- Hacked Websites Mine Cryptocurrencies 22 September 2017
Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday in news now. Everyone seems to be trying to jump on this bandwagon.
- Ecommerce Security: Fake Jquery Used as CC Scraper 21 September 2017
In the last few months, we noticed an increase in attacks targeting ecommerce platforms aiming to steal credit card information. We saw a similar rise last year after the summer ended, and believe that trend will continue now that the holiday season is quickly approaching.
Most of these attacks are based on intercepting the communication between the online store and the payment gateway (the checkout process) in order to send valuable information to the attacker.
- Using a VeraCrypt File Container to Encrypt Local Website Files 19 September 2017
If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting these sensitive files.
In the event that your computer is compromised, the encrypted container prevents an attacker from gaining access to your website (via database configuration files) and other private data.
This guide shows you how to install and use VeraCrypt – a free, open-source encryption tool that works on all operating systems, previously known as TrueCrypt.
- Malicious Backdoors: Fake Images and Strrev Functions 15 September 2017
When a website is compromised, attackers frequently leave behind a backdoor – according to our research around 70% of all website hacks include a backdoor. These backdoors are not designed to attack a website or destroy data, instead, they allow an attacker to re-enter a targeted website with little to no authentication, providing them with unauthorized access to the system.
Backdoors can be planted anywhere within a site, file system, or database.
- Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data 13 September 2017
Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php).
The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks.
Typical injected scripts look like this:
The most noticeable malicious URLs that we’ve seen lately are:
- con1.sometimesfree[.]biz/c.js (126.96.36.199 Bulgaria)
- java.sometimesfree[.]biz/counter.js (188.8.131.52 Bulgaria)
- js.givemealetter[.]biz/script.js (184.108.40.206 Bulgaria)
- go.givemealetter[.]biz/click.html (220.127.116.11 Bulgaria)
- traffictrade[.]life/scripts.js (18.104.22.168 United Kingdom)
- blue.traffictrade[.]life/main.js (22.214.171.124 United Kingdom)
- js.trysomethingnew[.]eu/analytics.js (126.96.36.199 Bulgaria)
- get.simplefunsite[.]info/rw.js (won’t resolve atm)
- post.simplefunsite[.]info/go.php?rewrite=81 (won’t resolve atm)
- src.dancewithme[.]biz/src.js (188.8.131.52 – Russia)
- go.dancewithme[.]biz/red.php (184.108.40.206 – Russia)
- mp.trymynewspirit[.]com/s.js (220.127.116.11 Bulgaria)
They are all new domains registered specifically for this attack:
- traffictrade[.]life – created on July 3rd, 2017
- trysomethingnew[.]eu – created on Aug 11th, 2017
- sometimesfree[.]biz – created on August 22nd, 2017
- givemealetter[.]biz – created on August 27th, 2017
- simplefunsite.info – created on September 2nd, 2017
- dancewithme[.]biz – created on September 5th, 2017
- trymynewspirit[.]com – created on September 18th, 2017
Malware in WordPress Database
In most cases the scripts are injected right before <a href tags in the post content (wp_posts), meaning that webmasters may need to remove multiple injected scripts from hundreds of posts in the database – definitely not a task you want to do manually!
- New Guide on How to Implement HTTPS / SSL Certificate 11 September 2017
HTTPS is a hot topic among online marketers and SEO professionals who understand the future of the web needs to be more secure. Not just for the good of the internet, but to increase visibility and lower the chances of being penalized.
Search engines and web traffic authorities are ramping up efforts to encourage website owners to learn how to implement SSL certificates. We just recently wrote about how Google Chrome will be showing warnings on HTTP websites in October if they contain user input fields (login, contact forms, search bars, etc.).
- Creating a Basic Website Security Framework 8 September 2017
When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions secure. But what happens if you ignore proper building codes and inspections? The resulting risks to health and security are unacceptable.
The same concept applies to how you secure your websites and the environments they reside in. You have to start with a blueprint that prioritizes security through regular maintenance.
- Affiliate Cookie Stuffing in iFrames 5 September 2017
Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside an HTML page and can be really useful for embedding interactive applications like Google maps, advertisements and ecommerce applications.
iFrame elements are also popular with website attackers because it allows them to easily load malicious content from their own servers.
Attackers often use this feature to insert malicious content into compromised sites for the purpose of spam redirection, phishing, and distributing malware.
- Intro to Securing an Online Store 1 September 2017
Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make them feel safe shopping on the site.
Whether the business started as a local brick-and-mortar shop, or deployed online from the start, it’s easy to design a website and organize content. It’s not as easy knowing how to design a security framework for ecommerce.
In this post we’ll introduce some basic security concepts and how to think about security for your online store.
- Mining Adminers – Hackers Scan the Internet For DB Scripts 30 August 2017
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance.
Despite these limitations, scanning just 1% of the internet allows attackers to discover thousands of vulnerable sites.
- Google Warnings For Form Input Over HTTP Coming in October 28 August 2017
For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which encrypts information sent between the visitor and web server.
Recently, we discussed how Google is moving from a reward system to a punitive one. Websites using SSL continue to get an SEO boost since it became a confirmed ranking signal in 2014, but we noticed a few months ago that Google was blacklisting non-HTTPS websites that allowed password fields and credit card forms to be filled.