Labs Notes Monthly Recap – Sep/2016
Estevao Avillez Sharing what we learn in the form of content and tools has been a staple here at Sucuri since our inception. Our greatest challenge is having…
WordPress Hack Modifies Core Files to Share Spam
Bruno Zanelato One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even…
Spotlight: How Softwear Systems Provides Drupal Security
Alycia Mitchell In the early 1980’s Softwear Systems opened up as a custom software company in Chicago. Over the years, its founder Mitch Meyers, learned how to…
Magento as a Phishing Spam Sending Tool
Cesar Anjos The most typical reasons for Magento websites to get compromised are to steal credit card information or to find a way to divert payments to…
Targeting mobile devices the easy way
Peter Gramantik With the outburst of mobile-only malware, we’re seeing a lot of mobile-devices targeted campaigns in last years. There are lot of ways how to make…
SSH Brute Force Compromises Leading to DDoS
Daniel Cid A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via…
What is the Status of IPv6 Adoption?
The internet is a complex ecosystem of interconnected devices, and at its core is the Internet Protocol (IP). This protocol is currently in its second…
Malicious Pop-ups in vBulletin
Fernando Barbosa Pop-up ads are annoying. Unfortunately many sites rely on them to pay for their operational expenses and even to make some extra cash. However when…
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights…
Hijacking PayPal Donations
Denis Sinegubko Recently we wrote about how hackers hijacked payment process on an ecommerce site and redirected customers to a fake checkout page on a third-party site.…
Hacking WordPress Sites on Shared Servers
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server,…