Daniel Cid

213 posts

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

SFTP/FTP Password Exposure via sftp-config.json

Daniel Cid
November 23, 2012

Have you heard of the file sftp-config.json? You haven’t? Neither did we until a few weeks ago. It is used by some SFTP/FTP clients (Sublime…

Read the Post

Sucuri Labs

More Fake jQuery sites – jqueryc.com

Daniel Cid
November 22, 2012

We keep seeing fake jQuery sites popping up and being used to distributemalware. One was jquerys.org, other was jquery-framework.com and the new oneis jqueryc.com (199.59.241.179).…

Read the Post

Sucuri Labs

co.cc seems to be gone

Daniel Cid
November 20, 2012

It seems that the .co.cc (sub TLD) that used to be mass used byspammers and malware is now gone. Their registration page is offline: $…

Read the Post

Out-of-date Software Affects Websites Big and Small

Daniel Cid
November 5, 2012

Last week we published an article listing some big and popular websites that were leaking information about their users via the Apache server-status page. We…

Read the Post

Popular sites with Apache server-status enabled

Daniel Cid
October 30, 2012

Apache has a very useful functionality called server-status that allows administrators to easily find how well their servers are performing. It is basically an HTML…

Read the Post

Sucuri Labs

Iframes generator: http://wordpresstest2.info/1.txt

Daniel Cid
October 25, 2012

If your site is loading hidden iframes from *.ftp1.biz/pony, look for a curlor file_get_contents call to http://wordpresstest2.info/1.txt.When you visit this site, it generates random iframes:…

Read the Post

Ask Sucuri: How Does SiteCheck Work?

Daniel Cid
October 20, 2012

Question: How does SiteCheck work? I just scanned a site that I think is compromised but the scanner is showing it as clean. Is my…

Read the Post

Website Malware Infections

Sorryforthiscode – iFrame Injection

Daniel Cid
September 28, 2012

We were working on a compromised site today that had some hidden iFrames on it. The iFrames were redirecting visitors to what seemed like random…

Read the Post

Careful With Fake jQuery Website – jquery-framework. com

Daniel Cid
September 17, 2012

A few days ago we posted in our Labs notes about a Fake jQuery website that is distributing malware. The domain was properly chosen to…

Read the Post

Compromised Websites Hosting Calls to Java Exploit

Daniel Cid
September 12, 2012

Remember that Java 0 day vulnerability that was discovered a few weeks ago and took a while to get patched by Oracle? You know, the…

Read the Post

Sociable WordPress Plugin Security Warning

Daniel Cid
September 7, 2012

If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you…

Read the Post