Tag Archives: Website Security

New Non-HTTPS Websites Blacklisted for Phishy Password Practices

We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that attempts to trick users into revealing sensitive information. For the past couple of months we have noticed that the number of websites blacklisted with Deceptive Content warnings has increased for More Info »

The Principle of Least Privilege

If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture. This principle is about: Using the minimal set of privileges on a system in order to perform an action. Granting More Info »

The Story of an Expired WHOIS Server

We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into the WHOIS results for a domain name. If you are not familiar with “WHOIS“, it is a protocol used to check who owns a specific domain name. These simple text More Info »

Website Application Firewalls (WAF) – Practical Approach to Website Security

In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate between the types of firewalls they might encounter. Today, I will shift my focus specifically to website application firewalls (WAF). WAFs are not new, but More Info »

Injection of Unwanted Google AdSense Ads

During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It’s not More Info »

Hacked Website Report – 2016/Q3

Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of over 8,000 infected websites. This More Info »

Website Malware Targets Mobile Platforms

Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility of harmful mobile malware. The increase in mobile internet browsing has prompted attackers to adapt their techniques, targeting mobile-specific platforms and distributing spam and More Info »