Tag Archives: Website Security

Sucuri’s 10th Anniversary

It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the birth of the brand as it represents the day when the open-source project secured its name. The first Sucuri service was originally called NBIM (Network Based Integrity Monitoring). Sucuri intended More Info »

PCI for SMB: Requirement 12 – Maintain an Information Security Policy

Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and More Info »

ThinkPHP 5.x Remote Code Execution

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig In December 2018, a working exploit was released for the versions v5.0.23 and More Info »

From .tk Redirects to PushKa Browser Notification Scam

In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago) found in a variety of outdated themes and plugins. However, it also adds new vulnerabilities as soon as they are disclosed—like the recent Social Warfare More Info »

Attacks on Closed WordPress Plugins

The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively monitoring the WordPress plugin repository, paying close attention to these closed plugins. This may result in massive attacks if the attacker is able to identify the More Info »

DDoS Targeting WordPress Search

Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search traffic that Google does? Search engines play an important role on the internet and with how websites perform. One may say that they are the actual doorway to the online More Info »

Malware Campaigns Sharing Network Resources: r00ts.ninja

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave. Mass Infection of WordPress Websites The latest Easy More Info »

How to Choose a Website Security Provider

As more people are creating websites and becoming aware of website security, companies are popping up everywhere to help with the problem. And just like website security plugins, not all website security services are created equal. Here at Sucuri, we believe that you should do your website security comparison research so you know the options available More Info »