Ask Sucuri: Differentiate Between Security Firewalls
Tony Perez Question: How should a website owner differentiate between firewalls? What do they do? The term “firewall” is not new. It is common terminology in the…
Browsing Category
Security Education
679 posts
Ask Sucuri: How Does Sucuri Clean a Website?
Daniel Cid Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To…
Behind the Malware – Botnet Analysis
Antony Garand While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…
Investigating a Compromised Server with Rootcheck
heWhat do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to…
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The…
The Risks of Hiring a Bad SEO Company
Keir Desailly Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used…
Using WPScan: Finding WordPress Vulnerabilities
Alycia Mitchell When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if…
Increased Popularity in DDoS Extortion Campaigns
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different…
Sucuri += HTTP/2 — Announcing HTTP/2 Support
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already…
WPScan Intro: WordPress Vulnerability Scanner
Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box…
Brute Force Amplification Attacks Against WordPress XMLRPC
Brute force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have…