When it comes to protecting your website from bad actors, there’s one threat you should be aware of: injection attacks. These attacks target weaknesses in your website’s security and are unfortunately quite common. In fact, the well-known organization OWASP ranks injection attacks as the third most significant risk to web application security.

Simply put, injection attacks happen when hackers find a way to sneak harmful data or commands into your website’s code.

Continue reading The Top 10 Most Dangerous Types of Injection Attacks at Sucuri Blog.

On March 22nd, 2023 a critical vulnerability was discovered within the WooCommerce Payments plugin – an extremely popular eCommerce payment plugin for WordPress with over half a million active installations. Thankfully the vulnerability was discovered by white hat security researcher Michael Mazzolini and responsibly disclosed through HackerOne, giving websites time to install the patched version 5.6.2 before full details of the exploit are released on April 6th.

Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites.

Continue reading Critical Vulnerability Discovered in WooCommerce Payments at Sucuri Blog.

Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Overall they are both robust and secure payment platforms that are perfectly safe to use. Instead, this article highlights the importance of maintaining good security posture and keeping environments locked down to prevent tampering from threat actors.

Continue reading WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin at Sucuri Blog.

Running a website isn’t easy, but modern content management systems (CMS) like WordPress have revolutionized the way you can manage your website.

Headless CMS solutions take this a step further, decoupling the back-end source of the website content from its presentation on the front end. This makes for faster, safer, and more flexible sites that can handle rapid scaling and pivoting.

But is headless CMS better than traditional approaches? We’ll help you decide by breaking down what sets it apart and walk you through whether it’s a good fit for your project.

Continue reading What is a Headless CMS? at Sucuri Blog.

Finding bogus content and unexpected links for prescription drugs on your WordPress website can be a frustrating experience. But don’t blame your site: it just got caught up in a bad crowd of black hat SEO spammers and fell victim to a pharma hack.

Pharma spam occurs when bad actors inject a website with keywords for pharmaceutical products. Their end goal is to use an innocent site’s good reputation to lure traffic to a scam.

Continue reading How to Find & Fix: WordPress Pharma Hack at Sucuri Blog.

Nowadays, the term DDoS raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, shut down, or dysfunctional website.

In this article, we’ll focus on how to know if you’ve been DDoSed, how to spot denial-of-service, and how to protect your website from future DDoS attacks.

Contents:

• What is a DDoS attack?

Continue reading How to Know If You’re Under DDoS Attack at Sucuri Blog.

Defacement is easily one the most obvious signs of a hacked website. In these attacks, bad actors gain unauthorized access to an environment and leave their mark through digital vandalism, altering its visual appearance or content in the process.

In many cases, website defacements display social or political messages that are completely unrelated to the site’s original content — with the ultimate goal of blackmailing or embarrassing the website owner, enacting revenge, or promoting alternative viewpoints.

Continue reading What is a Website Defacement? at Sucuri Blog.

We recently had a new client come to us with a rather peculiar issue on their WordPress website: They were receiving unwanted popup advertisements but only when the website was accessed through links posted on FaceBook. Initially we thought that this must be a rogue ad coming through an otherwise legitimate advertising network but it turned out to be a very well crafted and hidden spam injection.

In this post we will review this infection, outline the steps we took to find it, and explain how to prevent your website from falling victim to this spam injection.

Continue reading Magbo Spam Injection Encoded with hex2bin at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.

Continue reading WordPress Vulnerability & Patch Roundup February 2023 at Sucuri Blog.

Symptoms of a hack can vary wildly. A concerning security alert from Google, a browser warning when you visit your site, or even a notice from your hosting provider that they’ve taken down your website — all of these events may indicate that your website has been hacked.

Fortunately, there are a number of quick (and free) ways you can check and find out if your website has been compromised.

In this post, we’ll discuss some of the obvious symptoms of a hacked website.

Continue reading Is My Site Hacked? (13 Signs) at Sucuri Blog.

Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a backdoor that we’ve been tracking.

In today’s post we’ll be discussing what cron jobs are, how attackers leverage them to reinfect and access websites, and analyze a distinctive new wave of cron jobs.

Continue reading Attackers Abuse Cron Jobs to Reinfect Websites at Sucuri Blog.

Nulled WordPress themes and plugins are a controversial topic for many in the web development world — and arguably one of the bigger threats to WordPress security.

Essentially modified versions of official WordPress themes and plugins with their licensing restrictions removed, these nulled software copies are often touted as premium functionality packaged in a free download. Nulled components can be attractive for webmasters looking to save money and cut costs, as many premium themes and plugins can be expensive.

Continue reading The Dangers of Installing Nulled WordPress Themes and Plugins at Sucuri Blog.

The Sucuri Firewall functions as a reverse proxy. A simple change to your DNS settings is all it takes to thoroughly filter incoming traffic to sniff and parse out bad requests from the good ones. However, these DNS changes can affect connectivity to your mail service if not properly implemented.

In fact, this is a very common issue that is regularly raised with our support team. The Sucuri WAF is not designed to support or filter your email — and many users either intentionally or accidentally try to send email to the firewall for filtering, resulting in various problems.

Continue reading Help! My Email Server Got B0rked & I Have Problems After Malware Infection! at Sucuri Blog.

Late last year we reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. The sites themselves contained very little useful information to a regular visitor, but — more importantly — also contained Google Adsense advertisements. It appeared to be an attempt to artificially pump ad views to generate revenue.

Since September, our SiteCheck remote scanner has detected this campaign on 10,890 infected sites.

Continue reading Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign at Sucuri Blog.

Your website’s search results and rankings are vital to the success of your online business. Better search visibility equates to more traffic — which results in more opportunities to convert leads into customers.

And while it may be tempting to game search engine algorithms to come out on top, there’s a hard line in the sand when it comes to the right and wrong ways to optimize a site for search. Black hat SEO (shady techniques that go against search guidelines) is definitely not something you want to practice if you care about the long-term growth and success of your website.

Continue reading What is Black Hat SEO? at Sucuri Blog.

Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in this case — unorthodox use of image file extensions. One of the most common backdoors that we have observed over the last few months has been designed to evade detection by placing the payload in an image file and requiring some additional tricks to unlock it.

In this post we’ll explore how this backdoor works, what sorts of malware we’ve seen in conjunction with it, as well as how to prevent your website from becoming infected.

Continue reading Konami Code Backdoor Concealed in Image at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.

Continue reading WordPress Vulnerability & Patch Roundup January 2023 at Sucuri Blog.

Did you just try to access your site and encounter a Deceptive Site Ahead warning? This error message occurs when the browser believes your website is unsafe and experiencing security issues — and it can seriously affect your traffic and reputation.

When this warning appears on your site, you’ll want to address it as soon as possible to ensure that your site (and visitors) are protected from phishing and other social engineering attacks.

Continue reading How to Fix the “Deceptive Site Ahead” Warning at Sucuri Blog.

Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including tech support scams, adult dating, phishing, or drive-by-downloads.

Since late December, our team has been tracking a new spike in WordPress website infections related to the following malicious domain: track[.]violetlovelines[.]com

PublicWWW results show over 4,500 websites impacted by this malware at the time of writing, while urlscan.io shows evidence of the campaign operating since December 26th, 2022.

Continue reading Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network at Sucuri Blog.

Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common for out of date websites to be attacked by multiple threat actors or targeted by the same attacker using multiple different channels.

We recently came across a database injection that has two different pieces of malware accomplishing two unrelated goals. The first injection redirects users to a spammy sports website and the second injection boosts authority of a spammy casino website within search engines.

Continue reading Vulnerable WordPress Sites Compromised with Different Database Infections at Sucuri Blog.