Examining Unique Magento Backdoors

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoo… Continue reading Examining Unique Magento Backdoors

Malicious Redirects Through Bogus Plugin

Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites.
The payload is the following bogus plu… Continue reading Malicious Redirects Through Bogus Plugin

Server Side Scans and File Integrity Monitoring

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective securi… Continue reading Server Side Scans and File Integrity Monitoring

UCEPROTECT: When RBLs Go Bad

Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or … Continue reading UCEPROTECT: When RBLs Go Bad

Why You Should Monitor Your Website

In an effort to maintain unauthorized access or profit off a website’s environment long after an initial compromise, attackers commonly leverage a variety of different techniques and tactics.
These techniques range from adding backdoors, stealing sens… Continue reading Why You Should Monitor Your Website

Opening the Conversation about Website Security

The responsibility of ensuring that a website is protected falls on the website owner, but the security expectation may fall on the web service provider too.
As a professional, you are the trusted party and first point of contact.
Much of what your cl… Continue reading Opening the Conversation about Website Security

5 Malware & Virus Scanning Tools You Need to Check Out

Website malware is no joke. Our own research shows that with WordPress, by far today’s most common content management system (CMS), new infections are on the rise. Even with security researchers working constantly to uncover and remediate websit… Continue reading 5 Malware & Virus Scanning Tools You Need to Check Out

How to Audit & Cleanup WordPress Plugins & Themes

In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question.
What Makes WordPress Vulnerable?
“Here’s the simple answer. Old versions of WordPress, along with … Continue reading How to Audit & Cleanup WordPress Plugins & Themes