Troubleshooting Mixed Content Warnings with HTTPS

Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We’ve seen Google talk about giving SSL a ranking boost and flagging non-HTTPS websites within the browser (Chrome) as insecure. We have also seen various organizations take the call to arms – with StartSSL offering free SSL Certificates, organizations like LetsEncrypt being established, Automattic (parent company of enabling HTTPS for all its domains, and we too announced our support through our own LetsEncrypt partnership.

HTTPS secures data in transit – it does not secure the website itself. If you have HTTPS enabled, it will not stop attackers from attacking your website and exploiting its weaknesses. Additionally, if your website is hacked, it will not stop the distribution of malware; in fact, it’ll only distribute the malware securely. While HTTPS is definitely an important piece of the security framework for any website, it’s important we don’t get caught up in the noise and distort it’s true purpose and value. Read more… 

For those that have tried to deploy SSL, myself included, there are a number of issues to be mindful of. The most common seems to be with how assets (i.e., images, css, etc…) are being loaded once you make the switch. I went ahead and put together a little tutorial to hopefully reduce the potential anxiety you might feel with this undertaking. This will be especially important if you are using our Sucuri Firewall.

Read More

Ask Sucuri: What is an XSS Vulnerability?


Question: What is an XSS vulnerability? Should I be concerned about an XSS vulnerability?

XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.

Generally XSS vulnerabilities require some type of interaction by the user to trigger the vulnerability, either via social engineering, or waiting for someone to visit a specific page. That’s why it’s often not taken seriously by developers, but if left unpatched, can be very dangerous.

Read More

Ask Sucuri: How Does Sucuri Clean a Website?


Question: How does Sucuri clean hacked websites? What is the process?

We clean a lot of websites, ~ 400 / 500, daily during our normal load. To understand how we do it, you have to understand where it all comes from.

The biggest challenge with providing incident response services (remediation) on compromised websites is that a majority of website owners (webmasters) are not prepared. Most website owners lack security knowledge and fail to invest the time necessary to become familiarized with its concepts and how it’s applicable to their environment. They fail to get their websites ready for when, not if, an attack or disaster happens. In many instances, if the webmaster had been prepared, the entire remediation process would’ve been streamlined.

Read More

Investigating a Compromised Server with Rootcheck


What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform the incident response on your behalf. What if you want to do an investigation on your own?

In this post, we will talk about Rootcheck, an open source command line tool that looks for indicators of compromise on Linux or BSD systems. It looks for known backdoors, kernel-level rootkits, malware and insecure configuration settings. It performs a few tests that will certainly help you during your hack investigation.
Read More

The Risks of Hiring a Bad SEO Company

Blackhat SEO Website Malware

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO).

We recently received a report from one our clients claiming that their website was experiencing a Distributed Denial of Service (DDoS) attack. Our Website Firewall offers DDoS protection capable of mitigating very large-scale attacks and it is rare that we need to step in to help mitigate. After a quick look, it was clear that no DDoS attack was occurring. As I suspected the site was being fully protected by our Website Firewall and there was no malicious traffic to be found. However, I did notice some strange traffic patterns that piqued my interest, so I felt it was worth investigating the issue further.

Read More

Using WPScan: Finding WordPress Vulnerabilities


When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at is used to check for vulnerable software and the WPScan team maintains the ever-growing list of vulnerabilities.

Last time, we taught you how to install WPScan on Mac and Linux.

This time we are going to dive into how to use WPScan with the most basic commands.

Read More

WPScan Intro: WordPress Vulnerability Scanner


Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked?

WPScan is a black box vulnerability scanner for WordPress sponsored by Sucuri and maintained by the WPScan Team, available free for Linux and Mac users. If you use Windows, you can install a virtual machine of a free Linux distro using Virtualbox (also free) or VMWare. If there is interest, we can do a tutorial on this in a future post. In this post we are going to cover the basics of installing WPScan, and we have also created a follow up post to teach you how to use WPScan.

We have included a video tutorial so you can follow along while you copy the commands into Terminal.

Read More

Analyzing Proxy Based Spam Networks


We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven’t shared, however, is the idea of Proxy-based Spam Networks (PSN). It’s not because it wasn’t interesting, it’s just not something we’d seen that often, or at all. As is often the case in the website security, techniques continue to evolve, they’re mastered and as such the space changes and it’s on us to understand, dissect and of course, deliver that information to each of you.

This naturally brings me to the latest trend we’re seeing, while difficult to quantify (you’ll soon see why) we have started to see and experience interesting configurations in which Blackhat SEO actors are employing the use of reverse proxies to:

  • Hijack and rank for your content.
  • Leverage that ranking for their own SEO needs (often with nefarious intentions).

Read More

Ask Sucuri: How to Create Website Backups?


Recently I had the good fortune of being able to present at Wordcamp Vancouver 2015. My presentation was titled ‘Why Security Matters‘ and I mentioned website backups several times. One of the people who attended asked me a great question:

I backup my computer, and I backup the backup of my computer, but how do I backup my website?

Many clients that I work with have never backed up their website. If your website ever breaks or gets infected these backups become your best friend. I’d like to share some step-by-step instructions on how you can manually make a backup of and restore your site without using any plugins or services.

Read More

Demystifying File and Folder Permissions

File and Folder Permissions

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-click any file on your computer and choose Properties (Windows) or Get Info (Mac) to see an example. You can also log into your server (using an FTP client like FileZilla) to do the same thing to your server files and directories.

For the purposes of this article, we’ll be discussing website files and folders on your server.

You may have heard references to things like chmod, 775, read/write, or user groups. This post is going to explain the bare bones of permissions, giving you clarity into these terms. This is important for those of us who are just starting to interact with servers, and for those who have always been curious to know more about file permissions. Ultimately, knowing how permissions work on your server will strengthen your security posture. In other words, knowledge about security concepts helps you develop a keen sense that stops you from doing things like granting full 777 permissions on a file (even if your theme documentation tells you to), or noticing when you have strange file permissions that could be the warning signs of an intruder.

Read More