The Risks of Hiring a Bad SEO Company

Blackhat SEO Website Malware

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO).

We recently received a report from one our clients claiming that their website was experiencing a Distributed Denial of Service (DDoS) attack. Our Website Firewall offers DDoS protection capable of mitigating very large-scale attacks and it is rare that we need to step in to help mitigate. After a quick look, it was clear that no DDoS attack was occurring. As I suspected the site was being fully protected by our Website Firewall and there was no malicious traffic to be found. However, I did notice some strange traffic patterns that piqued my interest, so I felt it was worth investigating the issue further.

Read More

Using WPScan: Finding WordPress Vulnerabilities


When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at is used to check for vulnerable software and the WPScan team maintains the ever-growing list of vulnerabilities.

Last time, we taught you how to install WPScan on Mac and Linux.

This time we are going to dive into how to use WPScan with the most basic commands.

Read More

WPScan Intro: WordPress Vulnerability Scanner


Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked?

WPScan is a black box vulnerability scanner for WordPress sponsored by Sucuri and maintained by the WPScan Team, available free for Linux and Mac users. If you use Windows, you can install a virtual machine of a free Linux distro using Virtualbox (also free) or VMWare. If there is interest, we can do a tutorial on this in a future post. In this post we are going to cover the basics of installing WPScan, and we have also created a follow up post to teach you how to use WPScan.

We have included a video tutorial so you can follow along while you copy the commands into Terminal.

Read More

Analyzing Proxy Based Spam Networks


We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven’t shared, however, is the idea of Proxy-based Spam Networks (PSN). It’s not because it wasn’t interesting, it’s just not something we’d seen that often, or at all. As is often the case in the website security, techniques continue to evolve, they’re mastered and as such the space changes and it’s on us to understand, dissect and of course, deliver that information to each of you.

This naturally brings me to the latest trend we’re seeing, while difficult to quantify (you’ll soon see why) we have started to see and experience interesting configurations in which Blackhat SEO actors are employing the use of reverse proxies to:

  • Hijack and rank for your content.
  • Leverage that ranking for their own SEO needs (often with nefarious intentions).

Read More

Ask Sucuri: How to Create Website Backups?


Recently I had the good fortune of being able to present at Wordcamp Vancouver 2015. My presentation was titled ‘Why Security Matters‘ and I mentioned website backups several times. One of the people who attended asked me a great question:

I backup my computer, and I backup the backup of my computer, but how do I backup my website?

Many clients that I work with have never backed up their website. If your website ever breaks or gets infected these backups become your best friend. I’d like to share some step-by-step instructions on how you can manually make a backup of and restore your site without using any plugins or services.

Read More

Demystifying File and Folder Permissions

File and Folder Permissions

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-click any file on your computer and choose Properties (Windows) or Get Info (Mac) to see an example. You can also log into your server (using an FTP client like FileZilla) to do the same thing to your server files and directories.

For the purposes of this article, we’ll be discussing website files and folders on your server.

You may have heard references to things like chmod, 775, read/write, or user groups. This post is going to explain the bare bones of permissions, giving you clarity into these terms. This is important for those of us who are just starting to interact with servers, and for those who have always been curious to know more about file permissions. Ultimately, knowing how permissions work on your server will strengthen your security posture. In other words, knowledge about security concepts helps you develop a keen sense that stops you from doing things like granting full 777 permissions on a file (even if your theme documentation tells you to), or noticing when you have strange file permissions that could be the warning signs of an intruder.

Read More

FunWebProducts UserAgent Bloating Traffic

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an educated guess. Our main business is preventing hacks and cleaning them up, but we always try to go above and beyond when we get questions about the methods and reasons behind hacks.

One of the websites we protect was experiencing an abnormal increase in traffic. In just one month, they saw 4 times as much traffic as the previous months. It was a mystery to them where it was all coming from.


The requests themselves were not doing anything nefarious, but upon investigation, our Website Firewall was adding rules to block the traffic from returning by temporarily blocking the offending IP addresses. Though the requests were benign in nature, their behavior was definitely suspect and triggered our automatic protection. We were curious about the source of this strange traffic, and looked to provide our customer with any insight on where this surge in traffic might be coming from.

This is what makes our jobs interesting. Even though I’m technically in marketing, there are so many ways that crooks can exploit code and internet protocols. Many of these nefarious online acts unfortunately intersect with marketing, advertising, and analytics. Everyone on our team works together to solve these cyber crimes, helping out when we have a little bit more knowledge in Google Analytics, or previous experience with a specific operating system. Before I lay this out, I have to thank Jarret Cade, Marc Kranat, and Rafael Capovilla for helping me find and analyze this case. Though our team never got a clear and confirmed answer to this mystery, the process of analyzing these cases interests all of us.

The client noticed that in Google Analytics, a lot of traffic was coming from a source that was not set. She also noticed right away that there was also a lot of referral spam from and other top offenders involved in this kind of analytics spam.

Read More

WP-CLI Guide: Install WordPress via SSH


This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database. We also covered a few commands in our third post about how to securely manage your plugins and themes with WP-CLI, including updating, removing, and adding them to WordPress.

Today, we are going to cover installing WordPress core from the ground up using WP-CLI. This is the pièce de résistance, and one of the most secure ways to install WordPress. The SSH protocol encrypts the commands and data transfer, keeping your connection to your website server more private than using FTP clients.

Read More

Prestige Conference Means Business


A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the occasional apex. Woven among the exposition, rising action, climax, falling action and finally a resolution, the story line of each career can change very quickly. This statement rings even truer in the current world economy. However, while still in movement, any career can always use fresh perspective, direction, and new goals or ideas.

Perhaps you are a serial entrepreneur exploring the possibilities for your next start-up. Or, maybe you are a mid-career professional working toward your next big move. You could possibly be in the process of re-branding yourself to leverage your current position and network in a new improved way. Regardless of the Business/Career stage you are in, Prestige Conference offers not only valuable information, but also quality relationships that can better purpose, position or power your next steps.

Learn From the Best

Our friends at the Prestige Conference have engaged in careful consideration as they evaluated and ultimately decided on which speakers in which they would invest in effort to provide the best opportunities for the personal and professional growth of attendees. Boasting patronage and sponsorship from among arguably the best and brightest minds in the tech and business space, Prestige is an event designed to make real impact for real people. This is one of the many reasons Sucuri has partnered with Prestige and will be represented by our very own Co-Founder and CEO, Tony Perez who speaks at 10am on the business of security.

As a brisk preview, our CEO, Tony Perez, will specifically highlight challenges we have faced as we build one of the fastest growing and most recognizable brands in website security. Attendees will receive a wealth of wisdom as Tony shares what it means to build your business around true value in an industry often riddled with manipulation and skewed with Fear Uncertainty and Doubt (FUD) and/or snake oil. Navigating such terrain will undoubtedly offer insight which will be applicable across a variety of backgrounds. Whether you participate in person or view virtually, you are encouraged to tune in and tap into one of the minds on our leadership team that is inspiring and guiding our company into its next phase.

The conference begins TOMORROW and therefore would call you to speedy registration. However, if you are unable to attend in person, you should still capitalize on the conference by taking advantage of their live-stream. No need to miss! Hope to see you there!

WP-CLI Guide: Secure Plugin & Theme Management


Welcome to our third post on WP-CLI for secure WordPress management over an SSH command line interface. In our previous two articles, we discussed how to connect to WordPress over SSH, and then how to back up & update WordPress securely.

Like other open-source content management systems, WordPress lets you easily add code to make your website look and act differently. These are your themes and plugins, built by inspired developers and designers who understand how WordPress works. It’s these extensions that allow you to publish content with added functionality for your visitors and what facilitates the unique look of your brand.

The people who build these extensions know quite a bit about internet technology when it comes to user experience, but there are just too many ways to break a website. All developers should be ready to deal with a security flaw by patching and notifying users of an update if it comes to that.

Security is not the core competency for most developers and designers. Even the most secure code in the world has flaws that can allow an attacker to gain unauthorized access.

Read More