Apologies for not posting stats for February. We were making some internal changes which delayed the process and skewed the data. Regardless, here are the latest stats for March.
Note: This information is based on infections found using our FREE scanner, SiteCheck. It does not include infections found via our internal monitoring service. Read more
We are seeing an old vulnerability on e107 being widely scanned and exploited. e107 is a free open source content management system (CMS).
More details on the vulnerability are available here:
It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily.
Affected versions
Affected is e107 < = 0.7.20
MOPS-2010-111
MOPS-2010-112
It is no longer the day of human-readable injections, or even the use of basic encoding schemes like base64. Instead we’re seeing a rise in complex, and in some instances, elusive encoding schemes that carry with them a big punch.
There are varying degrees of malware injections that include some of the following traits:
In this post we’ll look at an instance where the malware leverages a combination of encoding, concatenation and cameleon traits to impact the end-user.
Read more
We recently posted about Website Cross-Contamination which we see quite a bit of in shared hosting environments. This post is a follow up with a nice sample of an SEO Spam infection that uses multiple sites in a shared environment to push their campaign.
We received a clean up request from a customer who was clearly infected with Blackhat SEO Spam:
Read more
You have heard me write in the past about understanding the true Vulnerability within WordPress. In that post I talk to the benefits of the platform and how those same benefits are also its weakness. This post is an example that brings that point home, specifically about staying diligent with your plugins.
It was recently released that a plugin for WordPress, Deans FCKEditor with PWWANGS Code Plugin for WordPress, was known to contain a very serious vulnerability that gives hackers full control to modify, upload and execute files within your WordPress install (source PacketStorm). This vulnerability is actually not new and was found for version 1.0.0. That’s not the point though, what is, is that this version is in fact vulnerable. Read more
We are seeing a rise in the use of intelligent SPAM – a.k.a Pharma Hack – across a number of platforms. We recently found a nice injection that made us salivate, we figured you’d be just as interested
It is of no surprise to us that attackers are always looking for ways to trick us and more importantly our users. This gem of a find was no different.
SPAM, in the form of unsolicited e-mail messages, is a problem that we face every day. Imagine sending a client a link to a newly released product, they get to the page, and BAM they’re greeted with advertisements for pharmaceutical products (Viagra / Cialis / Male Enhancers). What do you think the impact would be? Read more
Everyday we manage thousands of clients running a wide range of applications, built across a number of different platforms. It should be of no surprise that a good number of them leverage the WordPress platform. This in itself can lead folks to scream from the mountain tops of the applications insecurities, we’re here to say that is just not so.
Many know, but yet many more don’t, that WordPress dominates rival CMS applications by significant margins. We are not saying this in terms of functionality or breadth, but rather by end-user adoption. We will not dabble with why and how it has accomplished this, but rather on what this means to you, the end-user.
Read more
We talk a lot about the importance of using strong passwords, but sometimes it it hard to see how important it really is, or what can happen if we do not use a strong one. Most people only realize this after they have been compromised for the first time.
Lately we have been seeing many WordPress sites being attacked and hacked through the use of brute force. The administrator leaves the default “admin” user name and chooses a simple password, and never changes it.
There is a technique known as brute-force attack. Like the name implies, access is gained to your environment through brute force. Often conducted by bots, these attacks will run through a compiled list of common passwords and their permutations (i.e., password, Pa$$w0rd, p@ssw0rd, etc..). Yes, the attackers know that you substitute ‘A’ for an ‘@’ and ‘S’ for a ‘$’. Using this method the attackers are gaining access to your wp-admin, this then allows them to serve spam via your posts, deface your home page like we recently saw with ServerPro, and inject any one of the other types of malware roaming the interwebs.
Read more
I have this beautiful website and now there’s all this garbled code across all of my PHP files. What’s it do, and how did it get there?
This is a quick post to show you some encoded crud that can attack your site, and do some pretty bad stuff.
Generally speaking, we see this type of payload dropped into PHP, HTML, and JavaScript files. They are typically dropped into an environment through a known vulnerability in outdated software. This isn’t the only entry point, but definitely the one we see the most.
Read more
Mary has a site that she really cares about, its called mycoolsite.com. She has learned how to monetize her blog through the use of ads, this allows her to make her living. She uses WordPress and always keep it updated. She also keeps her plugins updated, uses strong passwords, accesses the admin panel via SSL and takes all the security recommendations very seriously.
She uses a shared server and her host offers her unlimited domains. Over the years she has taken advantage of this offering, adding a few sites here and there. One such site was mytestsite.com, it’s used to try new themes and plugins.
Read more
Thanks! @sucuri_security for the timely Wordpress/Godaddy malware fixes http://blog.sucuri.net
