Tag Archives: Joomla! Security

Return to the City of Cron – Malware Infections on Joomla and WordPress

We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites This More Info »

.htaccess Injector on Joomla and WordPress Websites

During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website, injected into all .htaccess files and redirecting visitors to the http[:]//portal-f[.]pw/XcTyTp advertisement website. Taking a Look at the .htaccess Injector Code Below is the code within the ./modules/mod_widgetread_twitt/ index.php file More Info »

Hacked Website Trend Report – 2017

We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented stems from the analysis of 34,371 infected websites summarizing the More Info »

Cryptominers on Hacked Sites – Part 2

Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of the website owners. We reviewed two types of infections that affected WordPress and Magento sites, and have been monitoring the malicious use of the CoinHive More Info »

SQL Injection Vulnerability in Joomla! 3.7

During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site. Are You at Risk? The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. If you use this version, you More Info »

Hacked Website Report – 2016/Q3

Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of over 8,000 infected websites. This More Info »

New Guide on How to Fix Hacked Joomla! Sites

Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! More Info »

Spotlight: How Big Spring Secures Joomla!

Big Spring Web Development understands the responsibility to their clients extends beyond creating a functional and attractive website. Security and stability are critical components of any online presence. The company is one of only a select few agencies in the UK that partners with WP Engine. Through this, Big Spring has solidified its position as More Info »