Website Malware – Joomla SEP Attack – Pharma Injection
Tony Perez This was a fun, yet painful case. In the past we have written a few different posts targeting search engine poisoning attacks (SEP) that like…
Month: November 2012
14 posts
Piwik.org webserver hacked and backdoor added to Piwik
Daniel Cid If you are using Piwik and you have downloaded/updated it recently, please double check your install to verify that it does not contain a backdoor.…
Website Malware Removal – FTP Tips & Tricks
Update 9/9/16: We released a new guide that provides better instructions on how to clean a hacked WordPress site using the Free WordPress security plugin.…
SFTP/FTP Password Exposure via sftp-config.json
Have you heard of the file sftp-config.json? You haven’t? Neither did we until a few weeks ago. It is used by some SFTP/FTP clients (Sublime…
Website Malware – SPAM Injections – HideMe – KickeMe
Every now and then you have to give thanks that attackers have a sense of humor. For the past few weeks, maybe months, who keeps…
More Fake jQuery sites – jqueryc.com
We keep seeing fake jQuery sites popping up and being used to distributemalware. One was jquerys.org, other was jquery-framework.com and the new oneis jqueryc.com (199.59.241.179).…
Website Malware – SEP Attack – SPAM Link Farm
How appropriate that less than a few hours from my last post talking about Search Engine Poisoning (SEP) attacks I come across a case that…
Website Malware – SEO Poisoning Spam
Lately, we’ve been seeing a lot of SEO poisoning cases and felt it necessary to spend a little more time explaining them. SEO (Search Engine…
co.cc seems to be gone
It seems that the .co.cc (sub TLD) that used to be mass used byspammers and malware is now gone. Their registration page is offline: $…
PSA: Skype Vulnerability Released
While not exactly related to web security, it’s always good to take a minute to look at the web’s cousin, the desktop. On November 13th…
Joomla 2.5.8 and 3.0.2 Released (Security Updates)
David Dede Joomla 2.5.8 and 3.0.2 were just released today fixing a medium severity security bug related to a clickjacking/XSS vulnerability. You can find more details on…