Archives for June 2009

Sucuri Update

As some of you already noticed, we updated our web site to add lots of new features and fix some bugs too.

What’s new?

  • We added support for HTTPS cert monitoring
  • We added support for blacklist monitoring. Everyone is there by default and it will notify you if your domain is ever blacklisted on Google Safe Browsing (used by Firefox and Chrome) or SiteAdvisor, Norton Safe Web, SpamHaus and others.
  • There is a new timeline of events, making it easy to see which changes happened.
  • New document (in main page) with step-by-step instructions on how to manage and handle high activity sites.

What we fixed?

  • We have our algorithm to detect parts of a site that change very often and ignore them by default (like comments section, number of views, etc). However, it was not working 100% everywhere and some of you were getting constant alert of changes.
  • Improve the layout of the site and fixed some browser compatibility issues.

If you run into any issues or have any comments, please let me know.

You can contact us at dd ( at )

Check that short URL before clicking on it

URL Un-shortening service supporting all shortening sites (, tinyurl, diff, etc) that also checks the URL using google safe browsing and Siteadvisor:;=check-url

Blog Security Stats – Taking almost 2k blogs to a security test

The goal of this research is to determine if bloggers are taking the security of their sites seriously. We focused on self-hosted WordPress blogs, since the ones from blogger, and others handle the security transparently for the users.

Available at Sucuri Research.

Bye Bye Astalavista

Scripts kiddies (and some security researches) are crying all over the world. Astalavista, the biggest repository of exploits was defaced, erased and shut down.

In a dramatic fashion..

Full message cached: astalavista cache

OSSEC online tests

We just added two tools to generate OSSEC rules online.

Twitter blocked in China

Twitter was blocked by the great firewall of China today…

… On another news, today China experienced a huge boost in productivity. No one knows why.

Hackers hit U.S. Army websites

“A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks, according to reports.The group, which calls itself “m0sted,” defaced the page and redirected users to pages that included anti-American and anti-Israeli statements, Information Week reported last week.”