Simple but effective backdoor
Luke Leal We recently found a malicious PHP file containing a small amount of code that is effective at hiding from detection by various server side scanning…
Browsing Category
Website Security
1031 posts
“Loader for Secured Files” and arrayed b374k shell encoding
This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use…
Spam Doorway Manager
While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…
Fake Google Domains Used in Evasive Magento Skimmer
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that…
Shoesinfy Spam Injections
Denis Sinegubko Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a…
How to Perform a Website Security Audit (with Checklist)
Pilar Garcia Why Should You Audit Your Website for Security? Most hacks and cyber attacks happen because of poor security practices. The first step you can take…
Google Analytics Swiper Disguised as Legitimate Traffic
At first glance, this short script looks like benign Google Analytics code: <script type=”text/javascript”> (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async =…
FBCMS Pharmacy Spam Website
Whenever most people think of a website CMS, they most often think of the popular options like WordPress, Joomla, or Drupal. What do all three…
Reset Email Account Passwords after Website Infection: Follow Up
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information…
The Strange Case of the Malicious Favicon
Néstor Angulo During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named…
The Cost of a Hacked Website – Survey
As part of our commitment to the website security community, we want to know the true impacts of a website compromise from the owner’s perspective.…