Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone

Free LetsEncrypt SSL for your website with Sucuri Security

Last year we partnered and sponsored the LetsEncrypt initiative. Today we’re happy to announce that we have fully integrated with them and we are now offering their free SSL Certificates to all customers who leverage the Sucuri Firewall.

We’re very excited about this integration and we have mass-enabled their certificates for all of our customers that did not have one yet. If your website is behind the Sucuri Firewall, your visitors can now reach your website via HTTPS by default. It is that easy.

Customers on our Professional, Business or Enterprise plans, can continue to use their custom certificates.


Read More

Sucuri – 2016 Redesign

sucuridesign
Update: It was an April fools joke, if you did not realize it by now. The site is back in place and the ascii/web3.0 design is still accessible here if you want to see how it looked.

A few weeks ago, while enjoying lunch on a bright sunny day in Southern California, our research and marketing teams were across the table from each other enjoying a fine feast. Unbeknownst to them, they quickly land themselves in the middle of a childish debate between Tony and I on the merits of design, our website, and what our customers really want. A friendly conversation on the relationship between malware, research, and the importance of the user’s experience from initial engagement through the entire product lifecycle became a debate, which then turned into a challenge, as is customary when we get together.

Somewhere in that engagement, words were thrown out… words like… “We could improve your website design with something that we know for a fact our audience wants!!!” That got a, “You wouldn’t know design if it hit you in the face”

The designers, a proud bunch, took the challenge. They gave the researchers a few weeks to work on it and create a concept that they felt would best relate with our audience. Something that would be more appealing to the eye, better communicate what we do, and streamline the experience for the customer.

Sucuri – Redesigned by our Research Team

The promise was simple. Follow through with a design and we’ll deploy it live and let our audience decide. For weeks they worked on the project silently, to the point that I myself felt they had forgotten. Apparently, after weeks of work and collaboration, they come up with a beautiful concept for our new home page.

Clean, fast & distraction free.

Enjoy, our new home page: https://sucuri.net

Coming to you live from your favorite security researchers. Designed by Fio. Built by Peter. Tested by Denis. Produced by Daniel. Security by Marc-Alexander. Moral Support by Mick. QA by Rodolfo. Extra by Antony.

Personally, I’m super proud of the team’s ingenuity and out-of-box thinking. I would love to report back on whether it’s a success. Please do let us know which design you prefer. :) It’d be great if you’d let us know at @sucurisecurity if you prefer.

I think the research team might be on to something when it comes to marketing and customer acquisition. We could have a revolution on our hands.

Ask Sucuri: How Does Sucuri Clean a Website?

03212016_HowClean

Question: How does Sucuri clean hacked websites? What is the process?

We clean a lot of websites, ~ 400 / 500, daily during our normal load. To understand how we do it, you have to understand where it all comes from.

The biggest challenge with providing incident response services (remediation) on compromised websites is that a majority of website owners (webmasters) are not prepared. Most website owners lack security knowledge and fail to invest the time necessary to become familiarized with its concepts and how it’s applicable to their environment. They fail to get their websites ready for when, not if, an attack or disaster happens. In many instances, if the webmaster had been prepared, the entire remediation process would’ve been streamlined.


Read More

Server Security: Indicators of Compromised Behavior with OSSEC

03162016_ServerSecurityOssec_V2

We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, rootkit detection, real-time alerting, and active response.

It provides complete coverage if you are looking for an endpoint (server) security solution. If you have not used OSSEC before, I recommend reading my guide to get started: http://dcid.me/texts/my-ossec-setup-manual.html
Read More

Investigating a Compromised Server with Rootcheck

02192016_RootCheck_V2

What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform the incident response on your behalf. What if you want to do an investigation on your own?

In this post, we will talk about Rootcheck, an open source command line tool that looks for indicators of compromise on Linux or BSD systems. It looks for known backdoors, kernel-level rootkits, malware and insecure configuration settings. It performs a few tests that will certainly help you during your hack investigation.
Read More

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

021072016_WordPress7Layer_V1r2

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with the pingback feature enabled (its default setting) could be used to attack the availability of other websites. The attacks would inundate the web server with Layer 7 requests resulting in very large DDoS attacks.

If you are not familiar with the terminology, Layer 7 attacks (also known as http flood attacks) are a type DDoS attack that disrupts your server by exhausting its resources at the application layer, instead of the network layer. They do not require as many requests or as much bandwidth to cause damage; they are able to force a large consumption of memory and CPU on most PHP applications, CMSs and databases. We provide a more in depth explanation in our previous article – Analyzing Popular Layer 7 Application DDoS Attacks.
Read More

Server Security: Import WordPress Events to OSSEC

Ossec WordPress Log Export Update

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.

It provides complete coverage if you are looking for an endpoint (server) security solution. If you have not used OSSEC before, I recommend reading my guide to get started: http://dcid.me/texts/my-ossec-setup-manual.html
Read More

Server Security: OSSEC Integrates Slack and PagerDuty

1292015_Ossec_Blog_Slack (2)

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.

It provides complete coverage if you are looking for an endpoint (server) security solution.

If you have not used OSSEC before, I recommend reading my guide to get started:
http://dcid.me/texts/my-ossec-setup-manual.html
Read More

Critical 0-day Remote Command Execution Vulnerability in Joomla

Disclosure-Image---Joomla!
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4.

This is a serious vulnerability that can be easily exploited and is already in the wild. If you are using Joomla, you have to update it right now.

Update – 2015/12/14, 17:15PM EST If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes from here. This article from OSTraining explains how to apply them.


Read More

Server Security: OSSEC Updated With GeoIP Support

OSSEC HIDS GeoIP
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.

It provides a pretty complete coverage if you are looking for endpoint (server) monitoring.

If you have not used OSSEC before, I recommend reading my guide to get started:
http://dcid.me/texts/my-ossec-setup-manual.html

Note that it requires root access to your servers and is meant for network and server administrators with Linux skills.

OSSEC With GeoIP

We recently made an improvement to OSSEC with the integration of the MaxMind GeoIP database (that maps an IP to a country and/or a city). This update was important to us, as it makes it a lot easier to monitor logs and understand what is going inside your network.

Read More