Website Application Firewalls (WAF) – Practical Approach to Website Security
Tony Perez In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was…
RealStatistics Goes TrafficAnalytics
Rodrigo Escobar In the last few months, our Incident Response Team detected an interesting malicious code that affected a high number of websites. This malware is a…
Content Injection Vulnerability in WordPress
Marc-Alexandre Montpas As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…
Joomla admin login bypass – set your UA for full admin access
Yuliyan Tsvetkov Every day we analyse hundreds of new malicious files. Some of them are simple backdoors, injected iframes, or one liner defacements. Another type of malware,…
Fake Google Analytics tracking code leading to Adware
John Castro Our Incident Response process makes sure we remove all malicious files and other small pieces of code inserted in good files that could be used…
Spotlight: Website Security Response for Photographers
Alycia Mitchell It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart.…
Amazon Affiliate Cookie Stuffing
Denis Sinegubko We wrote a lot about malware in invisible iframes. This story is about a different type of invisible iframes that hackers may place on your…
Fake bb_press Plugin Redirects to Mobile Pornography
Fernando Barbosa When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access…
Hooking WordPress Class to Hide Malicious Users
When a website is compromised, attackers perform post-exploitation tasks to maintain access to the site for as long as possible. One of these actions is…
WordPress Performance Optimization Guide
Daniel Cid Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordPress…
Search and Backdoor
Luke Leal The ubiquity of “unlimited” shared hosting platforms has incentivized malware in trying to infect as many adjacent website directories as it can to increase its…