How to Create Website Backups Using Command-line Tools
Gerson Ruiz Creating website backups should be one of the most important recurring tasks for a website administrator, and yet backups are often forgotten when thinking about…
Browsing Category
Website Security
1031 posts
PHP Script Nukes All Website Files
Ben Martin Most malware and spam that we come across has some sort of discernable purpose to it, usually something which benefits the attackers financially. This is…
Setting Expectations For Your Website Security
Victor Santoyo I have a website. Sweet! What happens next? Well, it’s a natural question. I had a brilliant idea and purchased a domain name, but what…
What is Cross-Site Contamination and How to Prevent it
Tony Perez If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contamination.…
Malicious Backdoor Hidden Inside Fake Image
Samuel Odendaal During an incident response investigation, we detected an interesting backdoor that was hidden in a fake image. The attacker was quite creative in creating an…
Code Injection in Signed PHP Archives (Phar)
Jeff Channell PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single…
Protecting Phishing Pages via .htaccess
Yuliyan Tsvetkov Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny…
Phishing the Right Phish
Fernando Barbosa Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers…
Undesired Redirects
Cesar Anjos Whether it is your own or a website you are visiting, undesired redirects and pop-ups are always annoying. The situation gets worse when your visitors…
How Undefined Variables Can Give You RCE
When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these…
The elegant dropper – reusable code for PHP shell installation
During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to…