Website Security News
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase the chances of reinfecting the site and maintaining access for as long as possible. Our…
Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics…
Read More about WordPress Security – Fake TrafficAnalytics Website Infection
Update 11/03/2017: If you want to learn how to secure WordPress, you can read all about it in our new guide. As WordPress continues to grow in popularity, so does…
Read More about Exploited Script in WordPress Theme Sends Spam
On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website’s functionality and in some instances extend the applications core capabilities. It’s great for…
Read More about Secure Coding: How to Account for Input Sanitization
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it was an updated WordPress installation…
Read More about Malware Cleanup to Arbitrary File Upload in Gravity Forms
Malware code can be very small, and the impact can be very severe! In our daily tasks we find a lot of web-based malware that varies in size and impact….
Read More about Open Source Backdoor – Copyrighted Under GNU GPL
Compromised sites being injected with SPAM SEO is something we deal very often. A few months ago we wrote about a wave of SPAM injections known as HideMe. However, the…
We often talk about the importance of keeping your server clean. You can see it in a number of our articles and presentations, this post will likely drive that point…
Read More about Backdoor Tool Kit – Today’s Scary Web Malware Reality
Some of you might remember my last Pharma hack post, Intelligent (Pharma) SPAM Decoded, today I will spend some time looking a different variant of the same infection type but…
It is no longer the day of human-readable injections, or even the use of basic encoding schemes like base64. Instead we’re seeing a rise in complex, and in some instances,…
Read More about Varying Degrees of Malware Injections Decoded
We are seeing a rise in the use of intelligent SPAM – a.k.a Pharma Hack – across a number of platforms. We recently found a nice injection that made us salivate,…
