My WordPress Website Was Hacked

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hosting companies. From Virtual Private Servers (VPS) to shared environments, to managed environments. In most instances we pay and configure them like any other consumer would so that we aren’t given any special treatment.

Honey Pot Systems are decoy servers or systems set up to gather information regarding an attacker or intruder into your system… A Honey Pot system is set up to be easier prey for intruders than true production systems but with minor system modifications so that their activity can be logged or traced. The general thought is that once an intruder breaks into a system, they will come back for subsequent visits. During these subsequent visits, additional information can be gathered and additional attempts at file, security and system access on the Honey Pot can be monitored and saved. – SANS

Our goal is simple; we want to better understand the dynamic nature of website security and continue to analyze and interpret attackers’ intentions. Having live sites that we allow to get hacked also keeps us sharp in terms of how we respond to these intrusions and, if we’re being completely honest, helps us to better understand the emotions that a website owner, like yourself, might go through. Between you and I though, it really gets us excited.. almost as excited as a spider when they feel their web vibrating as their prey struggles to free itself.. but I digress..

Sucuri - My Website was Hacked - Defacement

Sucuri – My Website was Hacked – Defacement



Read More

Security Advisory – Akeeba Backup for Joomla!

Advisory for: Akeeba for Joomla! Security Risk: Low Exploitation level: Difficult/Remote Vulnerability: Access control bypass If you're a user of the very popular “Akeeba Backup for Joomla!” extension (with over 8m downloads), you need to upd
Read More

Thoughts on WordPress Security and Vulnerabilities

crossword2-146860_640

As avid readers of this blog know, we've discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet and Custom Contact Forms drove the bulk of
Read More

Website Malware: Mobile Redirect to BaDoink Porn App Evolving

php_prepend1

Recently, we wrote about a malware redirection on this blog where the malware was causing compromised sites to redirect their visitors to pornographic content (specifically, the BaDoink app). You can read more about what we found by going to our
Read More

Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin

Sucuri - Custom Contact Form - Critical Vulnerability

If you're a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no
Read More

WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical

Sucuri - Security Triad

Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies in the XML entity expansion parser that can cause CPU and memory exhaustion and the site's
Read More

Website Security Analysis: A “simple” piece of malware

fake_blogroll6

For regular readers of this blog, there is one constant that pops up over and over: malware gets more complex. When malware researchers, like myself, unlock new obfuscated code, it’s a signal to the black hats that they need to up their game. For me,
Read More

Yoast and Sucuri Partner to Create a Safer Web

Yoast and Sucuri

We're very excited to finally talk about a partnership that's been in the works for a few months and in light of the serious nature of the Security in the WordPress ecosystem it only makes sense. It also comes at a time where we, as an organization,
Read More

Backups – The Forgotten Website Security Pillar

Sucuri - Security Pillars

I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website security education and awareness. In these travels, regardless of whether I'm speaking with a W
Read More

Responsible Disclosure – Sucuri Open Letter to MailPoet and Future Disclosures

Sucuri - MailPoet Security Disclosure

Many don't know who I am. My name is Tony Perez, I'm the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every person at this company. My partner is Daniel Cid. He is one of the foremost thought leaders in
Read More