Website Spam Infection via Zip File Upload

Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware. The malware creates doorways for hundreds of random trending keywords – from news to porn. For its templates, it uses mobile pages of some legitimate sites (probably taking into account the latest Google’s “mobile first” approach). Infection Details..

Read more

IPv4 vs IPv6 Performance Comparison – Part 2

A few months ago, we posted an article about the difference between IPv4 and IPv6. Our research team has expanded on those findings with additional performance tests, more domains, and more locations. In addition to assessing the speed and performance, the analysis we are presenting today leverages statistical hypothesis tests to clearly identify winners and..

Read more

Cloned Spam Sites in Subdirectories

In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products – a very bold move. This time around,..

Read more

New Guide on How to Fix Hacked Joomla! Sites

Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla!..

Read more

New XM1RPC SEO Spam and Backdoor Campaign

We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor used across all of the compromised sites. The file is named in such a way as to confuse WordPress administrators who are familiar with XML-RPC. ..

Read more

Labs Notes Monthly Recap – Oct/2016

In our September Labs Notes Recap, we listed recent discoveries made by our Incident Response and Malware Research Teams. These monthly recaps serve to bridge the gap between our blog and the ongoing analysis performed by Sucuri Labs. For those who are unaware, the Sucuri Labs Notes is a platform where we share technical insights..

Read more

Spotlight: How Big Spring Secures Joomla!

Big Spring Web Development understands the responsibility to their clients extends beyond creating a functional and attractive website. Security and stability are critical components of any online presence. The company is one of only a select few agencies in the UK that partners with WP Engine. Through this, Big Spring has solidified its position as..

Read more

Learning From Buggy WordPress Wp-login Malware

When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean up the infection and look no further. Many go on to patch vulnerable software, change their passwords, and perform other post-hack steps. All of this is good, but hackers who follow..

Read more

Details on the Privilege Escalation Vulnerability in Joomla

Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability. As we’ve seen some exploits attempts occurring in the wild, we feel it is a good time to describe what the issue is and how it was fixed. Analyzing the Patch It was fairly easy to figure out where the..

Read more