Return to the City of Cron – Malware Infections on Joomla and WordPress
Luke Leal We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had…
Threat intelligence gathering from slight changes in malicious code samples
We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…
.htaccess Injector on Joomla and WordPress Websites
Eugene Wozniak During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website,…
Hosting page templates causing your website ad campaign to be blocked
Cesar Anjos It’s quite common that hosting providers have templates set for pages like 40x and 50x error pages but it’s uncommon for those templates to have…
Slimstat: Stored XSS from Visitors
Antony Garand The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain…
W97M/Downloader Malware Dropper Served from Compromised Websites
Bruno Zanelato W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a…
Who is Responsible for the Security of Your Website?
Josh Hammer On a daily basis at Sucuri, we hear things like: “My host takes care of my website security.” “I have never been hacked, so why…
Hex’ing the CSS Style Attribute for Black Hat SEO
Ahmad Azizan Idris Dealing with Black Hat SEO injections on our daily operation is always fun and challenging at the same time. One day, we may work with…
Persistent Cross-site Scripting in WP Live Chat Support Plugin
John Castro During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat…
WordPress Plugin Give – Stored XSS for Donors
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. During a recent audit…
array_diff_ukey Usage in Malware Obfuscation
We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…