3 minute read

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...

The Hidden Backdoors to the City of Cron

2 minute read

An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...

Back to top ↑

Website Hacked

Website Hacked Trend Report – 2016/Q1

less than 1 minute read

Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...

Ransomware Strikes Websites

less than 1 minute read

Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...

Redirect to Microsoft Word Macro Virus

less than 1 minute read

These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s n...

.htaccess Tricks in Global.asa Files

less than 1 minute read

As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...

Hacked Websites Redirect to Bitcoin.org

less than 1 minute read

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...

The Impacts of a Hacked Website

7 minute read

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...

2014 Website Defacements

1 minute read

Defacements are the most visual and obvious hack that a website can suffer from. They also come parcelled with their own exquisite sense of dread. Nothing gi...

Back to top ↑

ssl

Deprecating SPDY

4 minute read

Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...

Make SSL boring again

7 minute read

It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...

How to make your site HTTPS-only

2 minute read

<p>The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla re...

Introducing CFSSL 1.2

11 minute read

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...

Why secure systems require random numbers

6 minute read

(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

What We Just Did to Make SSL Even Faster

5 minute read

A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...

Back to top ↑

Malware

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Website Mesh Networks Distributing Malware

7 minute read

Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...

The Hidden Backdoors to the City of Cron

2 minute read

An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...

Back to top ↑

Conditional Malware

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

Fake Font Dropper

less than 1 minute read

<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...

When Your Plugins Turn Against You

less than 1 minute read

<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...

Website Malware Targets Mobile Platforms

less than 1 minute read

<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...

PrestaShop Attack Steals Login Credentials

less than 1 minute read

<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...

Back to top ↑

cloudproxy

Quick Analysis of a DDoS Attack Using SSDP

4 minute read

Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...

CloudProxy + SPDY = A Faster Website

1 minute read

Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...

Desktop AVs and Website Security

2 minute read

Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...

Back to top ↑

backdoor

Malicious Google Search Console Verifications

less than 1 minute read

This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...

Wigo Means Bingo for Blackseo Agent

less than 1 minute read

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...

Joomla Plugin Constructor Backdoor

3 minute read

We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...

The Hidden Backdoors to the City of Cron

2 minute read

An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...

Back to top ↑

waf

Large CCTV Botnet Leveraged in DDoS Attacks

less than 1 minute read

Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

CloudProxy + SPDY = A Faster Website

1 minute read

Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...

Back to top ↑

brute force

SSH Brute Force Compromises Leading to DDoS

less than 1 minute read

A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...

The Dynamics of Passwords

8 minute read

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...

Malvertising on a Website Without Ads

4 minute read

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Back to top ↑

Drupal Security

Massive localstorage[.]tk Drupal Infection

less than 1 minute read

<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...

Hacked Website Trend Report – 2017

less than 1 minute read

<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...

New Guide on How to Clean a Hacked Website

less than 1 minute read

<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...

Cryptominers on Hacked Sites – Part 2

less than 1 minute read

<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...

Hacked Website Report – 2016/Q3

less than 1 minute read

<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...

Hacked Website Report – 2016/Q2

less than 1 minute read

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

Back to top ↑

Website Blacklist

My Website Was Hacked on Christmas Eve

less than 1 minute read

<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...

How Scammers Abuse Baidu Search Results

less than 1 minute read

<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...

Unwanted Software and Harmful Programs

less than 1 minute read

We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

Google Blacklists Bit.ly

2 minute read

If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...

Back to top ↑

wordpress tutorial

How to Create a Video Slider in WordPress

less than 1 minute read

This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...

Back to top ↑

wordpress themes

Backdoor Uses Paste Site to Host Payload

less than 1 minute read

<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...

Unwanted Ads via Baidu Links

less than 1 minute read

<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...

New WordPress Security Guide

less than 1 minute read

<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...

Back to top ↑

wordpress tips

9 Best Audio Player Plugins for WordPress

less than 1 minute read

For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...

Back to top ↑

spam

Seo-moz.com SEO Spam Campaign

less than 1 minute read

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Analyzing a Facebook Clickbait Worm

less than 1 minute read

Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

Back to top ↑

Webserver Infections

SSH Brute Force Compromises Leading to DDoS

less than 1 minute read

A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...

Back to top ↑

dns

The Story of an Expired WHOIS Server

less than 1 minute read

<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...

Domain Renewal Phishing Scams

less than 1 minute read

When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...

DNS parser, meet Go fuzzer

9 minute read

Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...

Back to top ↑

seo

The Risks of Hiring a Bad SEO Company

less than 1 minute read

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...

Analyzing Proxy Based Spam Networks

less than 1 minute read

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...

SEO and your website

6 minute read

*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...

Back to top ↑

iFrames

Analysis of a Malicious Blackhat SEO Script

less than 1 minute read

<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...

Malicious Cryptominers from GitHub

less than 1 minute read

<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...

Affiliate Cookie Stuffing in iFrames

less than 1 minute read

<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...

Injection of Unwanted Google AdSense Ads

less than 1 minute read

<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...

Back to top ↑

awareness

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Back to top ↑

Drupal

Finding Conditional SEO Spam in Drupal

less than 1 minute read

Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...

10 Tips to Improve Your Website Security

less than 1 minute read

In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...

Drupal SQL Injection Attempts in the Wild

2 minute read

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...

Back to top ↑

zero-day

The Impacts of Zero-Day Attacks

less than 1 minute read

<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...

Hacking WordPress Sites on Shared Servers

less than 1 minute read

A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...

Back to top ↑

hacked

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

htaccess

Cloned Spam Sites in Subdirectories

less than 1 minute read

<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...

Cloned Websites Stealing Google Rankings

less than 1 minute read

We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...

.htaccess Tricks in Global.asa Files

less than 1 minute read

As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...

Hacked Websites Redirect to Bitcoin.org

less than 1 minute read

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...

Back to top ↑

drive-by-download

Website Malware Targets Mobile Platforms

less than 1 minute read

<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...

FunWebProducts UserAgent Bloating Traffic

less than 1 minute read

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...

Threat Introduced via Browser Extensions

6 minute read

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...

Back to top ↑

vbulletin

vBulletin Exploits in the Wild

less than 1 minute read

The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...

SQL Injection Vulnerability – vBulletin 5.x

less than 1 minute read

The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...

Back to top ↑

iframe

Massive Admedia/Adverting iFrame Infection

less than 1 minute read

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...

Analyzing a Facebook Clickbait Worm

less than 1 minute read

Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...

Back to top ↑

php

Wigo Means Bingo for Blackseo Agent

less than 1 minute read

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...

Back to top ↑

pci

Fake SUPEE-5344 Patch Steals Payment Details

less than 1 minute read

In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to v...

Back to top ↑

botnet

Behind the Malware – Botnet Analysis

less than 1 minute read

While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...

FunWebProducts UserAgent Bloating Traffic

less than 1 minute read

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...

Malicious Google Analytics Referral Spam

less than 1 minute read

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...

Back to top ↑

privacy

Updating Our Privacy Policy

2 minute read

Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to...

Back to top ↑

cryptography

Back to top ↑

linux

SSH Brute Force Compromises Leading to DDoS

less than 1 minute read

A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...

Back to top ↑

plugins

CloudFlare’s new WordPress plugin

1 minute read

Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...

Back to top ↑

layer-7

The Growing DDoS Threat to Website Owners

less than 1 minute read

As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...

Back to top ↑

Product Update

Sucuri – 2016 Redesign

less than 1 minute read

A few weeks ago, while enjoying a fine lunch on a bright sunny day in Southern California, our researcher and marketing teams found themselves across the tab...

Back to top ↑

wordpress plugin

How to Create a Video Slider in WordPress

less than 1 minute read

This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...

Back to top ↑

darkleech

Back to top ↑

firewall

The Dynamics of Passwords

8 minute read

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...

Back to top ↑

exploit

JCE Joomla Extension Attacks in the Wild

3 minute read

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...

Back to top ↑

blacklist

How Social Media Blacklisting Happens

less than 1 minute read

In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...

Back to top ↑

porn

Malicious Redirections to Porn Websites

3 minute read

The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...

Back to top ↑

vulnerabilitiy

Deep Dive into the HikaShop Vulnerability

5 minute read

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...

Back to top ↑

backups

How To Create a Website Backup Strategy

less than 1 minute read

We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...

Back to top ↑

spdy

Deprecating SPDY

4 minute read

Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...

HTTP/2 is here! Goodbye SPDY? Not quite yet

7 minute read

Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. Th...

CloudProxy + SPDY = A Faster Website

1 minute read

Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...

Back to top ↑

mailpoet

Back to top ↑

0-day

Critical Persistent XSS 0day in WordPress

less than 1 minute read

Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...

Back to top ↑

dos

Back to top ↑

disclosure

Back to top ↑

mobile

Back to top ↑

Uncategorized

Back to top ↑

speed

Deprecating SPDY

4 minute read

Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...

Back to top ↑

authy

Two-factor Authentication Now Available

2 minute read

With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...

Back to top ↑

twofactorauthentication

Two-factor Authentication Now Available

2 minute read

With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...

Back to top ↑

lua

Pushing Nginx to its limit with Lua

4 minute read

At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...

Back to top ↑

nginx

Demystifying File and Folder Permissions

less than 1 minute read

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...

Pushing Nginx to its limit with Lua

4 minute read

At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...

Back to top ↑

ocsp

What We Just Did to Make SSL Even Faster

5 minute read

A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...

Back to top ↑

analytics

What CloudFlare Logs

2 minute read

Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...

Back to top ↑

rsa

Back to top ↑

vulnerabilty

Back to top ↑

research

Why A Free Obfuscator Is Not Always Free.

3 minute read

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...

Back to top ↑

SiteCheck

SiteCheck Chrome Extension Now Available

1 minute read

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...

Back to top ↑

backdoors

Back to top ↑

wild

HeartBleed in the Wild

2 minute read

As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...

JCE Joomla Extension Attacks in the Wild

3 minute read

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...

Back to top ↑

Heartbleed

HeartBleed in the Wild

2 minute read

As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...

Back to top ↑

av

Desktop AVs and Website Security

2 minute read

Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...

Back to top ↑

cleanup

Why A Free Obfuscator Is Not Always Free.

3 minute read

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...

Malicious Redirections to Porn Websites

3 minute read

The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...

Back to top ↑

hacked site

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Malicious Redirections to Porn Websites

3 minute read

The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...

Back to top ↑

Antivirus

Back to top ↑

captcha

Back to top ↑

akeeba

Back to top ↑

bash

Back to top ↑

rfi

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Back to top ↑

asp

.htaccess Tricks in Global.asa Files

less than 1 minute read

As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...

Back to top ↑

plugin

When a WordPress Plugin Goes Bad

less than 1 minute read

Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....

Back to top ↑

marketing

How to Create a Social Media Marketing Plan

less than 1 minute read

Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...

Back to top ↑

casestudy

The many sites of CloudFlare

3 minute read

Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...

Back to top ↑

customers

The many sites of CloudFlare

3 minute read

Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...

Back to top ↑

testimonials

The many sites of CloudFlare

3 minute read

Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...

Back to top ↑

seocom

SEO and your website

6 minute read

*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...

Back to top ↑

onlinesecurity

Two-factor Authentication Now Available

2 minute read

With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...

Back to top ↑

accountsecurity

Back to top ↑

openresty

Pushing Nginx to its limit with Lua

4 minute read

At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...

Back to top ↑

webperformance

What We Just Did to Make SSL Even Faster

5 minute read

A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...

Back to top ↑

baylights

Back to top ↑

cache

Back to top ↑

cacheeverything

Back to top ↑

trafficspike

Back to top ↑

internetexchange

The DDoS That Almost Broke the Internet

10 minute read

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...

Back to top ↑

ix

The DDoS That Almost Broke the Internet

10 minute read

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...

Back to top ↑

openresolver

The DDoS That Almost Broke the Internet

10 minute read

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...

Back to top ↑

data

What CloudFlare Logs

2 minute read

Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...

Back to top ↑

logretention

What CloudFlare Logs

2 minute read

Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...

Back to top ↑

Prism NSA SSL security RSA Diffie-Hellman

Back to top ↑

beast

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

Back to top ↑

lucky-13

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

Back to top ↑

rc4

Staying on top of TLS attacks

11 minute read

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...

Back to top ↑

dns hack registry registar

Details Behind Today’s Internet Hacks

6 minute read

When I woke up this morning I had no idea I'd be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day— Rajiv Pant (@ra...

Back to top ↑

railgun

Why secure systems require random numbers

6 minute read

(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...

Back to top ↑

random

Why secure systems require random numbers

6 minute read

(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...

Back to top ↑

keys

Back to top ↑

symmetric

Back to top ↑

openx

Back to top ↑

revive

Back to top ↑

meeting

Sucuri Company Meeting – Brazil 2014

less than 1 minute read

2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...

Back to top ↑

team

Sucuri Company Meeting – Brazil 2014

less than 1 minute read

2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...

Back to top ↑

cron

The Hidden Backdoors to the City of Cron

2 minute read

An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...

Back to top ↑

optimizepress

Back to top ↑

http-floods

Back to top ↑

jomsocial

Back to top ↑

Zencart

Back to top ↑

chrome

SiteCheck Chrome Extension Now Available

1 minute read

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...

Back to top ↑

extension

SiteCheck Chrome Extension Now Available

1 minute read

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...

Back to top ↑

patch

Back to top ↑

XML-RPC

Back to top ↑

cdorked

Back to top ↑

ebury

Back to top ↑

Windigo

Back to top ↑

adf.ly

Back to top ↑

adwat.ch

Back to top ↑

spamcheckr

Back to top ↑

wplist.org

Back to top ↑

wplocker.org

Back to top ↑

jce

JCE Joomla Extension Attacks in the Wild

3 minute read

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...

Back to top ↑

openssl

Back to top ↑

jetpack

Back to top ↑

extended

Back to top ↑

scanner

Back to top ↑

product enhancements

Back to top ↑

updates

Back to top ↑

recovery

Malicious Redirections to Porn Websites

3 minute read

The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...

Back to top ↑

allinoneseo

Back to top ↑

brazil

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

defaced

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

fifa

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

funny

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

world cup

Was the FIFA Website Hacked?

2 minute read

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...

Back to top ↑

education

Back to top ↑

stand up

Back to top ↑

2fa

Back to top ↑

wp-includes

Back to top ↑

0day

Back to top ↑

timthumb

Back to top ↑

blacklisted

Back to top ↑

corrupt

Back to top ↑

custom-contact-forms

Back to top ↑

Audit

My WordPress Website Was Hacked

10 minute read

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...

Back to top ↑

ssdp

Quick Analysis of a DDoS Attack Using SSDP

4 minute read

Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...

Back to top ↑

slider

Back to top ↑

virtuemart

Back to top ↑

router

Back to top ↑

WordPress Security Plugin

Back to top ↑

shellshocker

Back to top ↑

sql injections

Back to top ↑

SQLi

Back to top ↑

bit.ly

Google Blacklists Bit.ly

2 minute read

If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...

Back to top ↑

browser extension

Threat Introduced via Browser Extensions

6 minute read

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...

Back to top ↑

Productivity

WordPress Plugins to Streamline Your Business

less than 1 minute read

Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...

Back to top ↑

write better

Back to top ↑

writing

Back to top ↑

writing help

Back to top ↑

blog ranking

Back to top ↑

SEO google

Back to top ↑

tutorial

Back to top ↑

adwords

AdSense Abused with Malvertising Campaign

12 minute read

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...

Back to top ↑

multilingual

Back to top ↑

tips and tricks

Back to top ↑

bloom

Back to top ↑

email marketing

Back to top ↑

email campaign

Back to top ↑

rss

Back to top ↑

wordpress database

Back to top ↑

domain mapping

Back to top ↑

linkedin

Back to top ↑

marketing tips

Back to top ↑

social media

How to Create a Social Media Marketing Plan

less than 1 minute read

Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...

Back to top ↑

rce

Common Website Security Terminology Defined

less than 1 minute read

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...

Back to top ↑

wordpress maintenance

Back to top ↑

marketing tip

Back to top ↑

personal branding

Back to top ↑

email subscriptions

Back to top ↑

wordpress installation

Back to top ↑

http-flood

Back to top ↑

Apple

Back to top ↑

apps

Cloudflare London Meetup Recap

1 minute read

<p>Cloudflare helps make over 6 million websites faster and more secure. In doing so, Cloudflare has a vast and diverse community of users throughout t...

Back to top ↑