Website Security News
It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad crowd of SEO…
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse…
We have discovered a new variant of PHP malware used to edit a cPanel users’s shadow file, allowing for bad actors to change passwords for all of the email accounts…
Read More about Yet another variant of the cPanel user shadow editor malware
We recently found this malware on a windows hosting server where the web.config file was modified with the following code. The code redirects multiple user agents and users referred from…
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A…
It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if…
Over the last months, we’ve been talking a lot about new ways to decode complex malwares that involve the usual PHP functions like eval, create_function, preg_replace, assert, base64_decode, etc. According…
Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to retain access to your site and…
Read More about Register My Backdoor – Unorthodox Invocation Mechanisms
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more…
Read More about vBulletin Used to Show Malicious Advertisements
We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor…
We recently wrote about a Drupal black-hat SEO hack that among other things redirected users coming from Google to botscache[.]com site. It hijacked the bootstrapping process via the session_inc variable…
