• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Douglas Santos

About Douglas Santos

Douglas Santos is Sucuri’s Malware Analyst who joined the company in 2015. Douglas main responsibilities include helping our customers. His professional experience covers 17 of ethical hacking. When Douglas isn’t poking malware code, you might find him doing landscape photography and hacking games. Connect with him on our Twitter.

Labs Note

December 8, 2020Douglas Santos

Fake WordPress Functions Conceal assert() Backdoor

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this very specific part stood out to me: $config = wp_dbase_config_init(‘_as_sert’); For those readers familiar with…

Read More about Fake WordPress Functions Conceal assert() Backdoor

Lightbox Adware - From Innocent Scripts to Malicious Redirects

June 24, 2019Douglas Santos

Why is Your Website a Target? The SEO Value of a Website

Website security is what we eat, sleep, and breathe. It’s what we do best because we deal with hacked websites every single day, thousands of them. Among the various types…

Read More about Why is Your Website a Target? The SEO Value of a Website

A Puzzling Backdoor Upload

May 3, 2018Douglas Santos

A Puzzling Backdoor Upload

After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These malicious pieces of code are a valuable tool for…

Read More about A Puzzling Backdoor Upload

Javascript Injection Creates Rogue WordPress User

December 14, 2017Douglas Santos

Javascript Injection Creates Rogue WordPress Admin User

Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same:…

Read More about Javascript Injection Creates Rogue WordPress Admin User

Labs Note

November 22, 2016Douglas Santos

The Tale of a Malicious Stored Procedure

Nowadays, the most common issues with database injections are related to SPAM. Brian Krebs has a book called Spam Nation, that gives us a more in depth understanding of the…

Read More about The Tale of a Malicious Stored Procedure

Labs Note

November 11, 2016Douglas Santos

Malicious routine stealing WordPress credentials in the wild

From the hacker’s perspective, maintaining access to a compromised website for as long as possible, is ideal. One way to achieve this goal, is by stealing user’s credentials. This method…

Read More about Malicious routine stealing WordPress credentials in the wild

Labs Note

August 31, 2016Douglas Santos

Joomla Backdoor Hidden in Plain Sight

In order to avoid detection and maintain access to compromised websites, attackers use different techniques to hide their malicious code. During our cleanup investigation we identified an interesting malicious code…

Read More about Joomla Backdoor Hidden in Plain Sight

June 29, 2016Douglas Santos

200k+ Parked/Expired Domains Used to Distribute Malicious Ads

Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x the normal price. However, this…

Read More about 200k+ Parked/Expired Domains Used to Distribute Malicious Ads

Labs Note

June 14, 2016Douglas Santos

MiniCMS as a Spam Site Generator

SEO spam is very common for a reason — money. Spammers are paid to promote websites on Google. We deal with lots of SEO spam cases daily. The most common…

Read More about MiniCMS as a Spam Site Generator

June 2, 2016Douglas Santos

WP Mobile Detector Vulnerability Being Exploited in the Wild

***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t fully address the issue and…

Read More about WP Mobile Detector Vulnerability Being Exploited in the Wild

Labs Note

May 25, 2016Douglas Santos

Magento CC stealer adding user’s credentials to the loot

While analyzing a compromised Magento site, we found another Credit Card (CC) stealer variation. We posted a few times about this type of malware, but this one is a bit…

Read More about Magento CC stealer adding user’s credentials to the loot

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.