Posts by Year
2022
Back to Top ↑2019
Spotlight on Women in Cybersecurity
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...
How to Add SSL & Move WordPress from HTTP to HTTPS
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across ...
Hacked Website Trend Report – 2018
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...
Fake Browser Updates Push Ransomware and Bank Malware
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...
Google Analytics and Angular in Magento Credit Card Stealing Scripts
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspici...
Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online ...
The Importance of Website Logs
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of th...
Add Security to Your Website Agency Portfolio
As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you...
Googlebot or a DDoS Attack?
A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repe...
The Anatomy of Website Malware: An Introduction
We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose...
Spam Injector Disguised as License Key in WordPress Website
<p>Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our...
Optimize Setup to Improve Your Website Resilience for DDoS Attacks
<p>Distributed denial-of-service (DDoS) attacks can disrupt website traffic and impact any business. To help website owners and webmasters improve thei...
Improvements to SiteCheck Website Scanner
<p>SiteCheck is Sucuri’s free website malware and security scanner offered to anyone who wants to scan their websites for malware and blacklist status....
OWASP Top 10 Security Risks – Part V
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
Free SuperCounters Widget Serves Unwanted Redirects to Dating Site
<p>If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popula...
How to Improve Your Website Resilience for DDoS Attacks – Part III – WAF
<p>In the first post of this series, we talked about the practices that will optimize your site and increase its resilience to DDoS attacks. In the sec...
OWASP Top 10 Security Risks – Part IV
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
How to Prevent Cross-Site Contamination for Beginners
<p>What is Cross-Site Contamination?</p> Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it ...
2018
New Year Tips from Security Professionals
<p>Have you included website security as a part of your new year’s resolutions for 2019?</p> Here is a quick retrospective on tips some of our te...
My Website Was Hacked on Christmas Eve
<p>Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but n...
Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls
<p>The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewa...
Clever SEO Spam Injection
<p>It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly i...
Naughty or Nice Websites
<p>Santa Claus is coming! Was your website naughty or nice this year?</p> Here is a quick checklist of the top 10 bad things that can harm your w...
OWASP Top 10 Security Risks – Part III
<p>To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.</p> Th...
Fake Volkswagen Campaign Spreads Through Social Networks
<p>We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offer...
Localization and Customization of Credit Card Stealing Malware
<p>Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or inclu...
Using Innocent Roles to Hide Admin Users
<p>All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, bu...
What is Phishing?
<p>Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent...
Fear, Uncertainty, and Doubt
<p>There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and dou...
Navigating Data Responsibility
<p>As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made availa...
A Scam-Free Cyber Monday for Online Businesses
<p>Every year we see an increase in website attacks during the holidays. </p> While business owners see their sales go up due to promotional Blac...
Real-Time Fine-Tuning of the WAF via API
<p>Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an ...
Hackers Change WordPress Siteurl to Pastebin
<p>Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to ereali...
Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability
<p>We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigatio...
10 Tips to Improve Your Website Security
<p>Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management s...
New WordPress Security Email Course
<p>Recent statistics show that over 32% of website administrators across the web use WordPress.</p> Unfortunately, the CMSs popularity comes at a...
Website Security Tips for Marketers
<p>In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some secur...
Web Marketers Should Learn Security
<p>Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills...
Saskmade[.]net Redirects
<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same ...
OWASP Top 10 Security Risks – Part II
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series ...
Multiple Ways to Inject the Same Tech Support Scam Malware
<p>Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious script...
Creating a Response Plan You Can Trust
<p>As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficul...
Malicious Redirects from NewShareCounts.com Tweet Counter
<p>When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the...
Security Monitoring Saves the Day
<p>For the second week of National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security p...
Obfuscated JavaScript Cryptominer
<p>During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out tha...
OWASP Top 10 Security Risks – Part I
<p>It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a ...
October Cybersecurity Month
<p>Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance ...
SSL vs. Website Security
<p>Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site gene...
E-Commerce Security – Planning for Disasters
<p>This is the last post in our series on E-commerce Security:</p> Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store ...
Backdoor Uses Paste Site to Host Payload
<p>Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is foun...
Outdated Duplicator Plugin RCE Abused
<p>We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.</p...
Unsuccessfully Defaced Websites
<p>Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a pecu...
New Guide on How to Use the Sucuri WordPress Security Plugin
<p>Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for Wor...
WordPress Database Upgrade Phishing Campaign
<p>We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an updat...
How to Improve Your Website Security Posture – Part II
<p>In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part o...
Core Integrity Verifications
<p>In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques in...
Fake Font Dropper
<p>Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate t...
Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins
<p>This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.</p> When redirected, users see an...
Fake Plugins with Popuplink.js Redirect to Scam Sites
<p>Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection invol...
How to Improve Your Website Posture – Part I
<p>Have you ever wondered if your website security posture is adequate enough?</p> The risk of having a website compromise is never going to be z...
How to Improve Website Resilience for DDoS Attacks – Part II – Caching
<p>In the first post of this series, we talked about the practices that will optimize your site and increase your website’s resilience to DDoS attacks....
Cookie Consent Script Used to Distribute Malware
<p>Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compl...
RawGit CDN is Abused by CryptoLoot Cryptominers
<p>Recently, we came across another way to use files from GitHub repositories in malware infections.</p> This time the infections weren’t via Git...
Switching to HTTPS Before It’s Too Late
<p>Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displayin...
Browser Extension Bug Leads to Post Injection
<p>A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to user...
Hiding Malware Inside Images on GoogleUserContent
<p>If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code.</p> Thi...
Persistent Malicious Redirect Variants
<p>It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if yo...
WordPress Update – 4.9.7 Security & Maintenance Release
<p>The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues.</p> Included ...
CoinImp Cryptominer and Fully Qualified Domain Names
<p>We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period).</p...
Google and Facebook Used in Phishing Campaigns
<p>We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of sca...
Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1
<p>Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying w...
What are Website Backdoors?
<p>When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to lea...
Why You Should Care about Website Security on Your Small Site
<p>Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vul...
Magento Credit Card Stealer Reinfector
<p>In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit ...
The Importance of Website Backups
<p>Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is do...
How to Improve Website Resilience for DDoS Attacks – Part I
<p>Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application re...
How APIs Can Streamline Your Operations
<p>Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens...
Shell Logins as a Magento Reinfection Vector
<p>Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following fi...
New Guide on How to Position Website Security for Customers
<p>Website security is challenging, especially when dealing with a large network of sites. That is why we have created a guide for web professionals an...
Sucuri is Committed to the Protection of Your Data
<p>Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we’re fully committed to complying wi...
Referral Program Update – Now Offering Agency Plan
<p>Sucuri’s main objective is to make the internet a safer place for everyone. With that in mind, we created a Referral Program, which gives you the op...
The Impacts of a Data Breach
<p>Have you ever wondered what happens if your e-commerce site is breached?</p> Usually, when you think about data breaches, you think about big ...
What is PCI Compliance?
<p>Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles r...
Massive localstorage[.]tk Drupal Infection
<p>After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this o...
A Puzzling Backdoor Upload
<p>After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These maliciou...
Analysis of a Malicious Blackhat SEO Script
<p>An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+...
From Baidu to Google’s Open Redirects
<p>Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam page...
Malicious Activities with Google Tag Manager
<p>If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”...
Content Security Policy
<p>As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks...
Unwanted Ads via Baidu Links
<p>The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.</p&...
Hacked Website Trend Report – 2017
<p>We are proud to be releasing our latest Hacked Website Trend Report for 2017.</p> This report is based on data collected and analyzed by the S...
Obfuscation Through Legitimate Appearances
<p>Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This ...
What is Virtual Hardening?
<p>If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of pr...
GitHub Hosts Lokibot Infostealer
<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered t...
Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data
<p>We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily...
Intro to Securing an Online Store – Part 2
<p>Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These ...
The Impacts of Zero-Day Attacks
<p>Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch availa...
New Guide on How to Clean a Hacked Website
<p>Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research websit...
Understanding Zero-Day Vulnerabilities & Attacks
<p>In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as:...
Wikipedia Page Review Reveals Minr Malware
<p>Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag...
Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins
<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject...
Sucuri Website Backups Product Update
<p>We’re excited to be sharing some changes we’ve recently pushed for our Website Backups product.</p> If you’re not familiar with this feature, ...
It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’s
Photo by Niko Soikkeli / Unsplash The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to prov...
How to Add Security to Your Client’s Websites
<p>Website security has crossed the mind of nearly every website owner. However, as a website security company, we know that most webmasters come to us...
What is a WAF?
<p>Have you ever wondered what WAF means?</p> WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your...
Cloudflare[.]solutions Keylogger Returns on New Domains
<p>A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytic...
Deprecating SPDY
Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We're proud to be early adopters and h...
SQLi Vulnerability in YITH WooCommerce Wishlist
<p>As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist...
An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience
Last week the news of two significant computer bugs was announced. They've been dubbed Meltdown and Spectre. These bugs take advantage of very technical syst...
Malicious Website Cryptominers from GitHub. Part 2.
<p>Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time...
2017
Concise (Post-Christmas) Cryptography Challenges
<p>It’s the day after Christmas; or, depending on your geography, Boxing Day. With the festivities over, you may still find yourself stuck at home and ...
Simple Cyber Security Tips (for your Parents)
<p>Today, December 25th, Cloudflare offices around the world are taking a break. From San Francisco to London and Singapore; engineers have retreated h...
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
<p>As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network ge...
Technical reading from the Cloudflare blog for the holidays
During 2017 Cloudflare published 172 blog posts (including this one). If you need a distraction from the holiday festivities at this time of year here are so...
Reverse Javascript Injection Redirects to Support Scam on WordPress
<p>Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs ...
How to Create Secure Passwords For Your Website
<p>Have you ever had to sign up for a new account, but once the time came to create a password, your spirits dropped a little? It’s hard enough to reme...
Javascript Injection Creates Rogue WordPress Admin User
<p>Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The ...
The Curious Case of Caching CSRF Tokens
<p>It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, th...
Malicious Cryptominers from GitHub
<p>Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.</p> Our invest...
Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites
<p>A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In re...
Make SSL boring again
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto ...
Formidable Forms / Shortcodes Ultimate Exploits In The Wild
<p>On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Form...
The New DDoS Landscape
<p>News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? Th...
Risks For E-commerce Site Owners Through the Holidays
<p>Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are a...
Living In A Multi-Cloud World
<p>A few months ago at Cloudflare’s Internet Summit, we hosted a discussion on A Cloud Without Handcuffs with Joe Beda, one of the creators of Kubernet...
How to Avoid Malicious Cyber Monday Campaigns
<p>As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are craf...
SQL Injection in bbPress
<p>During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability...
Thwarting the Tactics of the Equifax Attackers
<p>We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people’s awareness on security?</...
Privacy Pass - “The Math”
<p>This is a guest post by Alex Davidson, a PhD student in Cryptography at Royal Holloway, University of London, who is part of the team that developed...
Cloudflare supports Privacy Pass
<p>Enabling anonymous access to the web with privacy-preserving cryptography</p>
Why Attackers Hack Small Sites
<p>You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity...
New WordPress Security Guide
<p>WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target...
Cryptominers on Hacked Sites – Part 2
<p>Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive mi...
How to Monkey-Patch the Linux Kernel
<p>I have a weird setup. I type in Dvorak. But, when I hold ctrl or alt, my keyboard reverts to Qwerty.</p>
Malware Serving SEO Spam from External Sites
<p>We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to ...
A Celebration of Learning at Grace Hopper
<p> Photo by Cloudflare Staff</p>
Mayhem Malware Server Botnet Continues to Evolve
<p>Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a ...
Cloudflare London Meetup Recap
<p>Cloudflare helps make over 6 million websites faster and more secure. In doing so, Cloudflare has a vast and diverse community of users throughout t...
Credit Card Stealer Investigation Uncovers Malware Ring
<p>During a recent investigation, I found a new piece of malicious code being used to steal credit card information from compromised Magento sites. <...
A Fast, Secure Migration to Google Cloud Platform using Cloudflare
OnAir Video Presentation
Dobar dan, Hrvatska! Announcing Cloudflare’s Zagreb Data Center
<p> Fire the Gric Cannon! Hot on the heels of several birthday week product announcements, we continue to expand our global network. </p>
A New Cybersecurity Strategy for Europe
October is European Cybersecurity Month, an annual advocacy campaign to raise awareness of cyber risks among citizens and businesses, and to share best pract...
Hacked Websites Mine Cryptocurrencies
<p>Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday...
Using a VeraCrypt File Container to Encrypt Local Website Files
<p>If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting...
Making the World Better by Breaking Things
Ben Sadeghipour, Technical Account Manager, HackerOne, and Katie Moussouris, Founder & CEO, Luta Security
A Cloud Without Handcuffs
Brandon Philips, Co-Founder & CTO, CoreOS, and Joe Beda, CTO, Heptio, & Co-Founder, Kubernetes
Making Mobile Faster than Fixed Line
Cole Crawford, Founder & CEO, Vapor IO, and Chaitali Sengupta, Consultant, Qualcomm Datacenter Technologies
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
<p>Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Se...
New Guide on How to Implement HTTPS / SSL Certificate
<p>HTTPS is a hot topic among online marketers and SEO professionals who understand the future of the web needs to be more secure. Not just for the goo...
Creating a Basic Website Security Framework
<p>When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions ...
Affiliate Cookie Stuffing in iFrames
<p>Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside ...
SIDH in Go for quantum-resistant TLS 1.3
The Quantum Threat
Intro to Securing an Online Store
<p>Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make t...
Mining Adminers – Hackers Scan the Internet For DB Scripts
<p>Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the...
Google Warnings For Form Input Over HTTP Coming in October
<p>For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over ...
Expired Domain Leads to WordPress Plugin Redirects
<p>A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in...
Evasion Techniques in Phishing Attacks
<p>We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the ...
Advancing Privacy Protection with the GDPR
A game-changer
Personal Security Guide – iOS/Android
<p>We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with pers...
Decoding Complex Malware – Step-by-Step
<p>When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into...
How to Restore Website Backups from the Command Line
<p>Earlier this week we wrote about how to use command line tools to back up your website. Check our our previous article for details on how we create ...
How to Create Website Backups Using Command-line Tools
<p>Creating website backups should be one of the most important recurring tasks for a website administrator, and yet backups are often forgotten when t...
Setting Expectations For Your Website Security
<p>I have a website. Sweet! What happens next?</p> Well, it’s a natural question. I had a brilliant idea and purchased a domain name, but what do...
Register My Backdoor – Unorthodox Invocation Mechanisms
<p>Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to re...
How to use Cloudflare for Service Discovery
Cloudflare runs 3,588 containers, making up 1,264 apps and services that all need to be able to find and discover each other in order to communicate -- a pro...
Labs Notes Monthly Recap – June/2017
<p>This month, our Malware Research and Incident Response teams wrote about redirects that deliver malware and ads to visitors, as well as a backdoor m...
Ninth Circuit Rules on National Security Letter Gag Orders
As we’ve previously discussed on this blog, Cloudflare has been challenging for years the constitutionality of the FBI’s use of national security letters (NS...
What is Cross-Site Contamination and How to Prevent it
<p>If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contaminatio...
Code Injection in Signed PHP Archives (Phar)
<p>PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications...
New Guide on How to Clean a Hacked Drupal Sites
<p>Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. ...
High-reliability OCSP stapling and why it matters
<p>At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliabil...
How to make your site HTTPS-only
<p>The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla re...
Evolution of Conditional Spam Targeting Drupal Sites
<p>Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including...
A container identity bootstrapping tool
Everybody has secrets. Software developers have many. Often these secrets -- API tokens, TLS private keys, database passwords, SSH keys, and other sensitive ...
SQL Injection Vulnerability in WP Statistics
<p>As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues....
Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we record...
Personal Security Guide – Windows and macOS
<p>For the fourth installment of our personal security guides, we are covering how to secure your computer.</p> This includes current versions of...
Announcing the Cloudflare Apps Platform and Developer Fund
When we started Cloudflare we had no idea if anyone would validate our core idea. Our idea was what that everyone should have the ability to be as fast and s...
Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
<p>Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive ...
When Your Plugins Turn Against You
<p>Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations...
Phishing Targeting Sucuri Customers
<p>We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the iss...
Labs Notes Monthly Recap – May/2017
<p>Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on tre...
Personal Security Guide – WiFi Network
<p>This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic appr...
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
<p>We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Goog...
Reflections on reflection (attacks)
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 20...
Personal Security Guide – Online Accounts
<p>In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to ...
Personal Security Guide – Web Browsers
<p>If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute f...
SQL Injection Vulnerability in Joomla! 3.7
<p>During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability i...
Website Availability and Security When Migrating Hosts
<p>Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope ...
Standing Up to a Dangerous New Breed of Patent Troll
On March 20th, Cloudflare received our first patent infringement claim: Blackbird Tech LLC v. Cloudflare, Inc. Today we’re filing our Answer to that claim in...
Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
<p>Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session...
Anonymity and Abuse Reports
Last Thursday, ProPublica published an article critiquing our handling of some abuse reports that we receive. Feedback from the article caused us to reevalua...
Introducing the New Sucuri Customer Dashboard
<p>Over the course of the last year, our teams have been getting creative and making a collaborative effort to improve the experience of our customer d...
Introducing the new Cloudflare Community Forum
Cloudflare’s community of users is vast. With more than 6 million domains registered, our users come in all shapes and sizes and are located all over the wor...
How eero mesh WiFi routers connect to the cloud
This is a guest post by Gabe Kassel, Product Manager for Embedded Software at eero.
Labs Notes Recap – Apr/2017
<p>This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on s...
IoT Security Anti-Patterns
<p>From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can b...
Sucuri Firewall Dashboard Update
<p>If you are a customer of ours, you may have noticed the recent updates we’ve made to our dashboard. These changes enhance your ability to manage the...
How to Use Splunk with Sucuri Audit Trails
<p>The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there i...
The Principle of Least Privilege
<p>If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle wh...
Sucuri Monitoring Dashboard Update
<p>We are happy to share some big changes to the monitoring dashboard. The Sucuri Platform features a monitoring dashboard that provides information re...
Introducing SSL for SaaS
If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. Your custo...
Labs Notes Monthly Recap – Mar/2017
<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT).</p> Sucuri ...
Understanding Our Cache and the Web Cache Deception Attack
About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that ...
Malicious Image Defacement Hidden from Search Engines
<p>After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your...
Ecommerce Security – Customer Data Breaches Using Images
<p>Since late last year, there has been a steady rise in malware campaigns that aim to steal sensitive personal information and financial credentials. ...
WordPress Security – Unwanted Redirects via Infected JavaScript Files
<p>We’ve been watching a specific WordPress infection for several months and would like to share details about it.</p> The attacks inject malicio...
Testing the Impacts of Website Caching Tools
<p>Try to remember what you ate for lunch yesterday.</p> It took you about 3-5 seconds, right? Ok. Now recall that memory once more. Took you les...
Buongiorno, Roma! Cloudflare Data Center CV
CC-BY 2.0 image by Ilaria Giacomi
¡Hola, Ecuador! Quito Data Center expands Cloudflare network to 104 cities across 52 countries
CC-BY 2.0 image by Scipio
Malicious Subdirectories Strike Again
<p>In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on oth...
SEO Spam Campaign Exploiting WordPress REST API Vulnerability
<p>Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many host...
Introducing Zero Round Trip Time Resumption (0-RTT)
<p>Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has...
Stored XSS in WordPress Core
<p>As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerabl...
SF9 Realex Magento Module Targeted by Credit Card Scrapers
<p>Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracke...
Bank Phishing Incident Analysis
<p>Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked f...
Cloudflare at Google NEXT 2017
The Cloudflare team is headed down the street to Google NEXT 2017 from March 8th - 10th at Moscone Center booth C7 in San Francisco, CA. We’re excited to mee...
vBulletin Used to Show Malicious Advertisements
<p>In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulleti...
Labs Notes Monthly Recap – Feb/2017
<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT).</p> The Suc...
The Story of an Expired WHOIS Server
<p>We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into ...
Quantifying the Impact of “Cloudbleed”
Last Thursday we released details on a bug in Cloudflare's parser impacting our customers. It was an extremely serious bug that caused data flowing through C...
SQL Injection Vulnerability in NextGEN Gallery for WordPress
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
Incident report on memory leak caused by Cloudflare parser bug
Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pa...
Joomla Security – Pornography Spam Campaign in the Wild
<p>One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet,...
WordPress Security – Fake TrafficAnalytics Website Infection
<p>Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot...
New Guide on How to Fix Hacked Magento Sites
<p>Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website securit...
NCC Group’s Cryptography Services audits our Go TLS 1.3 stack
The Cloudflare TLS 1.3 beta is run by a Go implementation of the protocol based on the Go standard library, crypto/tls. Starting from that excellent Go codeb...
Labs Notes Monthly Recap – Jan/2017
<p>Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Teams (IRT).</p> The Su...
RCE Attempts Against the Latest WordPress REST API Vulnerability
<p>We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability.</p> These RCE at...
JavaScript Injections Leads to Tech Support Scam
<p>During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular Add...
Cloudflare Crypto Meetup
Come join us on Cloudflare HQ in San Francisco on Tuesday, Febrary 28, 2017 for another cryptography meetup. We again had a great time at the last one, we de...
WordPress REST API Vulnerability Abused in Defacement Campaigns
<p>WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF ne...
Website Application Firewalls (WAF) – Practical Approach to Website Security
<p>In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article w...
NANOG - the art of running a network and discussing common operational issues
<p>The North American Network Operators Group (NANOG) is the loci of modern Internet innovation and the day-to-day cumulative network-operational knowl...
Protecting everyone from WordPress Content Injection
Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (belo...
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg...
Content Injection Vulnerability in WordPress
<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security ...
Fake bb_press Plugin Redirects to Mobile Pornography
<p>When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain a...
WordPress Performance Optimization Guide
<p>Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordP...
vBulletin Malware – When Hackers Compete for Backdoor Control
<p>A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all ...
Labs Notes Monthly Recap – Dec/2016
<p>Last month there were a number of interesting website hacks being analyzed by our Malware Research Team (MRT) and Incident Response Teams (IRT).<...
Cloudflare’s Transparency Report for Second Half 2016 and an Additional Disclosure for 2013
Cloudflare is publishing today its seventh transparency report, covering the second half of 2016. For the first time, we are able to present information on ...
Injection of Unwanted Google AdSense Ads
<p>During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-...
Hacked Website Report – 2016/Q3
<p>Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Rem...
Website Malware Targets Mobile Platforms
<p>Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can ...
2016
Session Stealer Script Used In OpenCart
<p>With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few c...
Removing Images from Google Local Business Listings
<p>As a business owner, the last thing you want is for a potential customer to search Google for your business and find a lewd image.</p> The way...
So you want to expose Go on the Internet
This piece was originally written for the Gopher Academy advent series. We are grateful to them for allowing us to republish it here.
New Guide to Fixing Google Website Security Warnings
<p>One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped wi...
PrestaShop Attack Steals Login Credentials
<p>Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources ...
Labs Notes Monthly Recap – Nov/2016
<p>Time for another monthly recap! If you haven’t seen the other monthly recaps, make sure to check out October and September. Our malware research and...
Cloudflare acquires Eager
In 2011 we launched the Cloudflare Apps platform in an article that first declared Cloudflare as “not ... the sexiest business in the world.” Sexy or not, Cl...
How Scammers Abuse Baidu Search Results
<p>If you use Skype, recently you may have received Baidu link spam from some of your contacts.</p> The links look like this: www.baidu[.]com/lin...
How to Secure Websites for Clients
<p>In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to u...
Unrestricted Backend Login Method Seen in OpenCart
<p>From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malw...
Exploited Script in WordPress Theme Sends Spam
<p>As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates di...
Malicious Redirect Injected in Magento One Page Checkout
<p>With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have bee...
Website Spam Infection via Zip File Upload
<p>Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware.</p> The malware creates doorways for h...
IPv4 vs IPv6 Performance Comparison – Part 2
<p>A few months ago, we posted an article about the difference between IPv4 and IPv6. Our research team has expanded on those findings with additional ...
Cloned Spam Sites in Subdirectories
<p>In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding ...
New Guide on How to Fix Hacked Joomla! Sites
<p>Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the intern...
New XM1RPC SEO Spam and Backdoor Campaign
<p>We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1R...
Labs Notes Monthly Recap – Oct/2016
<p>In our September Labs Notes Recap, we listed recent discoveries made by our Incident Response and Malware Research Teams. These monthly recaps serve...
Cloudflare Crypto Meetup
Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided ...
Learning From Buggy WordPress Wp-login Malware
<p>When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean...
Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869
<p>Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their ...
Details on the Privilege Escalation Vulnerability in Joomla
<p>Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability.</p> As we’ve see...
Joomla Account Creation Vulnerability
<p>The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of ...
Malicious WordPress Subdirectory Installs For SEO Spam
<p>Remediating over 500 infected sites per day, we see attacks executed at varying levels of complexity. The tactics attackers use to compromise a site...
Credentials Stealer on Prestashop
<p>In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the wo...
Accounting for Defense in Depth in Website Security
In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with roots dating back mil...
Magento Credit Card Swiper Exports to Image
Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding new variants nearl...
Security through Confusion – The FUD Factor
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first...
TLS nonce-nse
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that tw...
Labs Notes Monthly Recap – Sep/2016
Sharing what we learn in the form of content and tools has been a staple here at Sucuri since our inception. Our greatest challenge is having enough hours to...
WordPress Hack Modifies Core Files to Share Spam
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even websi...
Cloudflare Certifies Under the New EU-U.S. Privacy Shield
Cloudflare has certified with the U.S. Department of Commerce for the new EU-U.S. Privacy Shield framework.
Introducing Dedicated SSL Certificates
When we launched Universal SSL in September 2014 we eliminated the costly and confusing process of securing a website or application with SSL, and replaced i...
Control your traffic at the edge with Cloudflare
Today, we're introducing two new Cloudflare Traffic products to give customers control over how Cloudflare’s edge network handles their traffic, allowing the...
SSH Brute Force Compromises Leading to DDoS
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We...
How we brought HTTPS Everywhere to the cloud (part 1)
CloudFlare's mission is to make HTTPS accessible for all our customers. It provides security for their websites, improved ranking on search engines, better p...
What is the Status of IPv6 Adoption?
The internet is a complex ecosystem of interconnected devices, and at its core is the Internet Protocol (IP). This protocol is currently in its second major ...
An overview of TLS 1.3 and Q&A
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version...
Fixing the mixed content problem with Automatic HTTPS Rewrites
CloudFlare aims to put an end to the unencrypted Internet. But the web has a chicken and egg problem moving to HTTPS.
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights a...
Introducing TLS 1.3
CloudFlare is turbocharging the encrypted internet
Encryption Week
Since CloudFlare’s inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we’ve made Cloud...
CloudFlare’s new WordPress plugin
Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combi...
Hacking WordPress Sites on Shared Servers
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites ...
New Guide on How to Fix Hacked WordPress Sites
Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on WordPress support ...
Cleaning the Wp-Page Pharma Hack in WordPress
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceuti...
IoT Home Router Botnet Leveraged in Large DDoS Attack
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distr...
How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks
<p>The mission of the United State’s Government’s Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. It’s ironi...
IPv4 vs IPv6 Performance Comparison
IPv6 usage has been growing very slowly through the last 10 to 15 years. Since mid-2015 it started to pick up and increase adoption at a rapid pace. Google, ...
Evenly Distributed Future
Traveling back and forth between the UK and US I often find myself answering the question “What does CloudFlare do?”. That question gets posed by USCIS on ar...
The Cuban CDN
On a recent trip to Cuba I brought with me a smartphone and hoped to get Internet access either via WiFi or 3G. I managed that (at a price) but also saw for ...
SQL Injection Vulnerability in Ninja Forms
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, ...
Analyzing and Cleaning Hijacked Google SEO Spam Results
Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display unwanted ...
Spotlight – How Cart66 Maintains Security for Ecommerce
Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security componen...
A Plugin’s Expired Domain Poses a Security Threat to Websites
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clie...
Fake FreeDNS Used to Redirect Traffic to Malicious Sites
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads...
Browser/OS Statistics From Half Billion Blocked Attacks
The need to make better sense of markets is paramount to the way businesses are run and decisions are made. We see this with the proliferation of online serv...
Phishing Attacks Target Ecommerce Checkout Pages
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where a...
New Realstatistics Attack Vector Compromising Joomla Sites
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolv...
PCI for SMB – Requirement 2- Do Not Use Defaults
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card...
Realstatistics Malware Campaign Uses Fake Analytics Sites
In this post we’ll show you the tactics employed by the realstatistics malware campaign to make their injections seem less suspicious. The injection looks li...
Realstatistics Malware Campaign Leads To Ransomware
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last 2 weeks ( codenamed “Realstatistics”). This campaign has compromis...
200k+ Parked/Expired Domains Used to Distribute Malicious Ads
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x th...
Large CCTV Botnet Leveraged in DDoS Attacks
Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention becaus...
PCI Compliance for eCommerce – Choosing Between SAQ A and A-EP
The Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards established in a joint venture between a number of the top credit ...
Domain Renewal Phishing Scams
When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam. The letter was designed to look like a bill, e...
The Growing DDoS Threat to Website Owners
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The moneti...
Secure and fast GitHub Pages with CloudFlare
<p>GitHub offers a web hosting service whereby you can serve a static website from a GitHub repository. This platform, GitHub Pages, can be used with C...
Phishers Abuse Hosting Temporary URLs
Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar t...
Magento Credit Card Stealer for Braintree Extension
We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive da...
WP Mobile Detector Vulnerability Being Exploited in the Wild
For the last few days, we have noticed an increasing number of websites infected without any outdated plugin or known vulnerability. In most cases it was a p...
Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highl...
Backdoor in Fake Joomla! Core Files
We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren’t...
Website Hacked Trend Report – 2016/Q1
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our...
The Sleepy User Agent
From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand...
New Wave of the Test0/Test5.com Redirect Hack
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domai...
Finding Conditional SEO Spam in Drupal
Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what w...
Analyzing ImageTragick Exploits in the Wild
Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We’ve been actively monitoring as promised, and have started to see a f...
WordPress Redirect Hack via Test0.com/Default7.com
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / ...
ImageMagick Remote Command Execution Vulnerability
ImageMagick is a popular software used to convert, edit and manipulate images. It has libraries for all common programming languages, including PHP, Python, ...
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it...
Introducing CloudFlare Origin CA
Free and performant encryption to the origin for CloudFlare customers
Stronger protection and more control over security settings with CloudFlare’s new cPanel plugin
CloudFlare has released a new version of our plugin for cPanel with two new features and more control over the security settings of your website.
Cloned Websites Stealing Google Rankings
We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a we...
Troubleshooting Mixed Content Warnings with HTTPS
Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We’ve seen Goog...
SEO Spam Technique Designed to Avoid Detection
Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you r...
It takes two to ChaCha (Poly)
Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only ...
Sucuri – 2016 Redesign
A few weeks ago, while enjoying a fine lunch on a bright sunny day in Southern California, our researcher and marketing teams found themselves across the tab...
Beware of Unverified TLS Certificates in PHP & Python
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your...
Introducing CFSSL 1.2
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t writte...
The Trouble with Tor
The Tor Project makes a browser that allows anyone to surf the Internet anonymously. Tor stands for "the Onion router" and that describes how the service wor...
Hacked Websites Redirect to Porn from PDF / DOC Links
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. T...
Going to IETF 95? Join the TLS 1.3 hackathon
If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the f...
When a WordPress Plugin Goes Bad
Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin....
Behind the Malware – Botnet Analysis
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerabil...
Investigating a Compromised Server with Rootcheck
What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform...
We’re hosting a Null Singapore meetup!
We're happy to announce that next week CloudFlare is hosting the Null Security meetup in Singapore. You are invited!
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March...
Fake SUPEE-5344 Patch Steals Payment Details
In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to v...
Padding oracles and the decline of CBC-mode cipher suites
At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make s...
Change the (S)Channel! Deconstructing the Microsoft TLS Session Resumption bug
Initial Problem Report
Seo-moz.com SEO Spam Campaign
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisem...
Magento PCI Compliance Issues and Theft Over TLS
With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for hackers...
Massive Admedia/Adverting iFrame Infection
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguish...
The Risks of Hiring a Bad SEO Company
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by se...
Advanced Technical “Hacks” for your site’s SEO
Improving your site’s SEO is probably top of mind for you, but doing so takes a lot of hard work and the rules of the game are constantly changing. On Tuesda...
The 20 Best WordPress Facebook Groups You Should Join
In this day and age, connecting with other people, group, community is so easy. Finding the best group however can be tricky. So here are 20 Best Wordpress F...
Think Global, Peer Local. Peer with CloudFlare at 100 Internet Exchange Points
<p>Internet Exchange Points (IXPs) or Network Access Points (NAPs) facilities are where networks meet, participating in what’s known as peering, which ...
Flexible, secure SSH with DNSSEC
<p>If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation Ope...
Ransomware Strikes Websites
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as ...
Beginner’s Guide on How to Add a Link in WordPress
This tutorial doesn’t just teach you how to add a link in your posts but also on pages, text widgets, navigation menus, and more. How great is that?! What ar...
Malicious Pastebin Replacement for jQuery
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats...
How to Install Facebook Remarketing/Retargeting Pixel in WP
Are you looking into retargeting ads on Facebook? Do you want to install Facebook’s remarketing/retargeting pixel in WordPress? This article from WPBeginner ...
2015
Fake Media Download Sites
Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engin...
How to Talk to Your Parents About Encryption
It’s December 25th, which means most of you are probably at home visiting with family. I asked a few of the security engineers here at CloudFlare how they ex...
Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values th...
Critical 0-day Remote Command Execution Vulnerability in Joomla
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from...
The 7 Best WordPress Analytics Plugins for Stat Junkies
Wikipedia defines analytics as the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information, a...
Increased Popularity in DDoS Extortion Campaigns
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from di...
Tools for debugging, testing and using HTTP/2
With CloudFlare's release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you'll want to be u...
HTTP/2 is here! Goodbye SPDY? Not quite yet
Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. Th...
How to Rollback WordPress Plugins
Here’s another tutorial from WPBeginner. How to Rollback WordPress Plugins (Version Control for Beginners) Have you ever updated a WordPress plugin only to r...
Sucuri += HTTP/2 — Announcing HTTP/2 Support
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already support...
Unwanted Software and Harmful Programs
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings inc...
Spam Campaign Causes “DDoS” by Googlebot
Every once in a while we get a glimpse into rare and strange behavior that doesn’t involve the website being hacked, but causes major problems for website ow...
9 Best YouTube Video Gallery Plugins for WordPress
Source: WPBeginner
Distributed Vulnerability Search – Told via Access Logs
Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabi...
5 Tips to Improve Your Social Media Ad Campaigns
Today, we are sharing some tips from Social Media Examiner on How to Improve your Social Media Ad Campaign. I hope it helps! 5 Tips to Improve Your Social Me...
jQuery.min.php Malware Affects Thousands of Websites
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Ev...
vBulletin Exploits in the Wild
The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date ...
Joomla SQL Injection Attacks in the Wild
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows ...
Joomla 3.4.5 released. Fixing a serious SQL Injection vulnerability
The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticate...
iTunes 12.3.1.23 cuts support for some AirPlay devices
If you’re a heavy AirPlay user, and you use older hardware such as the original AirPort Express, you may want to hold off on the latest iTunes update. Screen...
How to Create Custom Sidebars and Footers for Your WordPress Website
via WPMUDEV We tried coming up with a more exciting name for Custom Sidebars but what else do you call a plugin that gives you custom sidebars? Or more speci...
Massive Magento Guruincsite Infection
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already...
Five of the Best WordPress Appointment Plugins
When the Rolling Stones covered “Time is On My Side” by Kai Winding in 1964, they clearly didn’t foresee a world where we’d be fighting so hard to maintain ...
Redirect to Microsoft Word Macro Virus
These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s n...
How to Add Old Post Notification on Your WordPress Blog
Adding an old post notification can help readers identify which posts are still relevant specially for websites that belong to a fast paced industry. I’m tal...
Brute Force Amplification Attacks Against WordPress XMLRPC
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most li...
Phishing for Anonymous Alligators
Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers ar...
Analyzing Black Hat URL Shorteners
Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hacke...
How to Easily Add Custom CSS to Your WordPress Site
Have you ever wanted to add a custom CSS in your site? You should be able to do it like a pro with these simple tips. How to Easily Add Custom CSS to Your Wo...
.htaccess Tricks in Global.asa Files
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual pa...
Announcing CloudFlare’s Internet Summit - And How to Get an Invitation
Five years ago next week, CloudFlare launched its service to the public. We’re celebrating our birthday in a variety of ways, including holding our first-eve...
Analyzing Proxy Based Spam Networks
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat...
WordPress Brute Force Attacks – 2015 Threat Landscape
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker ...
How to Add Beautiful Email Templates in WordPress
Want to beautify the appearance of your email templates? I suggest you read on! How to Add Beautiful Email Templates in WordPress Do you want to change the a...
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search ...
Analyzing Popular Layer 7 Application DDoS Attacks
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken...
Simple Helix chooses CloudFlare to ignite white-hot Magento performance
Today’s guest blogger is George Cagle. George is a system administrator at Simple Helix, a CloudFlare partner.
Demystifying File and Folder Permissions
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the sa...
FunWebProducts UserAgent Bloating Traffic
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites g...
Wigo Means Bingo for Blackseo Agent
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst'...
Ensuring the web is for everyone
This is the text of an internal email I sent at CloudFlare that we thought worth sharing more widely. I annotated it a bit with links that weren't in the ori...
Persistent XSS Vulnerability in WordPress Explained
Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team releas...
The 10 Most Important Things You Should Do Immediately After Installing WordPress
Elegant Themes again provides us with another checklist of things to do after installing Wordpress. This list will “make sure your site is set-up and working...
DNS parser, meet Go fuzzer
Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Ther...
BIND9 – Denial of Service Exploit in the Wild
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by mos...
Prestige Conference Means Business
A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the...
How to Add Email Subscriptions to Your WordPress Blog
Email subscription is a great way to keep your customer’s updated. The article from WP Beginner that we’re sharing today discusses Email Subscriptions.
New Android Flaw Lets Hackers Into Your Phone With Just a Text
Lifehacker New Android Flaw Lets Hackers Into Your Phone With Just a Text
SweetCaptcha Returns Hijacking Another Plugin
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-par...
Malicious Google Analytics Referral Spam
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your...
How to Use Social Media to Build Your Personal Brand
What is personal branding?
Webutation Distributing Malware Through Safety Badge
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirect...
12 WordPress Maintenance Tasks to Perform in Your Downtime
Having a website requires maintenance and constant updates. Here are some maintenance tasks to perform in your site as suggested by Elegant Themes. Backup ...
10 Years of Joomla! – Supporting JoomlaDay Minnesota
As Joomla prepares to celebrate its 10 year anniversary, we want to be certain to join in the festivities. Why? Because open source platforms allow individua...
Common Website Security Terminology Defined
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabiliti...
How to Add Facebook Author Tag in WordPress
Here’s another dose of How To’s from WPBeginner. Enjoy!
Analyzing a Facebook Clickbait Worm
Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are no...
9 Best Audio Player Plugins for WordPress
For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress Wor...
How to build your own public key infrastructure
A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are...
Magento Platform Targeted By Credit Card Scrapers
We’ve been writing a lot about E-Commerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and th...
Websites Hacked Via Website Backups
The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wro...
Beginner’s Guide to WordPress User Roles and Permissions
Administrator Editor Author Contributor Subscriber You can give different permissions to different user roles on your Wordpress site. The article that...
EFF, CloudFlare Ask Federal Court Not To Force Internet Companies To Enforce Music Labels’ Trademarks
This blog was originally posted by the Electronic Frontier Foundation who is represents CloudFlare in this case.
10 Tips to Improve Your Website Security
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joo...
How to Add a PayPal Donate Button in WordPress
Are you looking to add a donate button on your WordPress site?
Your Website Hacked but No Signs of Infection
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. Th...
How to Create Separate Blogs on a Single Install of WordPress
Do you want to display multiple blog or posts on multiple pages of your site?
Introducing Free Global Website Performance Tool
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across ...
Fake jQuery Scripts in Nulled WordPress Pugins
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not ...
How to Create a Social Media Marketing Plan
Social media has a huge impact nowadays. Marketers found a way how to broaden their reach through social media marketing. This article was first published on...
Website Security – How Do Websites Get Hacked?
In 2014 the total number of websites on the internet reached 1 billion, today it’s hovering somewhere in the neighborhood of 944 million due to websites goin...
How to Find Your WordPress Login URL
Remembering your Wordpress login URL is easy peasy.
How Social Media Blacklisting Happens
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users ex...
The 14 Most Influential WordPress Businesses in Existence
Here’s a great write up over at the Elegant Themes Blog - definitely worth a quick scan for anyone that routinely uses WordPress.
How to Crop and Edit WordPress Post Thumbnails
Want to know how to edit those post thumbnails? This article from WPBeginner will teach you the trick! How to Crop and Edit WordPress Post Thumbnails Are you...
JetPack and TwentyFifteen Vulnerable to DOM-based XSS – Millions of WordPress Websites Affected
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure ...
Hacked Websites Redirect to Bitcoin.org
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is B...
How to Market to Customers When The Free Trial is Over
The free trial is a common SaaS marketing strategy. According to Totango, 44% of SaaS companies offer a free trial. But the strategy is only as good as how f...
An introduction to JavaScript-based DDoS
<p> CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distrib...
My Website Was Blacklisted By Google and Distributing Email Spam
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning pa...
CloudFlare’s New Dashboard
When we started CloudFlare, we thought we were building a service to make websites faster and more secure, and we wanted to make the service as easy and acce...
How To Create Your Own Social Network With WordPress
by Brenda Barron
Critical Persistent XSS 0day in WordPress
Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s ...
New Magento WAF Rule – RCE Vulnerability Protection
Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerabili...
Of Phishing Attacks and WordPress 0days
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside...
Magento Shoplift (SUPEE-5344) Exploits in the Wild
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it c...
Contributing back to the security community
This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I'm speaking about a version of The ...
Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately!
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more t...
The Best Related Posts Plugins for WordPress
By Jenni McKinnon Is your bounce rate high? Are users leaving your site after reading just one post? Encouraging people to stick around and browse your site ...
Website Firewall – Critical Microsoft IIS vulnerability (MS15-034)
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or...
Impacts of a Hack on a Magento Ecommerce Website
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you...
The Procrastinator’s Guide to Filing Taxes With Evernote
This article seems like a timely one to share and commiserate with folks today. If you’re ok with digitizing your life - some folks are and others certainly...
How to enable WiFi calling on iPhone 6 - iOS 8.3
Sprint has been pledging to support WiFi calling for ages, and now that iOS 8.3 has been released , they have finally made good on their word. It doesn't get...
How LinkedIn Marketing Can Get You More Customers
I have a LinkedIn account and just like the author of the article I’m not paying much attention to it. But after reading his post, I am now considering to be...
How To Create a Website Backup Strategy
We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-u...
Everything You Ever Wanted to Know About WordPress Domain Mapping
by Brenda Barron
Website Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
Website Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invi...
How to change your WordPress Database Name in 3 Steps
Naming your databases allows you to determine which database is for which site. Aside from that, it is also an added protection from hackers. Here are the si...
Intro to E-Commerce and PCI Compliance – Part I
</a> Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have al...
Intro to E-Commerce and PCI Compliance – Part I
Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do you re...
12 Not-So-Obvious WordPress Tweaks to Improve Posts and Pages
If you want details for the not-so-obvious tweaks that you can do for the following, I suggest you read the full article here.
WordPress Malware Causes Psuedo-Darkleech Infection
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add ...
WordPress Malware Causes Psuedo-Darkleech Infection
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses...
Why Website Reinfections Happen
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to...
How To Create An RSS To Email Campaign For Your Blog
With new tools it is easier to reach your customers and readers through email. Gone are the days where you send emails manually. The article we’re sharing to...
OpenSSL Security Advisory of 19 March 2015
Today there were multiple vulnerabilities released in OpenSSL, a cryptographic library used by CloudFlare (and most sites on the Internet). There has been a...
The Impacts of a Hacked Website
Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are abl...
Bloom — The Ultimate Email Opt-In Plugin For WordPress
Introducing Bloom — The Ultimate Email Opt-In Plugin For WordPress Has Arrived! by Nick Roach
Understanding WordPress Plugin Vulnerabilities
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are m...
How to Create a Video Slider in WordPress
This article teaches us how to install and set up Soliloquy plugin. How to Create a Video Slider in WordPress Have you seen popular sites using videos in the...
How to Create Custom, Trackable, Short URL’s For Your WP Posts
Let’s face it, we hate memorizing let alone remembering those long website addresses. Good thing we can now shorten those long addresses and track it! Here’s...
Inverted WordPress Trojan
Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously ...
Deprecating the DNS ANY meta-query type
DNS, one of the oldest technologies running the Internet, keeps evolving. There is a constant stream of new developments, from DNSSEC, through DNS-over-TLS, ...
Why A Free Obfuscator Is Not Always Free.
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable –...
Build Your Own Online Marketplace Using WordPress
The article that we’re sharing today tackles how you can use Wordpress for your Marketplace. You’ll learn the difference between eCommerce store and a Market...
How to Easily Create a Multilingual WordPress Site
Do you want to reach more people or customers? Why not make your website multilingual? The article that we’re sharing today will guide you how to do that. Ho...
The 11 Best Code Editors Available in 2015
This is for all the Web Developers out there! Both free and paid code editors are discussed in the article. Some of them are: Atom UltraEdit Sublime Tex...
Malware Cleanup to Arbitrary File Upload in Gravity Forms
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or f...
Why Websites Get Hacked
I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, ...
Enforce Web Policy with Hypertext Strict Transport Security (HSTS)
Hypertext Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks....
Fixing the “Password Field is Empty” WordPress Error in Chrome
Some users trying to access their WordPress admin panel have found that Google Chrome seemingly auto-fills their password. Hooray for technology! But once th...
Security Advisory – WP-Slimstat 3.9.5 and lower
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injecti...
How to Unlock Your Customers’ Deepest Desires
Survey Questions That Work: How to Unlock Your Customers’ Deepest Desires How well do you know your customers and their needs? And, how well do you meet thos...
How to Add SSL and HTTPS in WordPress
In this article, the following concerns below will be tackled; What is HTTPS and SSL? Why do you need HTTPS and SSL? Requirements for using HTTPS and SSL...
Vulnerability Disclosures – A Note To Developers
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the ...
The Dynamics of Passwords
How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Ar...
Analyzing Malicious Redirects in the IP.Board CMS
Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller C...
Get Started with CloudFlare ServerShield for Plesk
ServerShield makes it easy to activate CloudFlare and StopTheHacker.
Updating the DNS Registration Model to Keep Pace with Today’s Internet.
CloudFlare is, arguably, the largest third-party DNS Authoritative operator in the world. We manage well over 1 million domains and have registrations in alm...
Zero-day in the Fancybox-for-WordPress Plugin
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203ko...
Advisory – Dangerous “nonce” leak in UpdraftPlus
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If yo...
Creative Evasion Technique Against Website Firewalls
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted ...
8 Keys to Creating More Meaningful Content
A new take on those symbols! 8 Keys to Creating More Meaningful Content by Barry Feldman Hello ! @ # $ % ^ & * I was staring at my keyboard when I got ...
Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam
Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selli...
DNSSEC Done Right
This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare.
How to Use Google Webmaster Tools to Improve Your Website
Don’t have any idea what Google Webmaster tools can do for you? Here is a good article from Elegant Themes that explains the things that you need to know. Ho...
Critical “GHOST” Vulnerability Released
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discover...
DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we...
How to Block a WordPress User Without Deleting Their Account
Here is another trick that you can add in you arsenal. How to Block a WordPress User Without Deleting Their Account
16 Plugins to Help You Communicate With Your Users
by Rachel McColli
Security Advisory – Vulnerabilities in Pagelines/Platform theme for WordPress
Advisory for: Pagelines and Platform Themes Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / ...
How to Display Most Commented Posts in WordPress
Showing the most commented posts on your site allows you to know which topic attracts most people to your site. We hope you find this tutorial from WPBeginne...
AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them me...
vBSEO’s Vulnerability Leads to Remote Code Execution
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further invest...
How to Allow User Log In with Email in WordPress
Have you noticed that most popular sites like Facebook, Twitter, etc allow users to log in with email or their username? Want to add the same functionality o...
vBulletin Releases Serious Vulnerability in VBSEO
The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability on VBSEO. VBSEO is widely used SEO module for vBulle...
20 Must Have WordPress Plugins for 2015 (Expert Pick)
Before anything else, let us greet you a Happy New Year!
Website Backdoors Leverage the Pastebin Service
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show ...
2014 Website Defacements
Defacements are the most visual and obvious hack that a website can suffer from. They also come parcelled with their own exquisite sense of dread. Nothing gi...
2014
WP Symposium – Zero Day Vulnerability Dangers
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing i...
Analyzing The WordPress SoakSoak Favicon Backdoor
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mi...
SoakSoak Campaign Evolves – New Wave of Attacks
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websi...
Kyoto Tycoon Secure Replication
Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon...
How to Automatically Log out Idle Users in WordPress
Website security is a major concern nowadays. It is best to keep your site’s plugins and security software up to date. Here is another plugin that you can ad...
How to Bulk Edit Featured Images in WordPress
Ever wanted to update the featured images in your site in one go? Assign images in all your posts? This plugin is the answer.
How to Get Your Blog Post on the First Page of Google
“We should rename SEO indicate relevance,” says Andy @Crestodia, the content chemist.”
SoakSoak Malware Compromises 100,000+ WordPress Websites
This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Google Blacklisting – Soa...
Malvertising on a Website Without Ads
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless of...
Targeted Phishing Against GoDaddy Customers
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missin...
How to Improve Your Writing Skills
I am a frustrated writer.
Critical Vulnerability in Joomla! HD FLV Player Plugin
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched only J...
IIS, Compromised GoDaddy Servers, and Cyber Monday Spam
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those web...
Leveraging the WordPress Platform for SPAM
We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comme...
WordPress Plugins to Streamline Your Business
Nowadays, most businesses rely on the internet to widen the range of people that they can reach. And to make others aware of the services that they offer. Th...
Security Advisory – High Severity– WordPress Download Manager
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote Fi...
Security advisory – High severity – InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation an...
JoomDonation Compromised
We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into ...
Typos Can have a Bigger Impact Than Expected
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk i...
Protecting Against Unknown Software Vulnerabilities
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can ...
Security Advisory – High severity – WP-Statistics WordPress Plugin
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which execute...
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerabil...
The Art of Website Malware Removal – The Basics
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concer...
The Psychology Behind Why Websites Get Hacked
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because every...
Combat Blackhat SEO Infections with SEO Insights
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming mor...
Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to dro...
Most Common Attacks Affecting Today’s Websites
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more ...
Spotting Malicious Injections in Otherwise Benign Code
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we sc...
Security Advisory – Medium Severity – WP eCommerce WordPress Plugin
Advisory for: WordPress WP eCommerce Plugin Security Risk: Medium (DREAD score : 6/10) Exploitation level: Easy/Remote Vulnerability: Information leak and ac...
Drupal Warns – Every Drupal 7 Website was Compromised Unless Patched
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as imme...
Threat Introduced via Browser Extensions
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, ...
ASP Backdoors? Sure! It’s not just about PHP
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to c...
Google Blacklists Bit.ly
If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing prog...
The Details Behind the Akeeba Backup Vulnerability
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download...
Drupal SQL Injection Attempts in the Wild
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of ...
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely b...
Vulnerability Disclosed in SSL 3.0 – This Poodle Bites
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. Whil...
Website Attacks – SQL Injection And The Threat They Present
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a S...
Joomla! 3.3.5 Released – Fixing High Priority Security Issues
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the...
Bash – ShellShocker – Attacks Increase in the Wild – Day 1
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a...
Bash Vulnerability – Shell Shock – Thousands of cPanel Sites are High Risk
The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote comman...
Security Advisory – Hikashop Extension for Joomla!
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In...
Website Malware – Curious .htaccess Conditional Redirect Case
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting invest...
WordFence WordPress Security Plugin Pushes a Security Update
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update t...
Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that messa...
Website Security – Compromised Website Used To Hack Home Routers
What if we told you that a compromised website has the ability to hack your home router? Yesterday we were notified that a popular newspaper in Brazil (polit...
Security Advisory – Critical Vulnerability in the VirtueMart Extension for Joomla!
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’...
Microsof IIS Web Server – CMD Process Contributing to Website Reinfections
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infect...
Anatomy of 2,000 Compromised Web Servers used in DDoS Attack
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which t...
Slider Revolution Plugin Critical Vulnerability Being Exploited
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silentl...
Quick Analysis of a DDoS Attack Using SSDP
Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The interesting aspect of the case wa...
My WordPress Website Was Hacked
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hostin...
Security Advisory – Akeeba Backup for Joomla!
Advisory for: Akeeba for Joomla! Security Risk: Low Exploitation level: Difficult/Remote Vulnerability: Access control bypass If you’re a user of the very po...
Tinfoil Security vulnerability scanning now easy in CloudFlare Apps
We’re pleased to introduce a new CloudFlare App: Tinfoil Security. Tinfoil Security is a service designed to find possible web application vulnerabilities. ...
Thoughts on WordPress Security and Vulnerabilities
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks s...
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulner...
WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies ...
Yoast and Sucuri Partner to Create a Safer Web
We’re very excited to finally talk about a partnership that’s been in the works for a few months and in light of the serious nature of the Security in the Wo...
Backups – The Forgotten Website Security Pillar
I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website securit...
Experimenting with mozjpeg 2.0
One of the services that CloudFlare provides to paying customers is called Polish. Polish automatically recompresses images cached by CloudFlare to ensure th...
Responsible Disclosure – Sucuri Open Letter to MailPoet and Future Disclosures
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every p...
New Brute Force Attacks Exploiting XMLRPC in WordPress
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is a...
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to ...
Massive Malware Infection Breaking WordPress Sites
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly inj...
SQL Injection Vulnerability – vBulletin 5.x
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member ...
Introducing CFSSL - CloudFlare’s PKI toolkit
Today we’re proud to introduce CFSSL—our open source toolkit for everything TLS/SSL. CFSSL is used internally by CloudFlare for bundling TLS/SSL certificates...
Website Malware – Mobile Redirect to BaDoink Porn App
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It ...
Simplifying the language of website security
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with the...
Parabéns, Brasil! CloudFlare’s 27th Data Center Now Live
“Chile may have scored a CloudFlare data center first, but at least we’re still in the Cup” Brazil is home to not only the most successful national football...
Making code better with reviews
In the past we've written about how CloudFlare isn't afraid to rip out and replace chunks of code that have proved to be hard to maintain or have simply reac...
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to uploa...
TimThumb WebShot Code Execution Exploit (0-day)
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was jus...
SPAM Hack Targets WordPress Core Install Directories
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other fake stores?...
Q&A with Ryan Lackey
Lackey being hoisted onto Sealand in the North Sea circa 2000 How did you get into computer security? I started using the Internet when I was young—in the e...
CloudFlare Acquires CryptoSeal
We're excited to announce that CloudFlare has acquired the Trusted Computing and virtual private network (VPN) as a service company CryptoSeal. CryptoSeal w...
Is my website hacked? If you have to ask then, “Yes.”
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot ...
Naming Project Galileo
What’s in a Name Earlier today, CloudFlare announced Project Galileo to protect free speech on the Web by using its sophisticated anti-DDoS resources. Seve...
CloudProxy + SPDY = A Faster Website
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added...
Serious Cross Site Scripting Vulnerability in TweetDeck – Twitter
This morning as I was logging into various social networks I was presented with a popup with “XSS on Tweet Deck.” This obviously set every hair on my neck on...
WordPress Plugin Alert — LoginWall Imposter Exposed
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a ...
Website Firewall Update – Introducing 2FA and More
Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of se...
Take Back Your Internet – Demand a Safer Web
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out b...
CloudFlare is PCI Certified
Great news for everyone using CloudFlare on an e-commerce site, or a site accepting or processing credit card transactions. After undergoing a Payment Card I...
Was the FIFA Website Hacked?
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, socc...
Vulnerability found in the All in One SEO Pack WordPress Plugin
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escala...
Analyzing a Malicious iFrame – Following the Eval Trail
Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden ifra...
Malicious Redirections to Porn Websites
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infectio...
Sucuri CloudProxy – Website Firewall Enhancements
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the ...
Desktop AVs and Website Security
Brian Dye tells the Wall Street Journal that antivirus tools like his company’s Norton suite are effectively “dead” because they catch less than half of all...
Watch a Layer 7 DDOS Attack – WordPress Security
A few weeks back we reported on very large Layer 7 DDOS attacks within the WordPress ecosystem. Today we decided to provide you a little illustration of what...
Does Sucuri work with my host? Yes, Yes we do.
We’ve been scanning and removing malware from websites for years, and in this time frame we have seen the website security domain grow by leaps and bounds. O...
Tracking our SSL configuration
Over time we've updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we've documented those changes in b...
SiteCheck Extended – Making It Easier to Scan Your Websites
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and ot...
AdSense Blackmail – Hacking Websites for Profit
We deal with different types of malware injections and compromises everyday and the most common question our clients ask us is, “Why me? Why my small little ...
Joomla Plugin Constructor Backdoor
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joom...
Upcoming Meetups at CloudFlare
At CloudFlare, we love connecting with our communities, and so we are excited to announce two meetups to be hosted here at the CloudFlare headquarters in Sa...
Improving vulnerability disclosure for researchers
Trust, transparency, and collaboration are values which we hold dear at CloudFlare. As a web security and performance company, we are always interested in ho...
HeartBleed in the Wild
As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power...
The Results of the CloudFlare Challenge
Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its ...
Critical Update for JetPack WordPress Plugin
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attack...
Patching The Heartbleed OpenSSL Vulnerability
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are ...
JCE Joomla Extension Attacks in the Wild
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content ...
Unmasking “Free” Premium WordPress Plugins
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for...
Windigo Linux Analysis – Ebury and Cdorked
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thou...
How to ensure your server’s software stays secure?
At CloudFlare, security is on the top of our minds. We are always looking for ways to better secure the data we are entrusted with and improve the security o...
Security Exploit Patched on vBulletin – PHP Object Injection
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4...
What do you do when the world’s attention is on you?
Today’s guest blogger is Rodney Gibbs. Rodney is the CIO of The Texas Tribune, a nonprofit media organization that covers public policy, politics, and gov...
Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just th...
WordPress Pingback Attacks and our WAF
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for ...
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every websit...
Joomla Security Updates – Version 2.5.19 and 3.2.3 Released
The Joomla team just released 2 security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on Joomla, you need to ...
Highly Effective Joomla Backdoor with Small Profile
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. Th...
CloudFlare Publishes Transparency Report for 2013
On January 27, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security ...
Sucuri CloudProxy Website Firewall Improvements
If you are are a regular reader of our blog, you probably know about our CloudProxy Website Firewall which launched publicly almost a year ago. Since then, ...
SiteCheck Chrome Extension Now Available
Have you ever wondered if the websites you (or your family) visit contain code that is potentially harmful to you or your computer? If you are a Chrome user,...
Malicious iFrame Injections Host Payload on Tumblr
It’s always fun to watch malware developers using different techniques to code their creations. Sometimes it’s a matter of obfuscation, placement, injection,...
Mysterious Zencart Redirects Leverage HTTP Headers
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details...
Not Just Pills or Payday Loans, It’s Essay SEO SPAM!
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah...
Fighting back responsibly
Today on The Day We Fight Back, companies are coming together to protest the NSA’s mass surveillance programs. CloudFlare is proud to be one of those compani...
Joomla JomSocial Remote Code Execution Vulnerability
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0....
Darkleech + Bitly.com = Insightful Statistics
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, a...
Participate in the Day We Fight Back with One Click
At CloudFlare, we're fiercely committed to an open internet. That's why we’re announcing a new app that lets you easily add to your website a banner from The...
Layer 7 DDOS – Blocking HTTP Flood Attacks
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most...
New iFrame Injections Leverage PNG Image Metadata
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just ...
Stories from our recent global data center upgrade
Each day at CloudFlare is full of surprises. As it turns out, it takes a lot of work to stop massive attacks and to help make the web faster. Over the past ...
CloudFlare DNS is simple, fast and flexible
Over the past few years, the CloudFlare blog has covered a great range of different topics, drilling down into the technology we use to both protect websites...
Killing RC4 (softly)
Back in 2011, the BEAST attack on the cipher block chaining (CBC) encryption mode used in TLS v1.0 was demonstrated. At the time the advice of experts (inclu...
CloudFlare Transparency Report on National Security Orders
Earlier today, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security...
Website Mesh Networks Distributing Malware
Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almos...
Recent OptimizePress Vulnerability Being Mass Infected
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. ...
The Hidden Backdoors to the City of Cron
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough va...
Sucuri Company Meeting – Brazil 2014
2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. ...
Security issue on vBulletin’s uploader.swf
The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5. T...
2013
Using CloudFlare to mix domain sharding and SPDY
Note: this post originally appeared as part of the 2013 PerfPlanet Calendar It’s common knowledge that domain sharding, where the resources in a web page are...
Keeping our open source promise
Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the...
Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerabilit...
What we’ve been doing with Go
Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, pro...
A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive ...
Ensuring Randomness with Linux’s Random Number Generator
attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random nu...
Why some cryptographic keys are much smaller than others
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I conn...
Why secure systems require random numbers
(Image Copyright (c) Walt Disney) If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Com...
Details Behind Today’s Internet Hacks
When I woke up this morning I had no idea I'd be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day— Rajiv Pant (@ra...
Updating Our Privacy Policy
Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to...
Staying on top of TLS attacks
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a pri...
CloudFlare, PRISM, and Securing SSL Ciphers
Over the last week we've closely watched the disclosures about the alleged NSA PRISM program. At CloudFlare, we have never been approached to participate in...
What CloudFlare Logs
Over the last few weeks, we've had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we ...
Wordpress Botnet Brute Force Attacks
[caption id=”attachment_156” align=”alignright” width=”300”] Image: Cloudflare[/caption]
The DDoS That Almost Broke the Internet
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times c...
CloudFlare Keeps TheBayLights.org Running Bright
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind - The Golden Gate Bridge. This year, however, the Bay Bridge is ...
Facebook Bug Redirects the Web Through Javascript Widget Error
You may have heard that Facebook took down a significant portion of the Internet today. A bug in their Facebook Connect script -- which is installed widely a...
CloudFlare Heading to Parallels Summit 2013
CloudFlare is heading to Parallels Summit in Las Vegas on Monday, February 4th to Wednesday, February 6th. We look forward to meeting and reconnecting with ...
2012
What We Just Did to Make SSL Even Faster
A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our networ...
Pushing Nginx to its limit with Lua
At CloudFlare, Nginx is at the core of what we do. It is part of the underlying foundation of our reverse proxy service. In addition to the built-in Nginx f...
CloudFlare and Parallels to Bring Website Performance and Security to Millions of SMBs
In early October we quietly announced our partnership with Parallels, a global leader in hosting, cloud services enablement and desktop virtualization. Para...
Choosing a Two-Factor Authentication System
We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 m...
Two-factor Authentication Now Available
With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their...
SEO and your website
*We get a lot of questions from our customers about CloudFlare and how we impact SEO. So when SEO.com signed up for CloudFlare, I thought it would be a grea...
The many sites of CloudFlare
Each day I get to trade notes with CloudFlare customers. I'm constantly amazed by the diversity of businesses that use the service from around the world. I w...