Daniel Cid

213 posts

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Big Increase in Distributed Brute Force Attacks Against Joomla Websites

Daniel Cid
September 3, 2013

Update: Brute force protection now available: http://cloudproxy.sucuri.net/brute-force-protection A few months ago, we discussed and published details about a very large brute force attack targeting WordPress…

Read the Post

Potential vBulletin Exploit (4.1+ and 5+)

Daniel Cid
August 28, 2013

The vBulletin team just posted a pre-disclosure warning on their announcements forum about a possible exploit in versions 4.1+ and 5+ of vBulletin. They don’t…

Read the Post

Free Sucuri WordPress Plugin Gets New Features

Daniel Cid
August 21, 2013

We just released some major updates to our Free WordPress plugin that we recommend all WordPress users check out. Before the update, the plugin was…

Read the Post

Joomla Media Manager Attacks in the Wild

Daniel Cid
August 16, 2013

If you are using Joomla and didn’t update your site recently, you better stop doing whatever you are doing, and update it now. There is…

Read the Post

OpenX.org Compromised and Downloads Injected with a Backdoor

Daniel Cid
August 6, 2013

We received reports that OpenX.org was compromised and the OpenX download files had a backdoor injected in them. According to Heise (in German), the malicious…

Read the Post

Phishing 2.0 – Credit Card Redirection on Compromised Sites

Daniel Cid
July 26, 2013

We have seen it all when it comes to compromised sites: from silly defacements, to malware, spam, phishing and all sorts of injections. However, the…

Read the Post

Sucuri CloudProxy Web Application Firewall (WAF) – Out of Beta

Daniel Cid
July 23, 2013

We are happy to announce that after more than a year in testing, Sucuri’s Cloud WAF is out of beta. CloudProxy is currently available to…

Read the Post

From a Site Compromise to Full Root Access – Bad Server Management – Part III

Daniel Cid
July 18, 2013

When an attacker manages to compromise and get access to a website, they won’t stop there. They will aim to gain full root (admin) access…

Read the Post

Malware Hidden Inside JPG EXIF Headers

Daniel Cid
July 16, 2013

A few days ago, Peter Gramantik from our research team found a very interesting backdoor on a compromised site. This backdoor didn’t rely on the…

Read the Post

SSH Brute Force – The 10 Year Old Attack That Still Persists

Daniel Cid
July 15, 2013

Three years later we are still seeing SSH brute force attacks compromising sites on a frequent basis. One of the first server-level compromises I had…

Read the Post

Sucuri Labs

Fake piwik domain – piwik-stat

Daniel Cid
July 14, 2013

Piwik is an open source web analytics software that is used by many web masters. Andthe bad guys are using their popularity to try to…

Read the Post