FunWebProducts UserAgent Bloating Traffic

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an educated guess. Our main business is preventing hacks and cleaning them up, but we always try to go above and beyond when we get questions about the methods and reasons behind hacks.

One of the websites we protect was experiencing an abnormal increase in traffic. In just one month, they saw 4 times as much traffic as the previous months. It was a mystery to them where it was all coming from.


The requests themselves were not doing anything nefarious, but upon investigation, our Website Firewall was adding rules to block the traffic from returning by temporarily blocking the offending IP addresses. Though the requests were benign in nature, their behavior was definitely suspect and triggered our automatic protection. We were curious about the source of this strange traffic, and looked to provide our customer with any insight on where this surge in traffic might be coming from.

This is what makes our jobs interesting. Even though I’m technically in marketing, there are so many ways that crooks can exploit code and internet protocols. Many of these nefarious online acts unfortunately intersect with marketing, advertising, and analytics. Everyone on our team works together to solve these cyber crimes, helping out when we have a little bit more knowledge in Google Analytics, or previous experience with a specific operating system. Before I lay this out, I have to thank Jarret Cade, Marc Kranat, and Rafael Capovilla for helping me find and analyze this case. Though our team never got a clear and confirmed answer to this mystery, the process of analyzing these cases interests all of us.

The client noticed that in Google Analytics, a lot of traffic was coming from a source that was not set. She also noticed right away that there was also a lot of referral spam from and other top offenders involved in this kind of analytics spam.

Read More

WP-CLI Guide: Install WordPress via SSH


This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database. We also covered a few commands in our third post about how to securely manage your plugins and themes with WP-CLI, including updating, removing, and adding them to WordPress.

Today, we are going to cover installing WordPress core from the ground up using WP-CLI. This is the pièce de résistance, and one of the most secure ways to install WordPress. The SSH protocol encrypts the commands and data transfer, keeping your connection to your website server more private than using FTP clients.

Read More

Prestige Conference Means Business


A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the occasional apex. Woven among the exposition, rising action, climax, falling action and finally a resolution, the story line of each career can change very quickly. This statement rings even truer in the current world economy. However, while still in movement, any career can always use fresh perspective, direction, and new goals or ideas.

Perhaps you are a serial entrepreneur exploring the possibilities for your next start-up. Or, maybe you are a mid-career professional working toward your next big move. You could possibly be in the process of re-branding yourself to leverage your current position and network in a new improved way. Regardless of the Business/Career stage you are in, Prestige Conference offers not only valuable information, but also quality relationships that can better purpose, position or power your next steps.

Learn From the Best

Our friends at the Prestige Conference have engaged in careful consideration as they evaluated and ultimately decided on which speakers in which they would invest in effort to provide the best opportunities for the personal and professional growth of attendees. Boasting patronage and sponsorship from among arguably the best and brightest minds in the tech and business space, Prestige is an event designed to make real impact for real people. This is one of the many reasons Sucuri has partnered with Prestige and will be represented by our very own Co-Founder and CEO, Tony Perez who speaks at 10am on the business of security.

As a brisk preview, our CEO, Tony Perez, will specifically highlight challenges we have faced as we build one of the fastest growing and most recognizable brands in website security. Attendees will receive a wealth of wisdom as Tony shares what it means to build your business around true value in an industry often riddled with manipulation and skewed with Fear Uncertainty and Doubt (FUD) and/or snake oil. Navigating such terrain will undoubtedly offer insight which will be applicable across a variety of backgrounds. Whether you participate in person or view virtually, you are encouraged to tune in and tap into one of the minds on our leadership team that is inspiring and guiding our company into its next phase.

The conference begins TOMORROW and therefore would call you to speedy registration. However, if you are unable to attend in person, you should still capitalize on the conference by taking advantage of their live-stream. No need to miss! Hope to see you there!

WP-CLI Guide: Secure Plugin & Theme Management


Welcome to our third post on WP-CLI for secure WordPress management over an SSH command line interface. In our previous two articles, we discussed how to connect to WordPress over SSH, and then how to back up & update WordPress securely.

Like other open-source content management systems, WordPress lets you easily add code to make your website look and act differently. These are your themes and plugins, built by inspired developers and designers who understand how WordPress works. It’s these extensions that allow you to publish content with added functionality for your visitors and what facilitates the unique look of your brand.

The people who build these extensions know quite a bit about internet technology when it comes to user experience, but there are just too many ways to break a website. All developers should be ready to deal with a security flaw by patching and notifying users of an update if it comes to that.

Security is not the core competency for most developers and designers. Even the most secure code in the world has flaws that can allow an attacker to gain unauthorized access.

Read More

Malicious Google Analytics Referral Spam



Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems.

If you use analytics software on your website, you may have already noticed some strange, inexplicable referrers in your reports. The scourge of malicious referrals and bad bots is becoming a real problem. Over the past six months, Google Trends shows an exponential increase in search engine queries involving “referral spam” and “google analytics spam.”
Read More

WP-CLI Guide: Secure WordPress Backup and Update


Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line.

Before we get into changing anything, we’ll show you how to back up your database and compress it with your files to make sure you have a complete backup of your system. For this, we’ll have to go a bit beyond WP-CLI’s capabilities and use some normal command-line tools to finish the backup.

After your website (database and files) is securely backed up and transferred to a safe location, you can update the WordPress core and DB without any worries.

Sometimes, things go wrong! Be sure to read our tips on how to back up your website safely.

Read More

WP-CLI Guide: Connect to WordPress via SSH Intro


Do you use the WordPress dashboard to update plugins and themes? How do you back up your database? If you have not used it yet, WP-CLI is an efficient way to manage your WordPress installation using a command line interface, meaning you type text commands like these two:

wp core update
wp plugin update-all

You type these lines into a Secure Shell (SSH) window that is connected to your website server. If you are new to using command line interfaces, this is a great place to start learning. Beginners will feel like masters of the Matrix in no time.
Read More

10 Years of Joomla! – Supporting JoomlaDay Minnesota


As Joomla prepares to celebrate its 10 year anniversary, we want to be certain to join in the festivities.

Why? Because open source platforms allow individuals to better support their families, capitalize on time at home, and maximize earning potential. The follow up questions to these assertions could be: “How do you come to that conclusion? How is that important to a website security firm?”

Making a Better Internet

First, open source platforms provide lower barriers to entry which enable would-be business owners to effectively “start-up.” Of the many users who have opted to utilize Joomla, we recognize the number of successes that make up between 2.5% to 3% of the most prominent 1 million sites worldwide. Alone, that percentage is a great foundation that lends itself to the legitimacy of such an open source community.

However, there is yet another element that ties our interest to the Joomla community. As a company whose core purpose is rooted in providing security, we can appreciate the access, reliability, and sustainability offered through the Joomla! open source community. The goals motivating and maintaining Joomla’s commitment are essentially the same as ours here at Sucuri.

We want our customers to experience a safe and capable Internet. We want them to have an experience that allows them to maximize their online potential without the hassles of nuance and micro-details which can be more easily addressed through an “economies of scale” model. Joomla accomplishes that in the same way we accomplish security for our clients while still facilitating flexibility and customizability.
Read More

Common Website Security Terminology Defined


If you want to keep your website safe, it is important to understand the website security terminology used to describe the causes and effects of hacks. Software vulnerabilities and access control issues are two of the main causes of website infections, and in this post we will define some of the terminology used to describe them. We will also discuss some of the effects of having a hacked website in order to give you a well rounded understanding of both the symptoms and the consequences.

Read More

Analyzing a Facebook Clickbait Worm


Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. Malicious Facebook posts are one way that hackers can use social engineering to attract and attack victims.

If you are not familiar with the term, clickbait is when web content is created in a way that psychologically exploits the reader’s curiosity using compelling headlines. When someone clicks on the article to read it, the service promoting the article generates online advertisement revenue.

You may know several websites that rely on strategies like this, with BuzzFeed being the typical example. You have already read headlines like: You won’t believe what this guy did after doing that other thing! Or 27 things that people with some personality do! Most of these sites just want your click (and the revenue that they generate), however, some of them turn to the dark side in order to get their message out.
Read More