The Story of an Expired WHOIS Server
Salvador Aguilar We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into…
Ghost from the Past
Denis Sinegubko Some sites may stay infected or not properly cleaned for years. Eventually, they come to us and we clean them. It doesn’t matter whether the…
SQL Injection Vulnerability in NextGEN Gallery for WordPress
Slavco Mihajloski As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…
When malware injection goes wrong
Ben Martin Today while scanning a client’s website, I found a failed attempt by attackers to hide the location of a backdoor. It is very common for…
Ask Sucuri: Common WAF Questions and Concerns
Tony Perez There is no more frustrating experience than knowing you need something, but not knowing which questions to ask. This resonates with website owners when they…
Spam content injection
Samuel Odendaal During a recent incident response investigation, we detected an infected website loading spam content from another location. The malware was responsible for fetching the spam…
Joomla Security – Pornography Spam Campaign in the Wild
Bruno Zanelato One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a…
WordPress Security – Fake TrafficAnalytics Website Infection
Rodrigo Escobar Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for…
.user.ini SPAM SEO Redirect
John Castro Since PHP 5.3.0, PHP includes support for configuration INI files on a per-directory basis that has the same effect (depending on the case) that the…
Backdooring sites using exotic php functions
Throughout the last few months, we published multiple articles about simple but powerful backdoors and how attackers get creative. Virtually in all cases, the code…
New Guide on How to Fix Hacked Magento Sites
Alycia Mitchell Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website security. Online shopping, to many people, is…