Server Security: Indicators of Compromised Behavior with OSSEC

03162016_ServerSecurityOssec_V2

We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log
Read More

When a WordPress Plugin Goes Bad

03042016_WordPressPlugin_V1

  Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the CCTM plugin, and changing the version to 0.9.8.9. WordPress
Read More

Behind the Malware – Botnet Analysis

Revslider new vulnerability with IRC Botnet

While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises. Now it's being leveraged again in a new attempt to infect
Read More

Investigating a Compromised Server with Rootcheck

02192016_RootCheck_V2

What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform the incident response on your behalf. What if you want to do an investigation on your
Read More

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

021072016_WordPress7Layer_V1r2

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with the pingback feature enabled (its def
Read More

Fake SUPEE-5344 Patch Steals Payment Details

02122016_SUPEE5344

Update 2/17: This post is not about hackers tricking webmasters into installing fake Magento security patch. It's about malware that pretends to be an applied security patch. In case you don't know, SUPEE-5344 is an official security patch to the
Read More

Seo-moz.com SEO Spam Campaign

Seo-Moz Website Spam

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These
Read More

Magento PCI Compliance Issues and Theft Over TLS

02052016_MagentoPCICompliance

With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is
Read More

Server Security: Import WordPress Events to OSSEC

01282015_Ossec_WordPressUpdate

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file
Read More

Massive Admedia/Adverting iFrame Infection

02012016_Admedia

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are:
Read More