Blog Search
Like Box
Comments
- Dreamhost hacked, mass password-reset issued | ZDNet on DreamHost Security Issue Prompts FTP Password Resets
- Experiences with using GoDaddy, Linux Web Hosting | The (Unorganized) Musings of a Computer Scientist on GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission
- » Wordpress Security Best Practices & Plugins on Timthumb.php Mass Infection – Aftermath – Part I
- WordPress.org repository will not show plugins older than 2 years on WP-phpmyadmin WordPress plugin – Delete it now
- Wordpress News - The Best WordPress Tips and Tutorials of 2011Wordpress News on Cleaning up an infected website – Part I: WordPress and the Pharma Hack
Tags
alexa apache ask awareness backdoors blacklist blacklisted bluehost dns fox georgia godaddy google guides hacked history honeypot htaccess iis joomla logs malware malware_updates netsol openx oscommerce ossec passwords pharma phishing plugin review sbn scan security spam stats sucuri twitter vbulletin virus vulnerability walmart whois wordpressArchives
- January 2012 (6)
- December 2011 (4)
- November 2011 (4)
- October 2011 (7)
- September 2011 (8)
- August 2011 (16)
- July 2011 (5)
- June 2011 (10)
- May 2011 (10)
- April 2011 (15)
- March 2011 (18)
- February 2011 (13)
- January 2011 (7)
- December 2010 (7)
- November 2010 (9)
- October 2010 (12)
- September 2010 (10)
- August 2010 (7)
- July 2010 (10)
- June 2010 (15)
- May 2010 (19)
- April 2010 (16)
- March 2010 (15)
- February 2010 (8)
- January 2010 (7)
- December 2009 (4)
- November 2009 (1)
- October 2009 (2)
- September 2009 (1)
- August 2009 (6)
- July 2009 (11)
- June 2009 (7)
- May 2009 (4)
- April 2009 (1)
Monthly Archives: January 2010
Fingerprinting web applications
This paper describes a technique to remotely detect the version (fingerprint) of a web application. We cover WordPress, Mediawiki and Joomla in the article, but it can be easily extended to other applications. At the end, we also give you … Read more
Quick Sucuri Update
We are very happy to announce that we reached 5 thousand (yes, 5k) sites being monitored by our Network Integrity Monitor solution. To celebrate, we are releasing an update to our dashboard and a new Premium offering with advanced features. … Read more
New Security Bloggers Network (SBN) member
We are very happy to be the newest member of the Security Bloggers Network (SBN). Thanks to Alan Shimel for setting this up very quickly and welcoming us. You can expect lots of updates from our Honeypot analysis, as well … Read more
Downforeveryoneorjustme is down
The service http://www.downforeveryoneorjustme.com/ has been down for at least a few hours already. I got the first notification via sucuri.net a few hours ago saying that the page has been changed: Content changed:> Index of />> * cgi-bin/>> Apache/2.2.13 (Unix) … Read more
Honeypot analysis – Looking at SSH scans
An integral part of the Sucuri project is to research and monitor current attacks as a way to improve our defense techniques. To achieve that, we have been running a few Honeypots for almost a year and collecting data from … Read more
A closer look at the iiscan
The free IIScan was recently announced on the full-disclosure list and I took the time to review it. They announced it as a new generation web app security platform to detect XSS, sql injection, etc. All online and free. Let’s … Read more
VMware insecure file creation
If you are using the free VMware server on Linux, beware that the installer is creating files with insecure permissions, allowing any user to modify them. I downloaded the latest VMware server (VMware-server-2.0.2-203138.i386) and followed the step-by-step installation script. After … Read more
