Replica Spam on Poorly Maintained ASP Site
Denis Sinegubko Although the majority of sites we work on are powered by PHP, we still have clients whose sites use other programming languages. The other day…
Browsing Category
Website Security
1031 posts
Cronjob Backdoors
Cesar Anjos Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level…
How Stolen Ecommerce Data is Sold on the Darknet
Luke Leal We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals).…
Typo 3 Spam Infection
Ben Martin Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now…
Fake relatable domain used to distribute ads
Krasimir Konov Malicious users try to hide their malicious scripts in many ways these days, some more clever then others, in this case we look at a…
Sucuri’s 10th Anniversary
Daniel Cid It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the…
Reset Email Account Passwords After a Website Malware Infection
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners…
PCI for SMB: Requirement 12 – Maintain an Information Security Policy
Victor Santoyo Update: Read our new PCI Compliance guide. Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI…
ThinkPHP 5.x Remote Code Execution
John Castro Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you…
Thousands of Redirecting Files
We recently cleaned a site where we found thousands of malicious files with the following content: <?php header ( “HTTP/1.1 301 Moved Permanently” ) ;…
From .tk Redirects to PushKa Browser Notification Scam
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities…