Phishers Abuse Hosting Temporary URLs
Denis Sinegubko Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show…
Browsing Category
Web Pros
97 posts
Targeted Phishing Against GoDaddy Customers
Marc Kranat I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is…
IIS, Compromised GoDaddy Servers, and Cyber Monday Spam
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites,…
Does Sucuri Work With My Host? Yes, Yes We Do.
David Dede We’ve been scanning and removing malware from websites for years and in this time frame we have seen the website security domain grow by leaps…
Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL…
Plesk Vulnerability – In the Wild for Months Before Disclosure
Daniel Cid A few days ago we published a post about the Plesk 0-day vulnerability that we started to see being probed in the wild. It uses…
Plesk 0-day Remote Vulnerability in the Wild
Just last week another 0-day vulnerability on Plesk was released. It affects Plesk 9.2, 9.3 and 9.5.4 versions. If you have not yet, we recommend…
Who Really Owns Your Website? “Please Stop Hotlinking My Easing Script — Use a Real CDN Instead.”
For the last few days, we have had some customers come to us worried thinking that their websites were compromised with some type of pop-up…
Web Server Compromise – Debian Distro – Identify and Remove Corrupt Apache Modules
Tony Perez Came across another server compromise this week. Client was complaining that the following kept being injected into their JavaScript files: document.write("<style.vb4brk { position:absolute; left:-1655px; top:-1476px} </style> <div…
Compromised Websites Hosting Calls to Java Exploit
Remember that Java 0 day vulnerability that was discovered a few weeks ago and took a while to get patched by Oracle? You know, the…
Dreamhost Clients – Possible 500 Errors During Database Migration
This morning Dreamhost released an email to a number of clients notifying them that a database was being moved to a new server. If you’re…