- Is My Site Hacked? 19 February 2020
It’s a day every website owner fears. You open the website you’ve poured your time, energy, and money into, only to find your home page looking very different.
After your stomach sinks and you take a long gasp, you’ll likely shout out in frustration, “My site has been hacked! What do I do!?”
But not every website hack will be this obvious. While some hackers are motivated by vandalism, most want to keep a low profile.
- SSL Testing Methods 17 February 2020
Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser.
Some simple online tools provide a fast SSL report. They are SSL configuration checkers, which do not just check a certificate, which is really only part of that configuration. Instead, they perform a more thorough look.
SSL Shopper delivers very fast results, normally within 4 seconds.
- Abused Cloudflare Workers Service Used to Inject Korean SEO Spam 13 February 2020
We were recently contacted by a website owner about some malicious injected spam links that were being indexed by Google’s search engine crawler Googlebot.
What was especially frustrating for the website owner was that these spammy links were not being loaded on the website when viewing it from a variety of devices — making it difficult to pinpoint or troubleshoot the issue.
This behavior is not uncommon when dealing with SEO spam related injected content.
- What is Ransomware? 12 February 2020
Ransomware has been one of the scariest topics in cybersecurity for years – and for good reason.
Living up to its name, ransomware is a type of malware where a bad actor blocks access to data or applications until payment is received. In other words, it turns hackers into kidnappers of your information. And much like a kidnapping, there is no guarantee that paying the ransom will result in a happy ending.
It may sound like paranoia or something out of an episode of Black Mirror – and yes, they have done a ransomware episode.
- Spamdexing: What is SEO Spam and How to Remove It 10 February 2020
If you’re wondering what is SEO spam, a good way to gain an understanding is finding this wily beast in the wild. In your favorite browser, search with the terms buy viagra cialis. (You might want to check over your shoulder first.)
Now, without clicking anything, scroll through the results. Doesn’t it seem odd that seemingly non-pharmaceutical websites are advertising these medications?
You’ve just spotted a few likely examples of spamdexing, where innocent websites have been hacked and injected with keywords intended to lure traffic to bad actors’ scams.
- Creative Phishing for Digital Gold on RuneScape 6 February 2020
RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the largest free MMORPG’s ever created.
At the current time of writing, 1 million in-game gold pieces is valued at around $0.60 USD on the black market. The wealthiest players can have upwards of billions of gold pieces in their accounts — with the average player having anywhere between a few million to a few dozen million.
- 6 Simple Steps for Hardening your WordPress Security 5 February 2020
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks.
6 ways to Harden WordPress Security
You can harden your WordPress site by following these six simple steps:
1 – Keep WordPress updated
It is important to keep up with the latest WordPress updates. No matter if it is a security or a maintenance release, make sure your WordPress site is running on the latest version.
- Fixing “Uncommon Download” Warnings in Google Search Console 3 February 2020
Over the past few months, a lot of website owners have received “uncommon download” warnings from Google Search Console. These warnings can be vague, often lacking specific information about where the download is, exactly.
Don’t panic — a lot of these seem to be false positives and you can just request a review. Read on to be sure your site is safe before you check the box and click the button.
If you aren’t familiar with Google Search Console, you should sign up — it’s free and totally worth it.
- Password Attacks 101 31 January 2020
One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in fact, other kinds of attacks around passwords.
Let’s take a look at three kinds of password attacks.
Brute Force Attacks
Brute forcing in its essence is trying many passwords to gain access to an account.
Read the Brute Force Guide
Brute Force Real-life Comparison:
Let’s say that a burglar wants to get the door to your house open, but he can’t find an entry point or another place to break in anywhere.
- Hacked Website Threat Report – 2019 28 January 2020
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works diligently around the clock to identify, analyze, and protect website owners from compromise.
Education is key to protecting yourself from emerging threats. To address this, we are extremely proud to release our 2019 Website Threat Research Report.
- Web Swiper in Image Title 27 January 2020
Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading.
Suspicious Img Tag
Our malware analyst Liam Smith recently discovered a suspicious looking image tag in the database of a compromised Magento site.
<img height="1px" width="1px" style="display:none;"
At first glance, it just looks like <img> tag that loads a real image file.