Google Bots Doing SQL Injection Attacks
Daniel Cid One of the things we have to be very sensitive about when writing rules for our CloudProxy Website Firewall is to never block any major…
Understanding Search Engine Warnings – Part I – Google – This Site May Be Hacked
If you have any questions about malware, blacklisting, or security in general, send them to us: contact@sucuri.net and we will answer here. For all the…
Backdoor Evasion Using Encrypted Content
A few weeks ago on the Sucuri Research Labs we mentioned a new type of malware injection that does not use base64_decode, and instead conceals…
Cleaning Up Your WordPress Site with the Free Sucuri Plugin
Update 9/9/16: We released a new guide to cleaning a hacked WordPress site with our plugin. If your site has been recently hacked and you…
Sucuri CloudProxy WAF Plugin for WordPress
If you are using our CloudProxy WAF to protect your WordPress websites, we highly recommend that you also install our new CloudProxy plugin for WordPress.…
Do you still look for base64_decode?
A common keyword that people use to find hidden injections on web sites is base64_decode. Youoften see injections that look like eval ( base64_decode or…
WHMCS SQL Injection Vulnerability in the Wild
A few days ago, a zero-day SQL injection vulnerability in WHMCS was disclosed by localhost.re, along with the exploit code. It was quickly patched by…
Malware iFrame Campaign from Sytes(.)net
For the last few weeks we have been tracking a large malframe (malicious iframe) campaign that has been injecting iframes from random domains from sytes(.)net…
WordPress Database Table and wp_head Injections
There are multiple places where a malware injection can be hidden on a web site. On WordPress, for example, it can be hidden inside the…
CloudProxy WAF – September Report
*By Tony Perez and Daniel Cid As many of you are aware we released a website protection tool, CloudProxy WAF/IDS, at the beginning of the…
Ask Sucuri: Non-Alphanumeric Backdoors
If you have any questions about malware, blacklisting, or security in general, send them to contact@sucuri.net and we will write a post about it and…