This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being able to load certain content – usually a phishing page or a malicious download. if(preg_match(‘/bot|crawler|spider|facebook|alexa|twitter|curl/i’, $_SERVER[‘HTTP_USER_AGENT’])) { logger(“[BOT] {$_SERVER[‘REQUEST_URI’]} – 500”); header(‘HTTP/1.1 500 Internal Server More Info »
Tag Archives: Redirects
Spox Phishing Kit Harvests Chase Bank Credentials
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in compressed files, such as .zip archives, and contain the entire file infrastructure needed to operate a phishing page. Once a kit is uploaded to a More Info »
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization. Massive local file inclusion (LFI) attempts have been discovered attempting to harvest WordPress and Magento credentials. Attackers continue to More Info »
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate Authenticated SQL Injection 5.8.4 40000 Brizy – Page Builder Improper Access Controls 1.0.126 60000 Careerfy Unauthenticated XSS 3.9.0 5000 SportsPress More Info »
Evasion Tactics in Hybrid Credit Card Skimmers
The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers. Though popular with bad actors, one of the drawbacks of this approach is that it’s possible to track requests to suspicious servers if More Info »
Understanding & Stopping Malicious Redirects
Many website owners don’t know they’re infected with malicious redirects until they start getting calls from wary customers. Instead of the site they were expecting, it loaded some pretty shady content from the nether reaches of the internet. Malicious redirects are caused by hackers injecting scripts into infected sites that send visitors to destinations where More Info »
Steam Phishing Campaign Uses CS:GO Skin Gambling Lure
Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging from Runescape to Fortnite. These games run on their own clients — so stealing More Info »
YouTube Account Recovery Phishing
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators. Phishing Behavior The phishing campaign, which was initially discovered on a compromised WordPress website, is made up of two pages More Info »
Phishing Campaign Targets Poste Italiane & SMS OTP Verification
When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action. For example, in September 2019 the EU directive PSD2 went into effect (with some parts delayed until the end of 2020). This More Info »
Multi-Step Phishing Kit Targeting Credit Union
Phishing attacks can come in all shapes and sizes. Posing a serious threat to industries large and small, phishing campaigns are the fraudulent attempt to obtain sensitive personal information or login details to gain unauthorized access to accounts to make fraudulent purchases. These malicious attempts to lure victims are often done by masquerading as a More Info »
