From a Site Compromise to Full Root Access – Symlinks to Root – Part I

May 23, 2013 by Leave a Comment

When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin) access to the entire server. If there are more websites hosted on the server being attacked, It is likely they will attempt to compromise every single one of them.

How can an attacker escalate their privileges? How can they go from FTP-only access to getting root on the server? In this series of articles we will show some techniques that attackers are using to go from confined FTP/web access, to full root level access on a server.

Read More

Filed Under: hacked, htaccess, Malware, malware_updates Tagged With: , , , ,

Globo.com redirecting users to Spam ads

May 19, 2013 by Leave a Comment
Globo.com redirection

Globo.com, one of the largest Brazilian web portals (ranked #107 on Alexa and #6 for Brazilian traffic) appears to be compromised and all visits to it are being redirected to a sub page inside pagesinxt.com. If you go to g1.globo.com (or any other of
Read More

Filed Under: hacked, Malware, malware_updates Tagged With: , ,

Sucuri CloudProxy WAF – Fake Bots Explained

May 14, 2013 by Leave a Comment

One of the most common questions we have been getting since launching our CloudProxy WAF is regarding bot activity and why it appears that we are blocking Google and / or Bing bots. Inside the CloudProxy dashboard we provide a full audit log of any
Read More

Filed Under: awareness, cloudproxy, googlebot, Spam, waf Tagged With: , , ,

Auto Generated Iframes To Blackhole Exploit Kit – Following the Cookie Trail

May 6, 2013 by Leave a Comment
Screen Shot 2013-05-05 at 11.28.16 AM

We often talk about websites being compromised and injected with malware that redirect users to exploit kits. We unfortunately don't give you a complete picture of what the distribution payload is doing on your local machine very often. Today we'll
Read More

Filed Under: sucuri Tagged With: , , , , ,

Malaysian Election and DDOS

May 4, 2013 by Leave a Comment
Screen Shot 2013-05-04 at 12.51.46 PM

Malaysia is having an election this weekend that has been surrounded by issues. We won't go into the politics, but one of our client's sites (a popular Malaysian news source that we won't name), started to suffer a very large scale DDOS (distributed
Read More

Filed Under: ddos, malaysia Tagged With: ,

W3 Total Cache and WP Super Cache Vulnerability Being Targeted in the Wild

May 4, 2013 by Leave a Comment
Screen Shot 2013-05-03 at 8.31.42 PM

As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we have started to see attacks spring up across our network. In our post you might remember
Read More

Filed Under: Malware, sucuri, vulnerability, WordPress Tagged With: , , , , ,

Who Really Owns Your Website? “Please Stop Hotlinking My Easing Script — Use a Real CDN Instead.”

May 3, 2013 by Leave a Comment
Screen Shot 2013-05-02 at 4.26.02 PM

For the last few days, we have had some customers come to us worried thinking that their websites were compromised with some type of pop-up malware. Every time they visited their own site they would get a strange pop up: "Please stop hotlinking
Read More

Filed Under: education, hardening Tagged With: ,

Game of Coins: The Uprise of Bitcoin Mining

May 2, 2013 by 2 Comments
Game of Coins

Research by Daniel Cid. Authored by Dre Armeda. One thing you can't take away from some of the attackers we deal with everyday is their creativity. From time to time we write about new trends we're seeing, and this post is no different. We're
Read More

Filed Under: backdoors, bitcoin, Malware, security, Server Compromise, sucuri, vulnerability Tagged With: , , , , ,

Apache Web Server Attacks Continue to Evolve

April 29, 2013 by Leave a Comment
Sucuri - Website Security Trends - Server Compromises

For the past few months we have seen a gradual increase in server-level compromises. In fact, every week it seems we're handling half a dozen or so and it continues to increase. It's one of the reasons that I have started including this as a trend in
Read More

Filed Under: apache, hacked, Malware, malware cleanup Tagged With: , ,

LivingSocial Hacked — More Than 50 Million Accounts Compromised

April 26, 2013 by 4 Comments

Just as we were thinking we were going to avoid any major enterprise compromises this week, LivingSocial announces that it has been compromised and some 50 million accounts have been compromised. Based on the reports, it doesn't seem that any
Read More

Filed Under: awareness, hacked Tagged With: ,
«Older Posts