Website Security News
Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a shared object and running as a service. This also allows the malware to operate under restricted privileges, and is difficult to clean…
Read More about Mayhem Malware Server Botnet Continues to Evolve
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distributed across 47,000 IP…
Read More about IoT Home Router Botnet Leveraged in Large DDoS Attack
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last two weeks ( codenamed “Realstatistics“). This campaign has compromised thousands of websites built on the Joomla! and WordPress…
Read More about Realstatistics Malware Campaign Leads To Ransomware
While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises. Now it’s being leveraged again…
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with…
Read More about WordPress Sites Leveraged in Layer 7 DDoS Campaigns
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites…
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable…
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is always interesting however are…
Read More about New Brute Force Attacks Exploiting XMLRPC in WordPress
A few weeks back we reported on very large Layer 7 DDOS attacks within the WordPress ecosystem. Today we decided to provide you a little illustration of what that looks…
Read More about Watch a Layer 7 DDOS Attack – WordPress Security
Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included…
Read More about Case Study: Analyzing the Origins of a DDoS Attack
Distributed Denial of Service (DDoS) attacks are becoming a common trend on our blog lately, and that’s okay because it’s a very serious issue for every website owner. Today I…
Read More about More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
