Analyzing Proxy Based Spam Networks


We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven’t shared, however, is the idea of Proxy-based Spam Networks (PSN). It’s not because it wasn’t interesting, it’s just not something we’d seen that often, or at all. As is often the case in the website security, techniques continue to evolve, they’re mastered and as such the space changes and it’s on us to understand, dissect and of course, deliver that information to each of you.

This naturally brings me to the latest trend we’re seeing, while difficult to quantify (you’ll soon see why) we have started to see and experience interesting configurations in which Blackhat SEO actors are employing the use of reverse proxies to:

  • Hijack and rank for your content.
  • Leverage that ranking for their own SEO needs (often with nefarious intentions).

Read More

Ask Sucuri: How to Create Website Backups?


Recently I had the good fortune of being able to present at Wordcamp Vancouver 2015. My presentation was titled ‘Why Security Matters‘ and I mentioned website backups several times. One of the people who attended asked me a great question:

I backup my computer, and I backup the backup of my computer, but how do I backup my website?

Many clients that I work with have never backed up their website. If your website ever breaks or gets infected these backups become your best friend. I’d like to share some step-by-step instructions on how you can manually make a backup of and restore your site without using any plugins or services.

Read More

Demystifying File and Folder Permissions

File and Folder Permissions

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-click any file on your computer and choose Properties (Windows) or Get Info (Mac) to see an example. You can also log into your server (using an FTP client like FileZilla) to do the same thing to your server files and directories.

For the purposes of this article, we’ll be discussing website files and folders on your server.

You may have heard references to things like chmod, 775, read/write, or user groups. This post is going to explain the bare bones of permissions, giving you clarity into these terms. This is important for those of us who are just starting to interact with servers, and for those who have always been curious to know more about file permissions. Ultimately, knowing how permissions work on your server will strengthen your security posture. In other words, knowledge about security concepts helps you develop a keen sense that stops you from doing things like granting full 777 permissions on a file (even if your theme documentation tells you to), or noticing when you have strange file permissions that could be the warning signs of an intruder.

Read More

FunWebProducts UserAgent Bloating Traffic

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an educated guess. Our main business is preventing hacks and cleaning them up, but we always try to go above and beyond when we get questions about the methods and reasons behind hacks.

One of the websites we protect was experiencing an abnormal increase in traffic. In just one month, they saw 4 times as much traffic as the previous months. It was a mystery to them where it was all coming from.


The requests themselves were not doing anything nefarious, but upon investigation, our Website Firewall was adding rules to block the traffic from returning by temporarily blocking the offending IP addresses. Though the requests were benign in nature, their behavior was definitely suspect and triggered our automatic protection. We were curious about the source of this strange traffic, and looked to provide our customer with any insight on where this surge in traffic might be coming from.

This is what makes our jobs interesting. Even though I’m technically in marketing, there are so many ways that crooks can exploit code and internet protocols. Many of these nefarious online acts unfortunately intersect with marketing, advertising, and analytics. Everyone on our team works together to solve these cyber crimes, helping out when we have a little bit more knowledge in Google Analytics, or previous experience with a specific operating system. Before I lay this out, I have to thank Jarret Cade, Marc Kranat, and Rafael Capovilla for helping me find and analyze this case. Though our team never got a clear and confirmed answer to this mystery, the process of analyzing these cases interests all of us.

The client noticed that in Google Analytics, a lot of traffic was coming from a source that was not set. She also noticed right away that there was also a lot of referral spam from and other top offenders involved in this kind of analytics spam.

Read More

WP-CLI Guide: Install WordPress via SSH


This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database. We also covered a few commands in our third post about how to securely manage your plugins and themes with WP-CLI, including updating, removing, and adding them to WordPress.

Today, we are going to cover installing WordPress core from the ground up using WP-CLI. This is the pièce de résistance, and one of the most secure ways to install WordPress. The SSH protocol encrypts the commands and data transfer, keeping your connection to your website server more private than using FTP clients.

Read More

Prestige Conference Means Business


A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the occasional apex. Woven among the exposition, rising action, climax, falling action and finally a resolution, the story line of each career can change very quickly. This statement rings even truer in the current world economy. However, while still in movement, any career can always use fresh perspective, direction, and new goals or ideas.

Perhaps you are a serial entrepreneur exploring the possibilities for your next start-up. Or, maybe you are a mid-career professional working toward your next big move. You could possibly be in the process of re-branding yourself to leverage your current position and network in a new improved way. Regardless of the Business/Career stage you are in, Prestige Conference offers not only valuable information, but also quality relationships that can better purpose, position or power your next steps.

Learn From the Best

Our friends at the Prestige Conference have engaged in careful consideration as they evaluated and ultimately decided on which speakers in which they would invest in effort to provide the best opportunities for the personal and professional growth of attendees. Boasting patronage and sponsorship from among arguably the best and brightest minds in the tech and business space, Prestige is an event designed to make real impact for real people. This is one of the many reasons Sucuri has partnered with Prestige and will be represented by our very own Co-Founder and CEO, Tony Perez who speaks at 10am on the business of security.

As a brisk preview, our CEO, Tony Perez, will specifically highlight challenges we have faced as we build one of the fastest growing and most recognizable brands in website security. Attendees will receive a wealth of wisdom as Tony shares what it means to build your business around true value in an industry often riddled with manipulation and skewed with Fear Uncertainty and Doubt (FUD) and/or snake oil. Navigating such terrain will undoubtedly offer insight which will be applicable across a variety of backgrounds. Whether you participate in person or view virtually, you are encouraged to tune in and tap into one of the minds on our leadership team that is inspiring and guiding our company into its next phase.

The conference begins TOMORROW and therefore would call you to speedy registration. However, if you are unable to attend in person, you should still capitalize on the conference by taking advantage of their live-stream. No need to miss! Hope to see you there!

WP-CLI Guide: Secure Plugin & Theme Management


Welcome to our third post on WP-CLI for secure WordPress management over an SSH command line interface. In our previous two articles, we discussed how to connect to WordPress over SSH, and then how to back up & update WordPress securely.

Like other open-source content management systems, WordPress lets you easily add code to make your website look and act differently. These are your themes and plugins, built by inspired developers and designers who understand how WordPress works. It’s these extensions that allow you to publish content with added functionality for your visitors and what facilitates the unique look of your brand.

The people who build these extensions know quite a bit about internet technology when it comes to user experience, but there are just too many ways to break a website. All developers should be ready to deal with a security flaw by patching and notifying users of an update if it comes to that.

Security is not the core competency for most developers and designers. Even the most secure code in the world has flaws that can allow an attacker to gain unauthorized access.

Read More

Malicious Google Analytics Referral Spam



Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems.

If you use analytics software on your website, you may have already noticed some strange, inexplicable referrers in your reports. The scourge of malicious referrals and bad bots is becoming a real problem. Over the past six months, Google Trends shows an exponential increase in search engine queries involving “referral spam” and “google analytics spam.”
Read More

WP-CLI Guide: Secure WordPress Backup and Update


Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line.

Before we get into changing anything, we’ll show you how to back up your database and compress it with your files to make sure you have a complete backup of your system. For this, we’ll have to go a bit beyond WP-CLI’s capabilities and use some normal command-line tools to finish the backup.

After your website (database and files) is securely backed up and transferred to a safe location, you can update the WordPress core and DB without any worries.

Sometimes, things go wrong! Be sure to read our tips on how to back up your website safely.

Read More

WP-CLI Guide: Connect to WordPress via SSH Intro


Do you use the WordPress dashboard to update plugins and themes? How do you back up your database? If you have not used it yet, WP-CLI is an efficient way to manage your WordPress installation using a command line interface, meaning you type text commands like these two:

wp core update
wp plugin update-all

You type these lines into a Secure Shell (SSH) window that is connected to your website server. If you are new to using command line interfaces, this is a great place to start learning. Beginners will feel like masters of the Matrix in no time.
Read More