Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Free Website Security Consultation for GoDaddy Pros 10 May 2019 Free Website Security Consultation for GoDaddy Pros

    Sucuri is partnering with GoDaddy Pro to make the internet more secure, one website professional at a time. Developers, designers, agencies, and freelancers now have an exclusive avenue to level up security knowledge and differentiate their businesses from the competition.

    GoDaddy Pro helps web developers and designers save time and money while managing multiple websites. The free membership includes extensive training materials, automation of routine maintenance tasks, and consolidated client management tools.

    Continue reading Free Website Security Consultation for GoDaddy Pros at Sucuri Blog.

  • Persistent XSS via CSRF in WP Meta and Date Remover 7 May 2019 Persistent XSS via CSRF in WP Meta and Date Remover

    During regular research audits for our Sucuri Firewall (WAF), we discovered a Cross Site Request Forgery (CSRF) leading to a persistent Cross Site Scripting vulnerability affecting 70,000+ users of the WP Meta and Date Remover plugin for WordPress.

    Disclosure / Response Timeline:

    • April 30 – Initial contact attempt
    • May 07 – Patch is live

    Are You at Risk?

    This vulnerability requires some level of social engineering to be exploited.

    Continue reading Persistent XSS via CSRF in WP Meta and Date Remover at Sucuri Blog.

  • Replica Spam on Poorly Maintained ASP Site 6 May 2019 Replica Spam on Poorly Maintained ASP Site

    Although the majority of sites we work on are powered by PHP, we still have clients whose sites use other programming languages.

    The other day we cleaned an ASP site where we found a web.config file (the ASP.NET version of .htaccess) with these instructions:

    <configuration>

       <system.webServer>

           <defaultDocument enabled="true">

               <files>

                   <clear />

                   <add value="view.asp" />

                   <add value="Default.asp" />

                   <add value="index.htm" />

                   <add value="index.html" />

                   <add value="iisstart.htm" />

                   <add value="default.aspx" />

                   <add value="index.asp" />

                   <add value="index.aspx" />

               </files>

           </defaultDocument>

    ...

    Continue reading Replica Spam on Poorly Maintained ASP Site at Sucuri Blog.

  • Cronjob Backdoors 3 May 2019 Cronjob Backdoors

    Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors.

    A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment.

    Backdoor in Cron

    While investigating a client with repeated website infections, we came across a scenario where a cron job was being used to reinfect the site.

    Continue reading Cronjob Backdoors at Sucuri Blog.

  • How Stolen Ecommerce Data is Sold on the Darknet 1 May 2019 How Stolen Ecommerce Data is Sold on the Darknet

    We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals).

    Now let us look into some of the methods that cybercriminals use to monetize stolen information like bank accounts, credit cards, and personal information.

    Infected Ecommerce Website to Darknet Markets

    It’s important to note that one of the most popular topics discussed among cybercriminals is their opsec (operations security).

    Continue reading How Stolen Ecommerce Data is Sold on the Darknet at Sucuri Blog.

  • Insufficient Privilege Validation in WooCommerce Checkout Manager 29 April 2019 Insufficient Privilege Validation in WooCommerce Checkout Manager

    Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately.

    As we’ve seen some exploit attempts occurring in the wild, we feel it is a good time to describe what the issue is.

    Current State of the Vulnerability

    This arbitrary file upload vulnerability was made public a few weeks ago and has recently been patched.

    Continue reading Insufficient Privilege Validation in WooCommerce Checkout Manager at Sucuri Blog.

  • Typo 3 Spam Infection 26 April 2019 Typo 3 Spam Infection

    Here at Sucuri most of the malware that we deal with is on CMS platforms like:

    • WordPress,
    • Joomla,
    • Drupal,
    • Magento,
    • and others.

    But every now and then we come across something a little different.

    Blackhat SEO Infection in Typo3

    Just recently, I discovered a website using the Typo3 CMS that had been infected with a blackhat SEO spam infection:

    Typo3 CMS

    Before I begin, according to websitesetup.org, Typo3 is currently the 8th most widely used CMS platform on the web, so I’m surprised I had never seen an infection with this software before, but it looks like over half a million websites on the web use Typo3.

    Continue reading Typo 3 Spam Infection at Sucuri Blog.

  • Plugins Added to Malicious Campaign 25 April 2019 Plugins Added to Malicious Campaign

    We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts.

    Plugins Added to the Attack

    • Download WP Inventory Manager (version <= 1.8.2)
    • Woocommerce User Email Verification.  (version <= 3.3.0  **Still Not Fixed**)

    Attackers are trying to exploit vulnerable versions of these plugins.

    Continue reading Plugins Added to Malicious Campaign at Sucuri Blog.

  • Sucuri’s 10th Anniversary 24 April 2019 Sucuri’s 10th Anniversary

    It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered.

    Happy 10th Birthday, Sucuri!

    For us, 2009 marks the birth of the brand as it represents the day when the open-source project secured its name. The first Sucuri service was originally called NBIM (Network Based Integrity Monitoring).

    Sucuri intended to be an interface for the NBIM project. It allowed anyone to monitor websites for changes in content, WHOIS & DNS.

    Continue reading Sucuri’s 10th Anniversary at Sucuri Blog.

  • Reset Email Account Passwords After a Website Malware Infection 22 April 2019 Reset Email Account Passwords After a Website Malware Infection

    It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to the blacklisting of a web host’s mail server IPs, or the domain name itself may be placed on blacklists like Spamhaus DBL.

    Reset Email Passwords After a Website Hack

    Blacklisting is problematic. It has serious consequences for a website’s reputation, may impact sales and revenue, and it can be a tedious process to remove a domain from a blacklist authority.

    Continue reading Reset Email Account Passwords After a Website Malware Infection at Sucuri Blog.

  • PCI for SMB: Requirement 12 – Maintain an Information Security Policy 19 April 2019 PCI for SMB: Requirement 12 – Maintain an Information Security Policy

    Update: Read our new PCI Compliance guide.

    Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).

    In the previous articles written about PCI, we covered the following:

    • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.

    Continue reading PCI for SMB: Requirement 12 – Maintain an Information Security Policy at Sucuri Blog.