.htaccess Tricks in Global.asa Files
Denis Sinegubko As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual paths…
Browsing Category
Website Malware Infections
862 posts
WordPress Malware – Active VisitorTracker Campaign
Daniel Cid We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the…
Analyzing Proxy Based Spam Networks
Tony Perez We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to…
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search…
Analyzing Popular Layer 7 Application DDoS Attacks
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big,…
FunWebProducts UserAgent Bloating Traffic
Alycia Mitchell Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with…
Ask Sucuri: How Did My WordPress Website Get Hacked? – A Tutorial
With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today’s websites are hosting in the…
Common Website Security Terminology Defined
If you want to keep your website safe, it is important to understand the website security terminology used to describe the causes and effects of…
SweetCAPTCHA Service Used to Distribute Adware
SweetCaptcha is a free CAPTCHA service that offers to match “sweet” images instead of making you recognize distorted digits and characters. It has integrations with…
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
David Dede Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included…
Critical Persistent XSS 0day in WordPress
Marc-Alexandre Montpas *Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…