Out-of-date Software Affects Websites Big and Small

November 5, 2012 by 3 Comments

Last week we published an article listing some big and popular websites that were leaking information about their users via the Apache server-status page. We also published a full list of sites that had this option enabled on our Labs project: URLFind.org.

On URLFind, we list a lot more details than just the sites that have server-status enabled. You can easily find sites that are running outdated versions of WordPress, Joomla or even vBulletin. We also index sites that are still running PHP 4 (outdated and not supported) and other potentially unsafe configurations and servers.

Message to all webmasters

After we published the blog post with the server-status issue, almost all of the sites got fixed (well, excluding Staples and Ford), which I don’t think they would have without that small push (walk of shame).

We are hoping that by shedding a bit more light to this already publicly exposed dilemma, webmasters will take note and update their sites and servers as soon as they can.

Read More

Filed Under: apache, iis, research, sucuri, vulnerability, WordPress Tagged With: , , , , ,

Dealing with WordPress Malware

October 11, 2012 by 8 Comments

A few months back I contributed to a post with Smashing Magazine on the top 4 WordPress Infections, it was released yesterday, and it couldn’t have been at a better time. If any one attended WordCamp Las Vegas you might even find some similarities. Fortunately in the process of preparing for the event and working with the team, we were able to compile a bit more information expanding on the things we originally discussed in the last post. It’s perfect timing for a number of reasons, and will complement this post very nicely.

WordPress Malware
The idea of this post, like many in the past, is to outline and discuss this past weekend’s presentation. In the process, hopefully you take something away. Unfortunately, the presentation was capped off with a live attack and hack, and I won’t be able to include that in this post, but I promise it’s coming.

**Note: If you plan to be at WordCamp Philadelphia 2012 you might be in for some treats, just saying. And if you don’t have it on the calendar, you should.

Read More

Filed Under: awareness, blacklisted, google, hacked, htaccess, Learn, Malware, phishing, php, plesk, protection, Redirects, research, security, SiteCheck, Spam, sucuri, vulnerability, WordPress Tagged With: , , , , ,

WordPress Themes: XSS Vulnerabilities and Secure Coding Practices

October 4, 2012 by 4 Comments

As many might imagine, my life revolves around Information Security. If you’re like me, you’re undoubtedly seeing all these new posts talking to insecurities in WordPress themes, specifically a plethora of Cross-Site Scripting (XSS) vulnerabilities. Surprise, surprise, right? Yeah, no, not so much.

WordPress Theme XSS Vulnerabilities

Here are some of the posts I am referring to:


Read More

Filed Under: developer, security, sucuri, vulnerability, WordPress, xss Tagged With: , , , , ,

Joomla 2.5.7 Released (Security Update)

September 13, 2012 by 1 Comment

Joomla 2.5.7 was just released today fixing 2 low severity security bugs and added a few other improvements. As always, we recommend all our Joomla users to update to 2.5.7 as soon as they can.

From their announcement page, here are the security bugs fixed:

  • Low Priority – Core – XSS Vulnerability: Inadequate escaping of output leads to XSS vulnerability in language switcher module.
  • Low Priority – Core – XSS Vulnerability: Inadequate escaping of output leads to XSS vulnerability.

Remember, the leading cause for website compromises is outdated software! So as a website owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sucuri SiteCheck was also updated to alert users not running version 2.5.7 on their Joomla sites.

Filed Under: joomla, vulnerability Tagged With: ,

Compromised Websites Hosting Calls to Java Exploit

September 12, 2012 by 1 Comment

Remember that Java 0 day vulnerability that was discovered a few weeks ago and took a while to get patched by Oracle? You know, the one that caused a large portion of the security community to recommend everyone to disable Java completely in their browsers?

Java Exploits

Well, it wasn’t hype. This vulnerability has been exploited since then, and now it’s the #1 vulnerability exploited by newer exploit kits found on compromised websites. The detection rate is also very low by AntiVirus products (7 out of 42 on Virus total):

Read More

Filed Under: hacked, java, Malware, malware_updates, vulnerability Tagged With: , , , ,

Sociable WordPress Plugin Security Warning

September 7, 2012 by 7 Comments

If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you disable it or remove it for now, at least until it gets fixed.

A customer alerted us to the issue, when you visit the settings page (e.g., site.com/wp-admin/options-general.php?page=sociable_select) you get a malware warning from Google (this site may harm your computer).

What is going on?

The issue is that the plugin is loading an image from a site that is currently compromised (inside this file: includes/class-sociable_Admin_Options.php):

http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png

That causes the browser to redirect to http://commitse.ru/ (known malware site). This is what happens when you load that image:

$ curl -D – -A “” http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png

HTTP/1.1 302 Found
Date: Fri, 07 Sep 2012 21:02:59 GMT
Server: Apache
Location: httx://commitse .ru
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1

There are some discussions on the WordPress forums about it here: http://wordpress.org/support/topic/plugin-sociable-image-causing-malware-detected-flags, but in the mean time, we recommend users delete or disable the plugin.

It doesn’t look like the plugin was compromised, just an external image was used and the site housing that image is currently compromised.

We will post more details when we have it.

Filed Under: Malware, malware_updates, plugin, vulnerability, WordPress Tagged With: , , , ,

Java Zero-Day In The Wild

August 27, 2012 by 4 Comments

A Java Zero-Day vulnerability was disclosed today, and its being distributed through the use of websites.

If you visit an infected site you’ll see something like this if you have Java disabled. It will not always show though:

Read More

Filed Under: awareness, sucuri, vulnerability, zero-day Tagged With: , , , , , ,

Magento Security Update (1.7.0.2) – Zend_XmlRpc Vulnerability

July 10, 2012 by 2 Comments

A few days ago, Magento 1.7.0.2 was released to fix a very serious security vulnerability that allows attackers to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.

The Magento team provides the following info in their post:

Read More

Filed Under: magento, security, sucuri, vulnerability Tagged With: , ,

Microsoft XML Core Service Zero Day Vulnerability Being Targeted

June 29, 2012 by 1 Comment

On June 12th we reported the release of a new Microsoft Security Advisory. It was of specific interest to us as it was exploitable via web-based malware and being classified as a Zero Day vulnerability.

To that point, today, NakedSecurity reported that the Blackhole Exploit Kit has been updated with a module designed to exploit that vulnerability.

Blackhole Exploit Kit


Read More

Filed Under: awareness, Malware, sucuri, vulnerability Tagged With: , ,

Uploadify, Uploadify and Uploadify – The New TimThumb?

June 26, 2012 by 12 Comments

We are seeing a lot of noise again regarding the Uploadify script vulnerabilities affecting some WordPress themes/plugins. If you are not familiar, Uploadify allows anyone to upload anything they want to your site without any authentication.

Very very useful, no? Maybe, but at what cost? If a bad guy/gal knows that you have the Uploadify script, they can upload anything they want too (backdoors) and hack your site.

First, Uploadify is nothing new. When we were reporting on the TimThumb vulnerabilities, we were also notifying everyone about the issues with uploadify.

Been Around

  1. In October of 2011 we warned everyone to remove and check for Uploadify: Remove Unused/Testing/Debug Software From Your Site
  2. We put out a post in August of 2011 listing themes affected by TimThumb, we also listed the ones Using uploadify as unsafe: Timthumb Security Vulnerability – List of Themes
  3. An oldie but goodie, TimThumb (Tip of the Iceberg), Uploadify was also included


    4. Read More

Filed Under: Malware, malware_updates, sucuri, vulnerability Tagged With: , , ,
«Older Posts
Newer Posts»