Tag Archives: website firewall

Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone

Last year we partnered and sponsored the LetsEncrypt initiative. Today we’re happy to announce that we have fully integrated with them and we are now offering their free SSL Certificates to all customers who leverage the Sucuri Firewall. We’re very excited about this integration and we have mass-enabled their certificates for all of our customers that didRead More Info »

The Risks of Hiring a Bad SEO Company

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO). We recently received a report from one our clients claiming that their website was experiencing a DistributedRead More Info »

Increased Popularity in DDoS Extortion Campaigns

Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different cyber crime groups, including DD4BC, Armada Collective and a few more unnamed ones. These DDoS extortion attempts are starting to exploit smaller websites that may be less able to defendRead More Info »

Malicious Google Analytics Referral Spam

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems. If you use analytics software on yourRead More Info »

Security Advisory: Object Injection Vulnerability in WooCommerce

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version:  2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server. Are you at risk? The vulnerability is onlyRead More Info »

Website Firewall – Critical Microsoft IIS vulnerability (MS15-034)

Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or Remote Code Execution (RCE) on unpatched Windows servers. An attacker only needs to send a specially crafted HTTP request with the right header to exploit it. That’s how serious it is. RCE  is usedRead More Info »