Category Archives: Website Security

Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware

Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware

The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques:

Impersonation

These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. Impersonation phishing campaigns may also contain a victim’s name, email address, account number, or some other personal detail.

Continue reading Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware at Sucuri Blog.

The Importance of Website Logs

The Importance of Website Logs

As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis.

Sucuri offers website monitoring, protection, and clean up, but sometimes we go that extra mile and investigate how websites become compromised in the first place. This usually happens when websites become reinfected after a cleanup.

The reinfection itself can be caused by something as simple as a compromised admin user.

Continue reading The Importance of Website Logs at Sucuri Blog.

Add Security to Your Website Agency Portfolio

Add Security to Your Website Agency Portfolio

As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you convey this message to your customers?

Offering Website Security to Clients

Website security should be part of any web professional’s portfolio. How can you get started talking with your clients about website security?

Here are some ways to approach this topic and have customers onboard with a website security offering.

Continue reading Add Security to Your Website Agency Portfolio at Sucuri Blog.

Googlebot or a DDoS Attack?

Googlebot or a DDoS Attack?

A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repetitive tasks we do. There are legitimate bots and malicious ones. A Web Application Firewall (WAF) filters the web traffic and blocks any malicious bots, letting the good ones pass.

Googlebot is Google’s web crawling bot. Google uses it to discover new and updated pages to be added to the search engine index.

Continue reading Googlebot or a DDoS Attack? at Sucuri Blog.

The Anatomy of Website Malware: An Introduction

The Anatomy of Website Malware: An Introduction

We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware.

Are you interested in how backdoors, injectors, hacktools, or spam redirectors look and operate on a website? I’ll be covering these topics (and many others) in my upcoming articles.

Continue reading The Anatomy of Website Malware: An Introduction at Sucuri Blog.

Spam Injector Disguised as License Key in WordPress Website

Spam Injector Disguised as License Key in WordPress Website

Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig deeper and conduct a complete investigation.

A license key is a place where a webmaster might not expect to find an infection, however, in this particular case, this is where we found one.

A Spam Injector Resembling a License Key

A client opened a malware removal ticket reporting some weird spam URLs injected onto their WordPress website.

Continue reading Spam Injector Disguised as License Key in WordPress Website at Sucuri Blog.

Zero-day vulnerability in ‘Total Donations’ plugin could allow attackers to take over WordPress sites

The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations. The plugin’s code contains several design flaws that inherently expose

The post Zero-day vulnerability in ‘Total Donations’ plugin could allow attackers to take over WordPress sites appeared first on The Cyber Security Place.

Optimize Setup to Improve Your Website Resilience for DDoS Attacks

Optimize Setup to Improve Your Website Resilience for DDoS Attacks

Distributed denial-of-service (DDoS) attacks can disrupt website traffic and impact any business. To help website owners and webmasters improve their website resilience to DDoS attacks, we have put together a series of posts.

Here are the topics that will be discussed:

  • Website optimization best practices
  • Caching best practices
  • Web Application Firewall (WAF) protection
  • Setup Optimization

Today, we are going to explore website setup optimization best practices.

Continue reading Optimize Setup to Improve Your Website Resilience for DDoS Attacks at Sucuri Blog.

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, which security researchers with "

Improvements to SiteCheck Website Scanner

Improvements to SiteCheck Website Scanner

SiteCheck is Sucuri’s free website malware and security scanner offered to anyone who wants to scan their websites for malware and blacklist status.

Last year, we improved SiteCheck’s speed and reliability. Today, we are excited to share the latest upgrades that makes SiteCheck even better.

SiteCheck Upgrades

As one of our first free tools created, SiteCheck has been used by thousands–not only website owners but also users around the globe who are concerned with website security in general.

Continue reading Improvements to SiteCheck Website Scanner at Sucuri Blog.

OWASP Top 10 Security Risks – Part V

OWASP Top 10  Security Risks – Part V

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.

The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive data exposure
  4. XML External Entities (XXE)
  5. Broken Access control
  6. Security misconfigurations
  7. Cross Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with known vulnerabilities
  10. Insufficient logging and monitoring

In our previous posts, we explained the first eight items on the OWASP Top 10 list.

Continue reading OWASP Top 10 Security Risks – Part V at Sucuri Blog.

Free SuperCounters Widget Serves Unwanted Redirects to Dating Site

Free SuperCounters Widget Serves Unwanted Redirects to Dating Site

If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popularity of the visitor-counting widget.

Commonly displayed on homepages across the web, these widgets served as credibility indicators to help site visitors identify the popularity of a website.

While this feature may have gone out of vogue with current website design trends and advanced analytics tools, they also fell out of favor for bad behavior – from stealing traffic and redirections to planting trojans and malware.

Continue reading Free SuperCounters Widget Serves Unwanted Redirects to Dating Site at Sucuri Blog.

How to Improve Your Website Resilience for DDoS Attacks – Part III – WAF

How to Improve Your Website Resilience for DDoS Attacks – Part III – WAF

In the first post of this series, we talked about the practices that will optimize your site and increase its resilience to DDoS attacks. In the second post, we focused on caching best practices that can reduce the chances of a DDoS attack taking down your site. Today, we are going to emphasize the importance of having a Web Application Firewall.

What is a Web Application Firewall?

A web application firewall (WAF) is a firewall that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application.

Continue reading How to Improve Your Website Resilience for DDoS Attacks – Part III – WAF at Sucuri Blog.

OWASP Top 10 Security Risks – Part IV

OWASP Top 10  Security Risks – Part IV

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.

The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive data exposure
  4. XML External Entities (XXE)
  5. Broken Access control
  6. Security misconfigurations
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with known vulnerabilities
  10. Insufficient logging and monitoring

In our previous posts, we explained the first six items on the OWASP Top 10 list.

Continue reading OWASP Top 10 Security Risks – Part IV at Sucuri Blog.

How to Prevent Cross-Site Contamination for Beginners

How to Prevent Cross-Site Contamination for Beginners

What is Cross-Site Contamination?

Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in daycare catching the flu, next thing you know, everybody in the family has it as well. The same happens with websites. A site can be negatively affected by neighboring sites that are on the same server.

One of the main causes of cross-site contamination is poor isolation on the server or weak account configuration.

Continue reading How to Prevent Cross-Site Contamination for Beginners at Sucuri Blog.

New Year Tips from Security Professionals

New Year Tips from Security Professionals

Have you included website security as a part of your new year’s resolutions for 2019?

Here is a quick retrospective on tips some of our team members shared with us throughout the year.

The cost for neglecting security is 10 times greater than the effort to keep it safe. Your brand value takes 10 times as long to be recovered than to build it. Make sure to follow security best practices to protect your web assets.

Continue reading New Year Tips from Security Professionals at Sucuri Blog.

My Website Was Hacked on Christmas Eve

My Website Was Hacked on Christmas Eve

Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but not all of them have a present to open. This is why our family started a charity project in 2007 called the Shoebox Project. A few years later, my wife suggested that I create a website to help us spread the word of how people could fill a shoebox with gifts and bring it into a collection center.

Continue reading My Website Was Hacked on Christmas Eve at Sucuri Blog.

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewall. Our team takes great pride in this distinction, as customer feedback continues to shape our products and services.

In its announcement, Gartner explains,

“The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.”

To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

Continue reading Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls at Sucuri Blog.

Clever SEO Spam Injection

Clever SEO Spam Injection

It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website.

The Traditional Approach

There are two common approaches attackers use to inject SEO spam on websites:

  1. Injecting HTML code for concealed elements in theme files
  2. Injecting fake spam posts in the WordPress database

Both approaches are readily found during Sucuri’s routine remediation process.

Continue reading Clever SEO Spam Injection at Sucuri Blog.

Naughty or Nice Websites

Naughty or Nice Websites

Santa Claus is coming! Was your website naughty or nice this year?

Here is a quick checklist of the top 10 bad things that can harm your website security and the top 10 good things that can improve your website security.

Naughty Websites List

If your website falls into any of these categories, this is the perfect time of year to start thinking about improving your security posture.

1 – My website has outdated software.

Continue reading Naughty or Nice Websites at Sucuri Blog.