Blog Search
Like Box
Comments
- Dreamhost hacked, mass password-reset issued | ZDNet on DreamHost Security Issue Prompts FTP Password Resets
- Experiences with using GoDaddy, Linux Web Hosting | The (Unorganized) Musings of a Computer Scientist on GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission
- » Wordpress Security Best Practices & Plugins on Timthumb.php Mass Infection – Aftermath – Part I
- WordPress.org repository will not show plugins older than 2 years on WP-phpmyadmin WordPress plugin – Delete it now
- Wordpress News - The Best WordPress Tips and Tutorials of 2011Wordpress News on Cleaning up an infected website – Part I: WordPress and the Pharma Hack
Tags
alexa apache ask awareness backdoors blacklist blacklisted bluehost dns fox georgia godaddy google guides hacked history honeypot htaccess iis joomla logs malware malware_updates netsol openx oscommerce ossec passwords pharma phishing plugin review sbn scan security spam stats sucuri twitter vbulletin virus vulnerability walmart whois wordpressArchives
- January 2012 (6)
- December 2011 (4)
- November 2011 (4)
- October 2011 (7)
- September 2011 (8)
- August 2011 (16)
- July 2011 (5)
- June 2011 (10)
- May 2011 (10)
- April 2011 (15)
- March 2011 (18)
- February 2011 (13)
- January 2011 (7)
- December 2010 (7)
- November 2010 (9)
- October 2010 (12)
- September 2010 (10)
- August 2010 (7)
- July 2010 (10)
- June 2010 (15)
- May 2010 (19)
- April 2010 (16)
- March 2010 (15)
- February 2010 (8)
- January 2010 (7)
- December 2009 (4)
- November 2009 (1)
- October 2009 (2)
- September 2009 (1)
- August 2009 (6)
- July 2009 (11)
- June 2009 (7)
- May 2009 (4)
- April 2009 (1)
Author Archives: dd
Funny Spammers: Any Reproduction of This Document in Part or in Whole is Strictly Prohibited
Spam is nothing new, but a recent site we were reviewing was a bit different. After a bit of analysis, we found a file called tracks.php that was generating spam with the following code on it: <?php // Any reproduction … Read more
Posted in malware, malware_updates, pharma, spam
Tagged malware, malware_updates, pharma, spam
Leave a comment
Ask Sucuri: Why Do I Only Get Malware Warnings on Certain Browsers?
A few days ago, our scanner alerted that a site had malware related to the Blackhole Exploit Kit. The owner of the site said that when he visited the site, nothing happened, and the malware wasn’t displayed – probably thinking … Read more
Posted in hacked, malware, malware_updates, virus
Tagged hacked, malware, malware_updates, virus
Leave a comment
WordPress 3.3 XSS Vulnerability Patched (3.3.1 Released)
We just learned of a reflected XSS vulnerability in WordPress 3.3 via the comments form (wp-comments.php). It is explained in detail here. The disclosed vulnerability can only be triggered via Internet Explorer according to the disclosing party, our tests lead … Read more
Happy New Year From the Sucuri Team
Just a quick message to thank everyone that worked with us during 2011 (clients, partners and friends), and to wish a wonderful 2012 to all of you. We have some cool projects and posts to share in the near future, … Read more
Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin
If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now. The plugin loads a Flash player from “http://rod.gs/_SVP/5.7.1896/player.swf?ver=1.3.2″, a domain (rod.gs) which is currently blacklisted by Google, so anyone visiting your … Read more
Posted in blacklist, blacklisted, malware, malware_updates, plugin, wordpress
Tagged blacklist, blacklisted, malware, malware_updates, vulnerability, wordpress
Leave a comment
Malware Being Called From Your php.ini File
Is your site infected with malware, and you can’t find it anywhere? It might be a good idea to search outside of your web directory, and look in your main configuration files (specially if you are on a dedicated/VPS server). … Read more
Posted in hacked, malware, malware_updates, vulnerability
Tagged hacked, malware, malware_updates, vulnerability
Leave a comment
Ask Sucuri: How Long Does It Take For a Site To Be Removed From Google’s Blacklist? – Updated
If you have any questions about malware, blacklisting, or security in general, send it over to us: contact@sucuri.net and we will answer here. For all the “Ask Sucuri” answers, click here This is an update to our previous post about … Read more
Posted in ask, blacklist, blacklisted, google, sucuri
Tagged ask, blacklist, blacklisted, google, sucuri
Leave a comment
WordPress 3.3 is Out
For all our WordPress users, please remember to update to WordPress 3.3 that was just released. It should be a quick 1-click process in your dashboard, and nobody have an excuse not to do so. And if you are currently … Read more
Posted in wordpress
Leave a comment
The New (and Old) .htaccess Attacks – Now Using .in Domains
We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search engine traffic to a different (malicious) page that attempts to compromise the browser / computer … Read more
Posted in hacked, htaccess, malware, malware_updates, wordpress
Tagged hacked, htaccess, malware, malware_updates, vulnerability, wordpress
Leave a comment
Dre Armeda: WordPress End-User Security
Sucuri Co-Founder Dre Armeda did a great presentation at WordCamp Chicago about end-user security for WordPress users. Check out the video here: Dre will also be speaking at WordCamp Las Vegas 2011, make sure to say hi if you’re attending.
