Phishers Abuse Hosting Temporary URLs
Denis Sinegubko Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show…
Browsing Category
Website Security
1031 posts
Hacked Website Report – 2016/Q1
Daniel Cid Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our…
Secure Coding: How to Account for Input Sanitization
Rodrigo Escobar On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website’s functionality and in some instances extend the applications…
Domain Validation: SSL’s Other Job
Jon Watson SSL certificates are a hot topic today. Website owners are becoming increasingly aware that collecting information on non-HTTPS secured pages is a bad idea and…
Ask Sucuri: What is an XSS Vulnerability?
Rodolfo Assis Question: What is an XSS vulnerability? Should I be concerned about an XSS vulnerability? XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects…
Ask Sucuri: Differentiate Between Security Firewalls
Tony Perez Question: How should a website owner differentiate between firewalls? What do they do? The term “firewall” is not new. It is common terminology in the…
Beware of Unverified TLS Certificates in PHP & Python
Peter Kankowski Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your…
Hacked Websites Redirect to Porn from PDF / DOC Links
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking…
Ask Sucuri: How Does Sucuri Clean a Website?
Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To…
Server Security: Indicators of Compromised Behavior with OSSEC
We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source…
Massive Admedia/Adverting iFrame Infection
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing…