Spotlight on Women in Cybersecurity
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across ...
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspici...
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online ...
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...
As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you...
A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...
We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose...
<p>Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our...
<p>Distributed denial-of-service (DDoS) attacks can disrupt website traffic and impact any business. To help website owners and webmasters improve thei...
<p>SiteCheck is Sucuri’s free website malware and security scanner offered to anyone who wants to scan their websites for malware and blacklist status....
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
<p>If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popula...
<p>In the first post of this series, we talked about the practices that will optimize your site and increase its resilience to DDoS attacks. In the sec...
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
<p>What is Cross-Site Contamination?</p> Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it ...
<p>Have you included website security as a part of your new year’s resolutions for 2019?</p> Here is a quick retrospective on tips some of our te...
<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...
<p>The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewa...
<p>It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly i...
<p>Santa Claus is coming! Was your website naughty or nice this year?</p> Here is a quick checklist of the top 10 bad things that can harm your w...
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
<p>We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offer...
<p>Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or inclu...
<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...
<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...
<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...
<p>As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made availa...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...
<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...
<p>We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigatio...
<p>Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management s...
<p>Recent statistics show that over 32% of website administrators across the web use WordPress.</p> Unfortunately, the CMSs popularity comes at a...
<p>In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some secur...
<p>Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills...
<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...
<p>Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious script...
<p>As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficul...
<p>When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the...
<p>For the second week of National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security p...
<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...
<p>Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance ...
<p>Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site gene...
<p>This is the last post in our series on E-commerce Security:</p> Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store ...
<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...
<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...
<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...
<p>Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for Wor...
<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...
<p>In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part o...
<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...
<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...
<p>This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.</p> When redirected, users see an...
<p>Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection invol...
<p>Have you ever wondered if your website security posture is adequate enough?</p> The risk of having a website compromise is never going to be z...
<p>In the first post of this series, we talked about the practices that will optimize your site and increase your website’s resilience to DDoS attacks....
<p>Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compl...
<p>Recently, we came across another way to use files from GitHub repositories in malware infections.</p> This time the infections weren’t via Git...
<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...
<p>A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to user...
<p>If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code.</p> Thi...
<p>It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if yo...
<p>The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues.</p> Included ...
<p>We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period).</p...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying w...
<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...
<p>Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vul...
<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...
<p>Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is do...
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens...
<p>Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following fi...
<p>Website security is challenging, especially when dealing with a large network of sites. That is why we have created a guide for web professionals an...
<p>Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we’re fully committed to complying wi...
<p>Sucuri’s main objective is to make the internet a safer place for everyone. With that in mind, we created a Referral Program, which gives you the op...
<p>Have you ever wondered what happens if your e-commerce site is breached?</p> Usually, when you think about data breaches, you think about big ...
<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...
<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...
<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...
<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...
<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
<p>As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks...
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...
<p>If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of pr...
<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered t...
<p>We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily...
<p>Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These ...
<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
<p>In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as:...
<p>Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag...
<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject...
<p>We’re excited to be sharing some changes we’ve recently pushed for our Website Backups product.</p> If you’re not familiar with this feature, ...
Photo by Niko Soikkeli / Unsplash The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to prov...
<p>Website security has crossed the mind of nearly every website owner. However, as a website security company, we know that most webmasters come to us...
<p>Have you ever wondered what WAF means?</p> WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your...
<p>A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytic...
Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...
<p>As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist...
Last week the news of two significant computer bugs was announced. They've been dubbed Meltdown and Spectre. These bugs take advantage of very technical syst...
<p>Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time...
<p>It’s the day after Christmas; or, depending on your geography, Boxing Day. With the festivities over, you may still find yourself stuck at home and ...
<p>Today, December 25th, Cloudflare offices around the world are taking a break. From San Francisco to London and Singapore; engineers have retreated h...
<p>As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network ge...
During 2017 Cloudflare published 172 blog posts (including this one). If you need a distraction from the holiday festivities at this time of year here are so...
<p>Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs ...
<p>Have you ever had to sign up for a new account, but once the time came to create a password, your spirits dropped a little? It’s hard enough to reme...
<p>Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The ...
<p>It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, th...
<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...
<p>A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In re...
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...
<p>On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Form...
<p>News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? Th...
<p>Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are a...
<p>A few months ago at Cloudflare’s Internet Summit, we hosted a discussion on A Cloud Without Handcuffs with Joe Beda, one of the creators of Kubernet...
<p>As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are craf...
<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...
<p>We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people’s awareness on security?</...
<p>This is a guest post by Alex Davidson, a PhD student in Cryptography at Royal Holloway, University of London, who is part of the team that developed...
<p>Enabling anonymous access to the web with privacy-preserving cryptography</p>
<p>You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity...
<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...
<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...
<p>I have a weird setup. I type in Dvorak. But, when I hold ctrl or alt, my keyboard reverts to Qwerty.</p>
<p>We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to ...
<p> Photo by Cloudflare Staff</p>
<p>Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a ...
<p>Cloudflare helps make over 6 million websites faster and more secure. In doing so, Cloudflare has a vast and diverse community of users throughout t...
<p>During a recent investigation, I found a new piece of malicious code being used to steal credit card information from compromised Magento sites. <...
OnAir Video Presentation
<p> Fire the Gric Cannon! Hot on the heels of several birthday week product announcements, we continue to expand our global network. </p>
October is European Cybersecurity Month, an annual advocacy campaign to raise awareness of cyber risks among citizens and businesses, and to share best pract...
<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...
<p>If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting...
Ben Sadeghipour, Technical Account Manager, HackerOne, and Katie Moussouris, Founder & CEO, Luta Security
Brandon Philips, Co-Founder & CTO, CoreOS, and Joe Beda, CTO, Heptio, & Co-Founder, Kubernetes
Cole Crawford, Founder & CEO, Vapor IO, and Chaitali Sengupta, Consultant, Qualcomm Datacenter Technologies
<p>Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Se...
<p>HTTPS is a hot topic among online marketers and SEO professionals who understand the future of the web needs to be more secure. Not just for the goo...
<p>When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions ...
<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...
The Quantum Threat
<p>Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make t...
<p>Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the...
<p>For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over ...
<p>A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in...
<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...
A game-changer
<p>We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with pers...
<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...
<p>Earlier this week we wrote about how to use command line tools to back up your website. Check our our previous article for details on how we create ...
<p>Creating website backups should be one of the most important recurring tasks for a website administrator, and yet backups are often forgotten when t...
<p>I have a website. Sweet! What happens next?</p> Well, it’s a natural question. I had a brilliant idea and purchased a domain name, but what do...
<p>Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to re...
Cloudflare runs 3,588 containers, making up 1,264 apps and services that all need to be able to find and discover each other in order to communicate -- a pro...
<p>This month, our Malware Research and Incident Response teams wrote about redirects that deliver malware and ads to visitors, as well as a backdoor m...
As we’ve previously discussed on this blog, Cloudflare has been challenging for years the constitutionality of the FBI’s use of national security letters (NS...
<p>If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contaminatio...
<p>PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications...
<p>Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. ...
<p>At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliabil...
<p>The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla re...
<p>Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including...
Everybody has secrets. Software developers have many. Often these secrets -- API tokens, TLS private keys, database passwords, SSH keys, and other sensitive ...
<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we record...
<p>For the fourth installment of our personal security guides, we are covering how to secure your computer.</p> This includes current versions of...
When we started Cloudflare we had no idea if anyone would validate our core idea. Our idea was what that everyone should have the ability to be as fast and s...
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...
<p>We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the iss...
<p>Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on tre...
<p>This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic appr...
<p>We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Goog...
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 20...
<p>In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to ...
<p>If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute f...
<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...
<p>Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope ...
On March 20th, Cloudflare received our first patent infringement claim: Blackbird Tech LLC v. Cloudflare, Inc. Today we’re filing our Answer to that claim in...
<p>Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session...
Last Thursday, ProPublica published an article critiquing our handling of some abuse reports that we receive. Feedback from the article caused us to reevalua...
<p>Over the course of the last year, our teams have been getting creative and making a collaborative effort to improve the experience of our customer d...
Cloudflare’s community of users is vast. With more than 6 million domains registered, our users come in all shapes and sizes and are located all over the wor...
This is a guest post by Gabe Kassel, Product Manager for Embedded Software at eero.
<p>This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on s...
<p>From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can b...
<p>If you are a customer of ours, you may have noticed the recent updates we’ve made to our dashboard. These changes enhance your ability to manage the...
<p>The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there i...
<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...
<p>We are happy to share some big changes to the monitoring dashboard. The Sucuri Platform features a monitoring dashboard that provides information re...
If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. Your custo...
<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT).</p> Sucuri ...
About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that ...
<p>After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your...
<p>Since late last year, there has been a steady rise in malware campaigns that aim to steal sensitive personal information and financial credentials. ...
<p>We’ve been watching a specific WordPress infection for several months and would like to share details about it.</p> The attacks inject malicio...
<p>Try to remember what you ate for lunch yesterday.</p> It took you about 3-5 seconds, right? Ok. Now recall that memory once more. Took you les...
CC-BY 2.0 image by Ilaria Giacomi
CC-BY 2.0 image by Scipio
<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...
<p>Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many host...
<p>Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has...
<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...
<p>Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracke...
<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...
The Cloudflare team is headed down the street to Google NEXT 2017 from March 8th - 10th at Moscone Center booth C7 in San Francisco, CA. We’re excited to mee...
<p>In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulleti...
<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT).</p> The Suc...
<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...
Last Thursday we released details on a bug in Cloudflare's parser impacting our customers. It was an extremely serious bug that caused data flowing through C...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pa...
<p>One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet,...
<p>Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot...
<p>Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website securit...
The Cloudflare TLS 1.3 beta is run by a Go implementation of the protocol based on the Go standard library, crypto/tls. Starting from that excellent Go codeb...
<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Teams (IRT).</p> The Su...
<p>We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability.</p> These RCE at...
<p>During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular Add...
Come join us on Cloudflare HQ in San Francisco on Tuesday, Febrary 28, 2017 for another cryptography meetup. We again had a great time at the last one, we de...
<p>WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF ne...
<p>In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article w...
<p>The North American Network Operators Group (NANOG) is the loci of modern Internet innovation and the day-to-day cumulative network-operational knowl...
Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (belo...
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain a...
<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...
<p>A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all ...
<p>Last month there were a number of interesting website hacks being analyzed by our Malware Research Team (MRT) and Incident Response Teams (IRT).<...
Cloudflare is publishing today its seventh transparency report, covering the second half of 2016. For the first time, we are able to present information on ...
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
<p>With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few c...
<p>As a business owner, the last thing you want is for a potential customer to search Google for your business and find a lewd image.</p> The way...
This piece was originally written for the Gopher Academy advent series. We are grateful to them for allowing us to republish it here.
<p>One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped wi...
<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...
<p>Time for another monthly recap! If you haven’t seen the other monthly recaps, make sure to check out October and September. Our malware research and...
In 2011 we launched the Cloudflare Apps platform in an article that first declared Cloudflare as “not ... the sexiest business in the world.” Sexy or not, Cl...
<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...
<p>In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to u...
<p>From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malw...
<p>As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates di...
<p>With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have bee...
<p>Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware.</p> The malware creates doorways for h...
<p>A few months ago, we posted an article about the difference between IPv4 and IPv6. Our research team has expanded on those findings with additional ...
<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...
<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...
<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...
<p>In our September Labs Notes Recap, we listed recent discoveries made by our Incident Response and Malware Research Teams. These monthly recaps serve...
Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided ...
<p>When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean...
<p>Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their ...
<p>Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability.</p> As we’ve see...
<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...
<p>Remediating over 500 infected sites per day, we see attacks executed at varying levels of complexity. The tactics attackers use to compromise a site...
<p>In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the wo...
In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with roots dating back mil...
Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding new variants nearl...
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first...
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that tw...
Sharing what we learn in the form of content and tools has been a staple here at Sucuri since our inception. Our greatest challenge is having enough hours to...
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even websi...
Cloudflare has certified with the U.S. Department of Commerce for the new EU-U.S. Privacy Shield framework.
When we launched Universal SSL in September 2014 we eliminated the costly and confusing process of securing a website or application with SSL, and replaced i...
Today, we're introducing two new Cloudflare Traffic products to give customers control over how Cloudflare’s edge network handles their traffic, allowing the...
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
CloudFlare's mission is to make HTTPS accessible for all our customers. It provides security for their websites, improved ranking on search engines, better p...
The internet is a complex ecosystem of interconnected devices, and at its core is the Internet Protocol (IP). This protocol is currently in its second major ...
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version...
CloudFlare aims to put an end to the unencrypted Internet. But the web has a chicken and egg problem moving to HTTPS.
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...
CloudFlare is turbocharging the encrypted internet
Since CloudFlare’s inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we’ve made Cloud...
Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...
Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on WordPress support ...
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
<p>The mission of the United State’s Government’s Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. It’s ironi...
IPv6 usage has been growing very slowly through the last 10 to 15 years. Since mid-2015 it started to pick up and increase adoption at a rapid pace. Google, ...
Traveling back and forth between the UK and US I often find myself answering the question “What does CloudFlare do?”. That question gets posed by USCIS on ar...
On a recent trip to Cuba I brought with me a smartphone and hoped to get Internet access either via WiFi or 3G. I managed that (at a price) but also saw for ...
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...
Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display unwanted ...
Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security componen...
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clie...
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads...
The need to make better sense of markets is paramount to the way businesses are run and decisions are made. We see this with the proliferation of online serv...
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where a...
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolv...
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card...
In this post we’ll show you the tactics employed by the realstatistics malware campaign to make their injections seem less suspicious. The injection looks li...
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last 2 weeks ( codenamed “Realstatistics”). This campaign has compromis...
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x th...
Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...
The Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards established in a joint venture between a number of the top credit ...
When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...
<p>GitHub offers a web hosting service whereby you can serve a static website from a GitHub repository. This platform, GitHub Pages, can be used with C...
Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...
We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive da...
For the last few days, we have noticed an increasing number of websites infected without any outdated plugin or known vulnerability. In most cases it was a p...
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highl...
We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren’t...
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...
From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand...
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...
Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...
Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
ImageMagick is a popular software used to convert, edit and manipulate images. It has libraries for all common programming languages, including PHP, Python, ...
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it...
Free and performant encryption to the origin for CloudFlare customers
CloudFlare has released a new version of our plugin for cPanel with two new features and more control over the security settings of your website.
We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...
Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We’ve seen Goog...
Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you r...
Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only ...
A few weeks ago, while enjoying a fine lunch on a bright sunny day in Southern California, our researcher and marketing teams found themselves across the tab...
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your...
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...
The Tor Project makes a browser that allows anyone to surf the Internet anonymously. Tor stands for "the Onion router" and that describes how the service wor...
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the f...
Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...
What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform...
We're happy to announce that next week CloudFlare is hosting the Null Security meetup in Singapore. You are invited!
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March...
In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to v...
At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make s...
Initial Problem Report
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...
With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for hackers...
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...
Improving your site’s SEO is probably top of mind for you, but doing so takes a lot of hard work and the rules of the game are constantly changing. On Tuesda...
<p>Internet Exchange Points (IXPs) or Network Access Points (NAPs) facilities are where networks meet, participating in what’s known as peering, which ...
<p>If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation Ope...
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...
Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...
It’s December 25th, which means most of you are probably at home visiting with family. I asked a few of the security engineers here at CloudFlare how they ex...
It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values th...
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from...
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from di...
With CloudFlare's release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you'll want to be u...
Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. Th...
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already support...
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...
Every once in a while we get a glimpse into rare and strange behavior that doesn’t involve the website being hacked, but causes major problems for website ow...
Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabi...
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Ev...
The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...
The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticate...
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already...
These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s n...
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most li...
Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...
Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hacke...
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...
Five years ago next week, CloudFlare launched its service to the public. We’re celebrating our birthday in a variety of ways, including holding our first-eve...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker ...
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
Today’s guest blogger is George Cagle. George is a system administrator at Simple Helix, a CloudFlare partner.
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...
This is the text of an internal email I sent at CloudFlare that we thought worth sharing more widely. I annotated it a bit with links that weren't in the ori...
Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team releas...
Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by mos...
A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the...
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-par...
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirect...
As Joomla prepares to celebrate its 10 year anniversary, we want to be certain to join in the festivities. Why? Because open source platforms allow individua...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...
A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are...
We’ve been writing a lot about E-Commerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and th...
The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...
This blog was originally posted by the Electronic Frontier Foundation who is represents CloudFlare in this case.
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across ...
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not ...
In 2014 the total number of websites on the internet reached 1 billion, today it’s hovering somewhere in the neighborhood of 944 million due to websites goin...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure ...
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
<p> CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distrib...
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
When we started CloudFlare, we thought we were building a service to make websites faster and more secure, and we wanted to make the service as easy and acce...
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...
Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerabili...
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside...
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it c...
This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I'm speaking about a version of The ...
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more t...
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or...
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you...
We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
</a> Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have al...
Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do you re...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...
Today there were multiple vulnerabilities released in OpenSSL, a cryptographic library used by CloudFlare (and most sites on the Internet). There has been a...
Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are m...
Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...
DNS, one of the oldest technologies running the Internet, keeps evolving. There is a constant stream of new developments, from DNSSEC, through DNS-over-TLS, ...
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or f...
I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...
Hypertext Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks....
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injecti...
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the ...
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller C...
ServerShield makes it easy to activate CloudFlare and StopTheHacker.
CloudFlare is, arguably, the largest third-party DNS Authoritative operator in the world. We manage well over 1 million domains and have registrations in alm...
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If yo...
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted ...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare.
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...
Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we...
Advisory for: Pagelines and Platform Themes Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / ...
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further invest...
The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability on VBSEO. VBSEO is widely used SEO module for vBulle...
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
Defacements are the most visual and obvious hack that a website can suffer from. They also come parcelled with their own exquisite sense of dread. Nothing gi...
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing i...
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mi...
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websi...
Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon...
This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Google Blacklisting – Soa...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched only J...
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those web...
We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote Fi...
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation an...
We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into ...
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk i...
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can ...
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which execute...
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because every...
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming mor...
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to dro...
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more ...
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
Advisory for: WordPress WP eCommerce Plugin Security Risk: Medium (DREAD score : 6/10) Exploitation level: Easy/Remote Vulnerability: Information leak and ac...
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as imme...
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. Whil...
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a S...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote comman...
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting invest...
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update t...
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that messa...
What if we told you that a compromised website has the ability to hack your home router? Yesterday we were notified that a popular newspaper in Brazil (polit...
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’...
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infect...
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which t...
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silentl...
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
Advisory for: Akeeba for Joomla! Security Risk: Low Exploitation level: Difficult/Remote Vulnerability: Access control bypass If you’re a user of the very po...
We’re pleased to introduce a new CloudFlare App: Tinfoil Security. Tinfoil Security is a service designed to find possible web application vulnerabilities. ...
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks s...
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulner...
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies ...
We’re very excited to finally talk about a partnership that’s been in the works for a few months and in light of the serious nature of the Security in the Wo...
I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website securit...
One of the services that CloudFlare provides to paying customers is called Polish. Polish automatically recompresses images cached by CloudFlare to ensure th...
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is a...
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to ...
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly inj...
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...
Today we’re proud to introduce CFSSL—our open source toolkit for everything TLS/SSL. CFSSL is used internally by CloudFlare for bundling TLS/SSL certificates...
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It ...
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
“Chile may have scored a CloudFlare data center first, but at least we’re still in the Cup” Brazil is home to not only the most successful national football...
In the past we've written about how CloudFlare isn't afraid to rip out and replace chunks of code that have proved to be hard to maintain or have simply reac...
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to uploa...
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was jus...
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other fake stores?...
Lackey being hoisted onto Sealand in the North Sea circa 2000 How did you get into computer security? I started using the Internet when I was young—in the e...
We're excited to announce that CloudFlare has acquired the Trusted Computing and virtual private network (VPN) as a service company CryptoSeal. CryptoSeal w...
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot ...
What’s in a Name Earlier today, CloudFlare announced Project Galileo to protect free speech on the Web by using its sophisticated anti-DDoS resources. Seve...
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...
This morning as I was logging into various social networks I was presented with a popup with “XSS on Tweet Deck.” This obviously set every hair on my neck on...
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of se...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
Great news for everyone using CloudFlare on an e-commerce site, or a site accepting or processing credit card transactions. After undergoing a Payment Card I...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escala...
Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden ifra...
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...
A few weeks back we reported on very large Layer 7 DDOS attacks within the WordPress ecosystem. Today we decided to provide you a little illustration of what...
We’ve been scanning and removing malware from websites for years, and in this time frame we have seen the website security domain grow by leaps and bounds. O...
Over time we've updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we've documented those changes in b...
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
We deal with different types of malware injections and compromises everyday and the most common question our clients ask us is, “Why me? Why my small little ...
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...
At CloudFlare, we love connecting with our communities, and so we are excited to announce two meetups to be hosted here at the CloudFlare headquarters in Sa...
Trust, transparency, and collaboration are values which we hold dear at CloudFlare. As a web security and performance company, we are always interested in ho...
As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...
Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its ...
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attack...
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are ...
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thou...
At CloudFlare, security is on the top of our minds. We are always looking for ways to better secure the data we are entrusted with and improve the security o...
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4...
Today’s guest blogger is Rodney Gibbs. Rodney is the CIO of The Texas Tribune, a nonprofit media organization that covers public policy, politics, and gov...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for ...
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
On January 27, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security ...
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, ...
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
It’s always fun to watch malware developers using different techniques to code their creations. Sometimes it’s a matter of obfuscation, placement, injection,...
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
Today on The Day We Fight Back, companies are coming together to protest the NSA’s mass surveillance programs. CloudFlare is proud to be one of those compani...
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0....
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, a...
At CloudFlare, we're fiercely committed to an open internet. That's why we’re announcing a new app that lets you easily add to your website a banner from The...
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
Each day at CloudFlare is full of surprises. As it turns out, it takes a lot of work to stop massive attacks and to help make the web faster. Over the past ...
Over the past few years, the CloudFlare blog has covered a great range of different topics, drilling down into the technology we use to both protect websites...
Back in 2011, the BEAST attack on the cipher block chaining (CBC) encryption mode used in TLS v1.0 was demonstrated. At the time the advice of experts (inclu...
Earlier today, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security...
Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...
2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...
The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5. T...
Note: this post originally appeared as part of the 2013 PerfPlanet Calendar It’s common knowledge that domain sharding, where the resources in a web page are...
Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the...
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerabilit...
Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, pro...
Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive ...
attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random nu...
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I conn...
(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...
When I woke up this morning I had no idea I'd be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day— Rajiv Pant (@ra...
Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
Over the last week we've closely watched the disclosures about the alleged NSA PRISM program. At CloudFlare, we have never been approached to participate in...
Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...
[caption id=”attachment_156” align=”alignright” width=”300”] Image: Cloudflare[/caption]
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind - The Golden Gate Bridge. This year, however, the Bay Bridge is ...
You may have heard that Facebook took down a significant portion of the Internet today. A bug in their Facebook Connect script -- which is installed widely a...
CloudFlare is heading to Parallels Summit in Las Vegas on Monday, February 4th to Wednesday, February 6th. We look forward to meeting and reconnecting with ...
A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...
At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...
In early October we quietly announced our partnership with Parallels, a global leader in hosting, cloud services enablement and desktop virtualization. Para...
We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 m...
With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...
*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...
Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across ...
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspici...
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online ...
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...
As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you...
A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...
We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose...
<p>Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our...
<p>Distributed denial-of-service (DDoS) attacks can disrupt website traffic and impact any business. To help website owners and webmasters improve thei...
<p>SiteCheck is Sucuri’s free website malware and security scanner offered to anyone who wants to scan their websites for malware and blacklist status....
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
<p>If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popula...
<p>In the first post of this series, we talked about the practices that will optimize your site and increase its resilience to DDoS attacks. In the sec...
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
<p>What is Cross-Site Contamination?</p> Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it ...
<p>Have you included website security as a part of your new year’s resolutions for 2019?</p> Here is a quick retrospective on tips some of our te...
<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...
<p>The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewa...
<p>It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly i...
<p>Santa Claus is coming! Was your website naughty or nice this year?</p> Here is a quick checklist of the top 10 bad things that can harm your w...
<p>We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offer...
<p>Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or inclu...
<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...
<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...
<p>As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made availa...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...
<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...
<p>Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management s...
<p>Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills...
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...
<p>As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficul...
<p>When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the...
<p>For the second week of National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security p...
<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...
<p>Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site gene...
<p>This is the last post in our series on E-commerce Security:</p> Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store ...
<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...
<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...
<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...
<p>Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for Wor...
<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...
<p>In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part o...
<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...
<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...
<p>This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.</p> When redirected, users see an...
<p>Have you ever wondered if your website security posture is adequate enough?</p> The risk of having a website compromise is never going to be z...
<p>In the first post of this series, we talked about the practices that will optimize your site and increase your website’s resilience to DDoS attacks....
<p>Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compl...
<p>Recently, we came across another way to use files from GitHub repositories in malware infections.</p> This time the infections weren’t via Git...
<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...
<p>A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to user...
<p>If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code.</p> Thi...
<p>We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period).</p...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying w...
<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...
<p>Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vul...
<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...
<p>Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is do...
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens...
<p>Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following fi...
<p>Website security is challenging, especially when dealing with a large network of sites. That is why we have created a guide for web professionals an...
<p>Sucuri’s main objective is to make the internet a safer place for everyone. With that in mind, we created a Referral Program, which gives you the op...
<p>Have you ever wondered what happens if your e-commerce site is breached?</p> Usually, when you think about data breaches, you think about big ...
<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...
<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...
<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...
<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
<p>As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks...
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...
<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered t...
<p>We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily...
<p>Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These ...
<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
<p>In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as:...
<p>Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag...
<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject...
<p>Website security has crossed the mind of nearly every website owner. However, as a website security company, we know that most webmasters come to us...
<p>On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Form...
<p>You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity...
<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...
<p>When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions ...
<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...
<p>Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the...
<p>For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over ...
<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...
<p>We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with pers...
<p>Earlier this week we wrote about how to use command line tools to back up your website. Check our our previous article for details on how we create ...
<p>Creating website backups should be one of the most important recurring tasks for a website administrator, and yet backups are often forgotten when t...
<p>I have a website. Sweet! What happens next?</p> Well, it’s a natural question. I had a brilliant idea and purchased a domain name, but what do...
<p>If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contaminatio...
<p>PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications...
<p>We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Goog...
<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...
<p>Try to remember what you ate for lunch yesterday.</p> It took you about 3-5 seconds, right? Ok. Now recall that memory once more. Took you les...
<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...
<p>In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article w...
<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...
<p>A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all ...
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...
<p>In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to u...
In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with roots dating back mil...
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first...
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card...
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...
Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your...
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...
Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...
Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabi...
Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...
Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hacke...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker ...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by mos...
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirect...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
We’ve been writing a lot about E-Commerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and th...
The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...
In 2014 the total number of websites on the internet reached 1 billion, today it’s hovering somewhere in the neighborhood of 944 million due to websites goin...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more t...
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or...
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you...
We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
</a> Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have al...
Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do you re...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...
Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the ...
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller C...
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted ...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing i...
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mi...
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websi...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk i...
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can ...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because every...
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming mor...
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to dro...
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
Advisory for: WordPress WP eCommerce Plugin Security Risk: Medium (DREAD score : 6/10) Exploitation level: Easy/Remote Vulnerability: Information leak and ac...
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. Whil...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote comman...
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across ...
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...
<p>Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our...
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...
<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...
<p>We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigatio...
<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...
<p>Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious script...
<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...
<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...
<p>Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for Wor...
<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...
<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...
<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...
<p>This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.</p> When redirected, users see an...
<p>Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection invol...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject...
<p>As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist...
<p>Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time...
<p>Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs ...
<p>Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The ...
<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...
<p>A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In re...
<p>On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Form...
<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...
<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...
<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...
<p>Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Se...
<p>A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in...
<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
<p>Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session...
<p>We’ve been watching a specific WordPress infection for several months and would like to share details about it.</p> The attacks inject malicio...
<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...
<p>Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many host...
<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot...
<p>We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability.</p> These RCE at...
<p>During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular Add...
<p>WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF ne...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain a...
<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...
<p>As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates di...
<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...
<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...
<p>When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean...
<p>Remediating over 500 infected sites per day, we see attacks executed at varying levels of complexity. The tactics attackers use to compromise a site...
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even websi...
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...
Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on WordPress support ...
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...
Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display unwanted ...
Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security componen...
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clie...
For the last few days, we have noticed an increasing number of websites infected without any outdated plugin or known vulnerability. In most cases it was a p...
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March...
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...
Today, we are sharing some tips from Social Media Examiner on How to Improve your Social Media Ad Campaign. I hope it helps! 5 Tips to Improve Your Social Me...
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Ev...
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker ...
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...
Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team releas...
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-par...
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not ...
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure ...
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are m...
Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or f...
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injecti...
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...
Advisory for: Pagelines and Platform Themes Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / ...
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing i...
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mi...
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websi...
We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote Fi...
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation an...
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which execute...
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because every...
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update t...
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that messa...
Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...
In this day and age, connecting with other people, group, community is so easy. Finding the best group however can be tricky. So here are 20 Best Wordpress F...
This tutorial doesn’t just teach you how to add a link in your posts but also on pages, text widgets, navigation menus, and more. How great is that?! What ar...
Wikipedia defines analytics as the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information, a...
Source: WPBeginner
Adding an old post notification can help readers identify which posts are still relevant specially for websites that belong to a fast paced industry. I’m tal...
Have you ever wanted to add a custom CSS in your site? You should be able to do it like a pro with these simple tips. How to Easily Add Custom CSS to Your Wo...
Elegant Themes again provides us with another checklist of things to do after installing Wordpress. This list will “make sure your site is set-up and working...
Remembering your Wordpress login URL is easy peasy.
Want to know how to edit those post thumbnails? This article from WPBeginner will teach you the trick! How to Crop and Edit WordPress Post Thumbnails Are you...
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure ...
The free trial is a common SaaS marketing strategy. According to Totango, 44% of SaaS companies offer a free trial. But the strategy is only as good as how f...
by Brenda Barron
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...
By Jenni McKinnon Is your bounce rate high? Are users leaving your site after reading just one post? Encouraging people to stick around and browse your site ...
by Brenda Barron
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Naming your databases allows you to determine which database is for which site. Aside from that, it is also an added protection from hackers. Here are the si...
Introducing Bloom — The Ultimate Email Opt-In Plugin For WordPress Has Arrived! by Nick Roach
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are m...
This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...
Let’s face it, we hate memorizing let alone remembering those long website addresses. Good thing we can now shorten those long addresses and track it! Here’s...
Do you want to reach more people or customers? Why not make your website multilingual? The article that we’re sharing today will guide you how to do that. Ho...
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If yo...
Before anything else, let us greet you a Happy New Year!
Ever wanted to update the featured images in your site in one go? Assign images in all your posts? This plugin is the answer.
Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can ...
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silentl...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulner...
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies ...
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is a...
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to ...
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly inj...
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was jus...
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other fake stores?...
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attack...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
[caption id=”attachment_156” align=”alignright” width=”300”] Image: Cloudflare[/caption]
A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...
<p>In the first post of this series, we talked about the practices that will optimize your site and increase its resilience to DDoS attacks. In the sec...
<p>What is Cross-Site Contamination?</p> Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it ...
<p>The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewa...
<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...
<p>In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part o...
<p>In the first post of this series, we talked about the practices that will optimize your site and increase your website’s resilience to DDoS attacks....
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...
<p>If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of pr...
<p>Have you ever wondered what WAF means?</p> WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your...
<p>HTTPS is a hot topic among online marketers and SEO professionals who understand the future of the web needs to be more secure. Not just for the goo...
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
<p>Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope ...
<p>The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there i...
<p>In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article w...
<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...
<p>A few months ago, we posted an article about the difference between IPv4 and IPv6. Our research team has expanded on those findings with additional ...
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
IPv6 usage has been growing very slowly through the last 10 to 15 years. Since mid-2015 it started to pick up and increase adoption at a rapid pace. Google, ...
The need to make better sense of markets is paramount to the way businesses are run and decisions are made. We see this with the proliferation of online serv...
Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...
Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...
ImageMagick is a popular software used to convert, edit and manipulate images. It has libraries for all common programming languages, including PHP, Python, ...
Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We’ve seen Goog...
Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you r...
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from di...
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already support...
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most li...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or...
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing i...
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can ...
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which execute...
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as imme...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. Whil...
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a S...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...
<p>The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues.</p> Included ...
<p>As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist...
<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...
<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....
<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their ...
<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...
For the last few days, we have noticed an increasing number of websites infected without any outdated plugin or known vulnerability. In most cases it was a p...
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highl...
Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team releas...
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by mos...
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirect...
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it c...
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more t...
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are m...
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or f...
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injecti...
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the ...
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
Advisory for: Pagelines and Platform Themes Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / ...
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further invest...
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mi...
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websi...
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched only J...
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote Fi...
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation an...
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which execute...
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...
Advisory for: WordPress WP eCommerce Plugin Security Risk: Medium (DREAD score : 6/10) Exploitation level: Easy/Remote Vulnerability: Information leak and ac...
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as imme...
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. Whil...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update t...
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspici...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...
<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...
<p>Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compl...
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject...
<p>A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytic...
<p>Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs ...
<p>Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The ...
<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...
<p>A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In re...
<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...
<p>We’ve been watching a specific WordPress infection for several months and would like to share details about it.</p> The attacks inject malicio...
<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...
<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...
<p>During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular Add...
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
<p>With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few c...
<p>With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have bee...
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clie...
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where a...
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x th...
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk i...
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more ...
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infect...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks s...
We’re very excited to finally talk about a partnership that’s been in the works for a few months and in light of the serious nature of the Security in the Wo...
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot ...
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...
This morning as I was logging into various social networks I was presented with a popup with “XSS on Tweet Deck.” This obviously set every hair on my neck on...
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of se...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden ifra...
Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...
A few weeks back we reported on very large Layer 7 DDOS attacks within the WordPress ecosystem. Today we decided to provide you a little illustration of what...
We’ve been scanning and removing malware from websites for years, and in this time frame we have seen the website security domain grow by leaps and bounds. O...
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
We deal with different types of malware injections and compromises everyday and the most common question our clients ask us is, “Why me? Why my small little ...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, ...
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
It’s always fun to watch malware developers using different techniques to code their creations. Sometimes it’s a matter of obfuscation, placement, injection,...
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...
Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We’ve seen Goog...
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...
This tutorial doesn’t just teach you how to add a link in your posts but also on pages, text widgets, navigation menus, and more. How great is that?! What ar...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...
The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across ...
In 2014 the total number of websites on the internet reached 1 billion, today it’s hovering somewhere in the neighborhood of 944 million due to websites goin...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...
Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...
I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted ...
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those web...
We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk i...
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can ...
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming mor...
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download...
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that messa...
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
This tutorial doesn’t just teach you how to add a link in your posts but also on pages, text widgets, navigation menus, and more. How great is that?! What ar...
Are you looking into retargeting ads on Facebook? Do you want to install Facebook’s remarketing/retargeting pixel in WordPress? This article from WPBeginner ...
Here’s another tutorial from WPBeginner. How to Rollback WordPress Plugins (Version Control for Beginners) Have you ever updated a WordPress plugin only to r...
via WPMUDEV We tried coming up with a more exciting name for Custom Sidebars but what else do you call a plugin that gives you custom sidebars? Or more speci...
Adding an old post notification can help readers identify which posts are still relevant specially for websites that belong to a fast paced industry. I’m tal...
Want to beautify the appearance of your email templates? I suggest you read on! How to Add Beautiful Email Templates in WordPress Do you want to change the a...
Email subscription is a great way to keep your customer’s updated. The article from WP Beginner that we’re sharing today discusses Email Subscriptions.
Here’s another dose of How To’s from WPBeginner. Enjoy!
Administrator Editor Author Contributor Subscriber You can give different permissions to different user roles on your Wordpress site. The article that...
Are you looking to add a donate button on your WordPress site?
Do you want to display multiple blog or posts on multiple pages of your site?
Remembering your Wordpress login URL is easy peasy.
Want to know how to edit those post thumbnails? This article from WPBeginner will teach you the trick! How to Crop and Edit WordPress Post Thumbnails Are you...
by Brenda Barron
Sprint has been pledging to support WiFi calling for ages, and now that iOS 8.3 has been released , they have finally made good on their word. It doesn't get...
Naming your databases allows you to determine which database is for which site. Aside from that, it is also an added protection from hackers. Here are the si...
If you want details for the not-so-obvious tweaks that you can do for the following, I suggest you read the full article here.
With new tools it is easier to reach your customers and readers through email. Gone are the days where you send emails manually. The article we’re sharing to...
This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...
Let’s face it, we hate memorizing let alone remembering those long website addresses. Good thing we can now shorten those long addresses and track it! Here’s...
Do you want to reach more people or customers? Why not make your website multilingual? The article that we’re sharing today will guide you how to do that. Ho...
In this article, the following concerns below will be tackled; What is HTTPS and SSL? Why do you need HTTPS and SSL? Requirements for using HTTPS and SSL...
Don’t have any idea what Google Webmaster tools can do for you? Here is a good article from Elegant Themes that explains the things that you need to know. Ho...
Here is another trick that you can add in you arsenal. How to Block a WordPress User Without Deleting Their Account
Showing the most commented posts on your site allows you to know which topic attracts most people to your site. We hope you find this tutorial from WPBeginne...
Have you noticed that most popular sites like Facebook, Twitter, etc allow users to log in with email or their username? Want to add the same functionality o...
Website security is a major concern nowadays. It is best to keep your site’s plugins and security software up to date. Here is another plugin that you can ad...
Ever wanted to update the featured images in your site in one go? Assign images in all your posts? This plugin is the answer.
“We should rename SEO indicate relevance,” says Andy @Crestodia, the content chemist.”
I am a frustrated writer.
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...
<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...
<p>One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet,...
<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...
<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...
<p>Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their ...
<p>Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability.</p> As we’ve see...
<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolv...
We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren’t...
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from...
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Ev...
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...
The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticate...
As Joomla prepares to celebrate its 10 year anniversary, we want to be certain to join in the festivities. Why? Because open source platforms allow individua...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched only J...
We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into ...
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because every...
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
In this day and age, connecting with other people, group, community is so easy. Finding the best group however can be tricky. So here are 20 Best Wordpress F...
Wikipedia defines analytics as the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information, a...
Source: WPBeginner
Today, we are sharing some tips from Social Media Examiner on How to Improve your Social Media Ad Campaign. I hope it helps! 5 Tips to Improve Your Social Me...
If you’re a heavy AirPlay user, and you use older hardware such as the original AirPort Express, you may want to hold off on the latest iTunes update. Screen...
When the Rolling Stones covered “Time is On My Side” by Kai Winding in 1964, they clearly didn’t foresee a world where we’d be fighting so hard to maintain ...
Have you ever wanted to add a custom CSS in your site? You should be able to do it like a pro with these simple tips. How to Easily Add Custom CSS to Your Wo...
Want to beautify the appearance of your email templates? I suggest you read on! How to Add Beautiful Email Templates in WordPress Do you want to change the a...
Elegant Themes again provides us with another checklist of things to do after installing Wordpress. This list will “make sure your site is set-up and working...
What is personal branding?
Having a website requires maintenance and constant updates. Here are some maintenance tasks to perform in your site as suggested by Elegant Themes. Backup ...
For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...
Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...
The free trial is a common SaaS marketing strategy. According to Totango, 44% of SaaS companies offer a free trial. But the strategy is only as good as how f...
By Jenni McKinnon Is your bounce rate high? Are users leaving your site after reading just one post? Encouraging people to stick around and browse your site ...
I have a LinkedIn account and just like the author of the article I’m not paying much attention to it. But after reading his post, I am now considering to be...
by Brenda Barron
If you want details for the not-so-obvious tweaks that you can do for the following, I suggest you read the full article here.
With new tools it is easier to reach your customers and readers through email. Gone are the days where you send emails manually. The article we’re sharing to...
Introducing Bloom — The Ultimate Email Opt-In Plugin For WordPress Has Arrived! by Nick Roach
Let’s face it, we hate memorizing let alone remembering those long website addresses. Good thing we can now shorten those long addresses and track it! Here’s...
The article that we’re sharing today tackles how you can use Wordpress for your Marketplace. You’ll learn the difference between eCommerce store and a Market...
This is for all the Web Developers out there! Both free and paid code editors are discussed in the article. Some of them are: Atom UltraEdit Sublime Tex...
Some users trying to access their WordPress admin panel have found that Google Chrome seemingly auto-fills their password. Hooray for technology! But once th...
Survey Questions That Work: How to Unlock Your Customers’ Deepest Desires How well do you know your customers and their needs? And, how well do you meet thos...
A new take on those symbols! 8 Keys to Creating More Meaningful Content by Barry Feldman Hello ! @ # $ % ^ & * I was staring at my keyboard when I got ...
by Rachel McColli
Before anything else, let us greet you a Happy New Year!
Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...
<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...
<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...
<p>We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigatio...
<p>Recent statistics show that over 32% of website administrators across the web use WordPress.</p> Unfortunately, the CMSs popularity comes at a...
<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...
<p>Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for Wor...
<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...
<p>This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.</p> When redirected, users see an...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject...
<p>On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Form...
<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...
<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...
<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....
<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain a...
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clie...
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where a...
For the last few days, we have noticed an increasing number of websites infected without any outdated plugin or known vulnerability. In most cases it was a p...
For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...
By Jenni McKinnon Is your bounce rate high? Are users leaving your site after reading just one post? Encouraging people to stick around and browse your site ...
Before anything else, let us greet you a Happy New Year!
Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...
<p>If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popula...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...
<p>When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the...
<p>It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if yo...
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
<p>Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs ...
<p>As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are craf...
<p>A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in...
<p>We’ve been watching a specific WordPress infection for several months and would like to share details about it.</p> The attacks inject malicio...
<p>One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet,...
<p>During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular Add...
<p>When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain a...
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...
<p>With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have bee...
<p>Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware.</p> The malware creates doorways for h...
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even websi...
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads...
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting invest...
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot ...
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across ...
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspici...
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online ...
A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...
<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
<p>For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over ...
<p>Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including...
<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...
<p>We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Goog...
<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
<p>As a business owner, the last thing you want is for a potential customer to search Google for your business and find a lewd image.</p> The way...
<p>One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped wi...
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even websi...
Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...
We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...
<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...
<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...
<p>Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious script...
<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...
<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...
<p>This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.</p> When redirected, users see an...
<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...
<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...
<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
<p>On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Form...
<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...
<p>Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to re...
<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...
<p>When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain a...
<p>A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all ...
<p>From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malw...
<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...
<p>When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean...
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolv...
We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren’t...
Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker ...
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure ...
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or...
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we...
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing i...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a S...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote comman...
<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...
<p>News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? Th...
<p>Try to remember what you ate for lunch yesterday.</p> It took you about 3-5 seconds, right? Ok. Now recall that memory once more. Took you les...
<p>In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article w...
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March...
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from di...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we...
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which t...
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most...
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it c...
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted ...
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote Fi...
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation an...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’...
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to ...
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to uploa...
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was jus...
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escala...
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attack...
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4...
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0....
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5. T...
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerabilit...
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online ...
<p>We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offer...
<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...
<p>Have you ever wondered if your website security posture is adequate enough?</p> The risk of having a website compromise is never going to be z...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...
<p>We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the iss...
<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where a...
In this post we’ll show you the tactics employed by the realstatistics malware campaign to make their injections seem less suspicious. The injection looks li...
When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...
Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...
Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot ...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
<p>What is Cross-Site Contamination?</p> Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it ...
<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...
<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...
<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...
<p>Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. ...
<p>Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session...
<p>Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website securit...
<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...
Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on WordPress support ...
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x th...
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting invest...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last 2 weeks ( codenamed “Realstatistics”). This campaign has compromis...
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller C...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Google Blacklisting – Soa...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to dro...
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting invest...
The Quantum Threat
<p>At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliabil...
<p>Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has...
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg...
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that tw...
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version...
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it...
Free and performant encryption to the origin for CloudFlare customers
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your...
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...
If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the f...
A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
<p>Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The ...
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
<p>In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulleti...
<p>Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot...
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x th...
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...
Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you r...
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...
Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...
Every once in a while we get a glimpse into rare and strange behavior that doesn’t involve the website being hacked, but causes major problems for website ow...
Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...
Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those web...
We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming mor...
<p>Today, December 25th, Cloudflare offices around the world are taking a break. From San Francisco to London and Singapore; engineers have retreated h...
<p>As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network ge...
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...
Ben Sadeghipour, Technical Account Manager, HackerOne, and Katie Moussouris, Founder & CEO, Luta Security
The Quantum Threat
Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...
A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are...
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...
<p>As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist...
<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...
<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....
<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
<p>From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malw...
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highl...
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...
<p>In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part o...
<p>Have you ever had to sign up for a new account, but once the time came to create a password, your spirits dropped a little? It’s hard enough to reme...
<p>Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make t...
<p>This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic appr...
<p>In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to ...
<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...
<p>In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the wo...
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card...
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 m...
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’...
Advisory for: Akeeba for Joomla! Security Risk: Low Exploitation level: Difficult/Remote Vulnerability: Access control bypass If you’re a user of the very po...
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0....
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...
These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s n...
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirect...
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not ...
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it c...
Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
Defacements are the most visual and obvious hack that a website can suffer from. They also come parcelled with their own exquisite sense of dread. Nothing gi...
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as imme...
Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...
<p>The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla re...
Free and performant encryption to the origin for CloudFlare customers
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your...
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...
A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are...
(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...
What if we told you that a compromised website has the ability to hack your home router? Yesterday we were notified that a popular newspaper in Brazil (polit...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It ...
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden ifra...
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...
<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...
<p>After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your...
<p>In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulleti...
<p>One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet,...
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which t...
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...
Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of se...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are ...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, ...
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most...
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...
Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a S...
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which t...
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, ...
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most...
<p>Have you ever wondered if your website security posture is adequate enough?</p> The risk of having a website compromise is never going to be z...
<p>Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the...
<p>In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article w...
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most li...
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is a...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...
<p>Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. ...
<p>Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including...
<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highl...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...
<p>For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over ...
<p>We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Goog...
<p>One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped wi...
<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even websi...
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...
This tutorial doesn’t just teach you how to add a link in your posts but also on pages, text widgets, navigation menus, and more. How great is that?! What ar...
Adding an old post notification can help readers identify which posts are still relevant specially for websites that belong to a fast paced industry. I’m tal...
Email subscription is a great way to keep your customer’s updated. The article from WP Beginner that we’re sharing today discusses Email Subscriptions.
Remembering your Wordpress login URL is easy peasy.
Want to know how to edit those post thumbnails? This article from WPBeginner will teach you the trick! How to Crop and Edit WordPress Post Thumbnails Are you...
Naming your databases allows you to determine which database is for which site. Aside from that, it is also an added protection from hackers. Here are the si...
This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...
Let’s face it, we hate memorizing let alone remembering those long website addresses. Good thing we can now shorten those long addresses and track it! Here’s...
Ever wanted to update the featured images in your site in one go? Assign images in all your posts? This plugin is the answer.
<p>Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our...
<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...
<p>Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Se...
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
<p>As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates di...
by Brenda Barron
In this day and age, connecting with other people, group, community is so easy. Finding the best group however can be tricky. So here are 20 Best Wordpress F...
Wikipedia defines analytics as the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information, a...
Source: WPBeginner
Today, we are sharing some tips from Social Media Examiner on How to Improve your Social Media Ad Campaign. I hope it helps! 5 Tips to Improve Your Social Me...
Have you ever wanted to add a custom CSS in your site? You should be able to do it like a pro with these simple tips. How to Easily Add Custom CSS to Your Wo...
Elegant Themes again provides us with another checklist of things to do after installing Wordpress. This list will “make sure your site is set-up and working...
Having a website requires maintenance and constant updates. Here are some maintenance tasks to perform in your site as suggested by Elegant Themes. Backup ...
For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...
The free trial is a common SaaS marketing strategy. According to Totango, 44% of SaaS companies offer a free trial. But the strategy is only as good as how f...
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other fake stores?...
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
<p>What is Cross-Site Contamination?</p> Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it ...
<p>Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a ...
<p>We’ve been watching a specific WordPress infection for several months and would like to share details about it.</p> The attacks inject malicio...
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those web...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
Photo by Niko Soikkeli / Unsplash The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to prov...
<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clie...
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads...
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x th...
When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...
Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by mos...
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
“We should rename SEO indicate relevance,” says Andy @Crestodia, the content chemist.”
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming mor...
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...
<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...
<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to dro...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks s...
I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website securit...
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because every...
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as imme...
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies ...
<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...
<p>In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as:...
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...
For the last few days, we have noticed an increasing number of websites infected without any outdated plugin or known vulnerability. In most cases it was a p...
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerabilit...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to ...
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly inj...
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It ...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, a...
<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...
We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting invest...
<p>Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including...
<p>Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot...
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...
The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability on VBSEO. VBSEO is widely used SEO module for vBulle...
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4...
The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5. T...
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...
Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your...
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to v...
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you...
</a> Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have al...
Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do you re...
<p>Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a ...
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...
<p>Enabling anonymous access to the web with privacy-preserving cryptography</p>
A game-changer
As we’ve previously discussed on this blog, Cloudflare has been challenging for years the constitutionality of the FBI’s use of national security letters (NS...
Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to...
<p>Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has...
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it...
A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are...
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I conn...
<p>I have a weird setup. I type in Dvorak. But, when I hold ctrl or alt, my keyboard reverts to Qwerty.</p>
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thou...
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, a...
Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...
Before anything else, let us greet you a Happy New Year!
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escala...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which t...
A few weeks ago, while enjoying a fine lunch on a bright sunny day in Southern California, our researcher and marketing teams found themselves across the tab...
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already support...
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across ...
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update t...
Introducing Bloom — The Ultimate Email Opt-In Plugin For WordPress Has Arrived! by Nick Roach
This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...
Before anything else, let us greet you a Happy New Year!
Ever wanted to update the featured images in your site in one go? Assign images in all your posts? This plugin is the answer.
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, a...
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, ...
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silentl...
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4...
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It ...
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...
Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabi...
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escala...
We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...
I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website securit...
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...
Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. Th...
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to ...
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to uploa...
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silentl...
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by mos...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies ...
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the ...
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If yo...
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulner...
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirect...
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
Lifehacker New Android Flaw Lets Hackers Into Your Phone With Just a Text
Here’s a great write up over at the Elegant Themes Blog - definitely worth a quick scan for anyone that routinely uses WordPress.
This article seems like a timely one to share and commiserate with folks today. If you’re ok with digitizing your life - some folks are and others certainly...
Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...
Cole Crawford, Founder & CEO, Vapor IO, and Chaitali Sengupta, Consultant, Qualcomm Datacenter Technologies
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across ...
We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 m...
With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...
We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 m...
With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...
At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...
At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...
<p>At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliabil...
A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...
Wikipedia defines analytics as the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information, a...
Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...
Free and performant encryption to the origin for CloudFlare customers
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I conn...
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks s...
The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5. T...
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are ...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks s...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
<p>Enabling anonymous access to the web with privacy-preserving cryptography</p>
Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of se...
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download...
Advisory for: Akeeba for Joomla! Security Risk: Low Exploitation level: Difficult/Remote Vulnerability: Access control bypass If you’re a user of the very po...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote comman...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...
I have a LinkedIn account and just like the author of the article I’m not paying much attention to it. But after reading his post, I am now considering to be...
Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...
Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...
Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...
*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...
With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...
We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 m...
At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...
A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind - The Golden Gate Bridge. This year, however, the Bay Bridge is ...
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind - The Golden Gate Bridge. This year, however, the Bay Bridge is ...
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind - The Golden Gate Bridge. This year, however, the Bay Bridge is ...
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind - The Golden Gate Bridge. This year, however, the Bay Bridge is ...
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...
Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...
Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...
Over the last week we've closely watched the disclosures about the alleged NSA PRISM program. At CloudFlare, we have never been approached to participate in...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
When I woke up this morning I had no idea I'd be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day— Rajiv Pant (@ra...
(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...
(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I conn...
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I conn...
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerabilit...
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerabilit...
2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...
2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most...
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thou...
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thou...
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thou...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are ...
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attack...
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escala...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of se...
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other fake stores?...
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was jus...
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was jus...
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly inj...
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulner...
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silentl...
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’...
What if we told you that a compromised website has the ability to hack your home router? Yesterday we were notified that a popular newspaper in Brazil (polit...
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update t...
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a S...
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...
I am a frustrated writer.
I am a frustrated writer.
I am a frustrated writer.
“We should rename SEO indicate relevance,” says Andy @Crestodia, the content chemist.”
“We should rename SEO indicate relevance,” says Andy @Crestodia, the content chemist.”
Ever wanted to update the featured images in your site in one go? Assign images in all your posts? This plugin is the answer.
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...
Do you want to reach more people or customers? Why not make your website multilingual? The article that we’re sharing today will guide you how to do that. Ho...
Let’s face it, we hate memorizing let alone remembering those long website addresses. Good thing we can now shorten those long addresses and track it! Here’s...
Introducing Bloom — The Ultimate Email Opt-In Plugin For WordPress Has Arrived! by Nick Roach
Introducing Bloom — The Ultimate Email Opt-In Plugin For WordPress Has Arrived! by Nick Roach
With new tools it is easier to reach your customers and readers through email. Gone are the days where you send emails manually. The article we’re sharing to...
With new tools it is easier to reach your customers and readers through email. Gone are the days where you send emails manually. The article we’re sharing to...
Naming your databases allows you to determine which database is for which site. Aside from that, it is also an added protection from hackers. Here are the si...
by Brenda Barron
I have a LinkedIn account and just like the author of the article I’m not paying much attention to it. But after reading his post, I am now considering to be...
The free trial is a common SaaS marketing strategy. According to Totango, 44% of SaaS companies offer a free trial. But the strategy is only as good as how f...
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
Having a website requires maintenance and constant updates. Here are some maintenance tasks to perform in your site as suggested by Elegant Themes. Backup ...
What is personal branding?
What is personal branding?
Email subscription is a great way to keep your customer’s updated. The article from WP Beginner that we’re sharing today discusses Email Subscriptions.
Elegant Themes again provides us with another checklist of things to do after installing Wordpress. This list will “make sure your site is set-up and working...
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
If you’re a heavy AirPlay user, and you use older hardware such as the original AirPort Express, you may want to hold off on the latest iTunes update. Screen...
<p>Cloudflare helps make over 6 million websites faster and more secure. In doing so, Cloudflare has a vast and diverse community of users throughout t...
social media
How to Create a Social Media Marketing Plan
less than 1 minute read
Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...