Combat Blackhat SEO Infections with SEO Insights

You can Fetch and Reindex from here

Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming more common every day: innocent websites are hacked, and their best pages begin linking to
Read More

Malicious iframe Injector Found in Adobe Flash File (.SWF)

Malicious .SWF

Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iframe is used to drop a binary browser exploit with .SWF files, infecting the client machine. This time we saw
Read More

Most Common Attacks Affecting Today’s Websites

New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than they ever have in the past. This is a huge win for the World Wide Web and it's a trend
Read More

Spotting Malicious Injections in Otherwise Benign Code

seo-position-report .net  - Good or Bad?

Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we scan through megabytes of HTML, JS and PHP. It’s quite easy to miss something bad, especially w
Read More

Security Advisory – Medium Severity – WP eCommerce WordPress Plugin

Sucuri - WP eCommerce Vulnerability

Advisory for: WordPress WP eCommerce Plugin Security Risk: Medium (DREAD score : 6/10) Exploitation level: Easy/Remote Vulnerability: Information leak and access control bypass. Patched Version: If you’re using the popular WP e
Read More

Drupal Warns – Every Drupal 7 Website was Compromised Unless Patched

The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as immediately. Today the the Drupal team released a strong statement via a public service
Read More

Threat Introduced via Browser Extensions

CouponDropDown Malware Ads

We love investigating unusual hacks. There are so many ways to compromise a website, but often it's the same thing. When we see malicious code on web pages, our usual suspects are: Vulnerabilities in website software Trojanized software
Read More

ASP Backdoors? Sure! It’s not just about PHP

Sucuri - ASP Backdoor 4

I recently came to the realization that it might appear that we're partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various
Read More

Google Blacklists

Screen Shot 2014-10-25 at 10.23.45 AM

If you ever shortened a URL using or if you use it anywhere, be aware that Google recently blacklisted all pages through its Safe Browsing program. It means that anyone using Chrome, Firefox or Safari will get a nasty The site ahead
Read More

Popular Brazilian Site “Porta dos Fundos” Hacked

SiteCheck Found Malware on Porta dos Fundos

A very well known Brazilian comedy site, "Porta dos Fundos," was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results: If you do not want the joke to be on
Read More