Tag Archives: Website Security

PHP Binary Downloader

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents. In this malware dropper file we recently found on a compromised website, the attacker chose to create More Info »

PHP Backdoor Obfuscated One Liner

In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the malicious behavior we’ve seen recently on compromised websites. Obfuscated PHP Backdoor Discovered by our Remediation team, More Info »

Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0 – Arbitrary File Upload 7.0.5 70000 Real Estate 7 Reflected XSS 3.0.4 8000 CarePlus Reflected XSS — 5000 WooCommerce Subscriptions Unauthenticated Stored XSS 2.6.3 10000 More Info »

SEO Hacktool: Sitemap Generator

An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has a large number of pages that were recently updated and the owner wants Google to index their latest content, they could utilize a sitemap.xml containing More Info »

Skimmers in Images & GitHub Repos

MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our More Info »

Malicious Magento User Creator

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company. The script is simple but very effective and can easily be overlooked as another Magento file without closer inspection. It’s based on a sample More Info »

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities. Unwanted Advertisements The malicious plugin can be used by the attacker More Info »

Web Professional Security Survey 2020

According to recent statistics, the web design industry in the United States is now worth more than $40 billion each year. It’s why our annual survey of agencies and web pros is so eagerly anticipated — and we hope you’ll participate in the Sucuri Web Professional Security Survey 2020. If you provide services like website More Info »