2018 Hacked Website Trends

Date aired: March 26, 2019

What is website malware? In this webinar, we’ll cover the most common website malware types, what various samples look like so you can recognize them, and also show you how they work.

Peter Gramantik - Webinar profile

Peter Gramantik

Senior Malware Researcher

Peter has been working in Information Security for over 12 years, currently as a Senior Malware Researcher at Sucuri. When he’s not on the clock, you can find him doing technical dives in deep and cold waters, playing guitar or ukulele, riding his Harley Davidson Sportster, or researching malware on his own. Follow him on Twitter at @petergramantik.

Questions & Answers


Question #1: What digital forensic tools do you use?

Answer: Generally, nothing special. I’m doing a lot of stuff manually in my Sublime Text 3 text editor with additional plugins. I’m also using Virtual Box for running a virtual machine where I’m doing some more dangerous stuff like running PHP malware with the EvalHook module to catch all the evaluated code. I’m also using various free online services like PHP Sandbox and JSFiddle. Sometimes, I’m also using http://ddecode.com/phpdecoder/ for decoding malware.

Question #2: Is there a 3rd-party application for scanning (open source) to check whether it’s a malware attack or not?

Answer: We have our free WordPress plugin and SiteCheck, however, they’re not open source. As far as I know, ClamAV is an open source antivirus. And while it’s more aimed at classic malware, it probably has also limited website malware detection included.

Question #3: Is there a way to scan a plugin before an installation?

Answer: You can use any AV solution to scan those files. Plugins in the WordPress plugin store could be generally considered safe. However, nothing is 100% safe and when a malicious plugin appears in the WordPress repository, the WordPress team removes this plugin as fast as possible.

Question #4: How do you, Peter, protect your home/business computer?

Answer: First of all, I’m using strong passwords which I’m changing on a regular basis. Also, whenever possible, I’m using 2FA authentication. I’m using Linux which is generally safer to work with malware than Windows (but nothing is 100% safe). And I’m very careful about what I’m clicking. Also, I’m using my work laptop only for work and nothing else – I don’t have an antivirus installed there since it would be constantly warning me about malware 🙂 On my home computer, I have antivirus software of course.

Question #5: Where is Sucuri Sitecheck located?

Answer:https://sitecheck.sucuri.net/ is its address. Otherwise, it’s running on our servers all around the world.

Question #6: My site has redirects, what should I do?

Answer:Redirects could be pretty tricky since they are usually not very big. You can try our WordPress plugin; SiteCheck might give a hint where a redirect is located as well. You can try to clean your site manually. My colleagues did webinars with a nice how-to description for WordPress, Joomla, and Magento. And of course, I recommend trying one of our plans. We’ll find and clean the malware from your site professionally.

Question #7: Can a website virus damage my computer?

Answer:No, but it can damage your bank account.

Question #8: Is it hard to decode obfuscated malware?

Answer:Depends on the experience. Things I was doing several hours years ago could take me a few minutes nowadays. But sometimes, I really spend up to an hour (and sometimes even more) to decode a complex malware and analyze it properly.

Question #9: My hosting is telling me that I’m infected but your SiteCheck says my site is clean. Why?

Answer:This could be exactly the case of the “hidden” malware type with no visible signs on site. That could be a backdoor or any similar type of malware. I strongly recommend getting a plan with us and ask our team to scan your site.

Question #10: Can they attack through email? I received a message from a form I have with dummy data during the night. The next day I saw my site has been hacked, even though we removed all the malicious files (and added Sucuri)…new malware was constantly adding.

Answer:Yes, it’s possible to get infected through an e-mail message, especially if there are any suspicious attachments (including documents) which were downloaded/executed or if it contained any links which you clicked on. I recommend doing a deep scan of your computer with some antiVirus solution, changing all your passwords, including password to your hosting products and FTP password. You can find a nice HowTo here: https://sucuri.net/guides/how-to-clean-a-hacked-website/.

See all Questions & Answers

Expand

Transcript

Name: Peter Gramantik – Title: Senior Malware Researcher

Peter Gramantik:Hello, everyone, and welcome to this webinar. My name is Peter Gramantik, and I’m a Senior Malware Researcher here in Sucuri. Let me tell you something more about me. I spent last 15 years in the antivirus industry, previously in AVG Antivirus company as a malware analyst specialist. Now, I’m six years in Sucuri—actually, it was six years three weeks ago—currently as a senior malware researcher. I started as a support analyst, and I used to clean websites directly since I joined Sucuri. In the last few years, I’m working on signatures, making sure we detect and clear everything correctly. I’m happily married. At least, last time I asked my wife if I am, she told me, “Yes, you are very happy.” So that’s cool. My job is my hobby, but of course, I’ve got other hobbies, as well. I love reg and cave diving and, generally, technical diving. I love underwater filming. You can probably find some videos of me diving in caves on YouTube. Of course, as I said, my job is my hobby, so finding new detection techniques is one of my greatest hobbies, as well. For this webinar, we are a little time limited. Since the world of malware is really complex, I’ll cover the following topics briefly. So in this webinar, you will learn what is the web malware, and how does it usually work? Here, we’ll fix the common malware definition. Where and how does it hide? I’ll show you three common ways where malware hides. What is the obfuscation and its most common methods? I’ll try to deobfuscate the magic word a little bit, and in the end of this webinar, I’ll tell you something about the mass infections and why you should never use pirated themes and plugins.

Peter Gramantik:So, what is malware? According to Wikipedia, malware, or malicious software, is any software intentionally designed to cause damage to a computer, server client, or computer network. Malware is with us since the first computer. The short history of malware, as I see it, can be divided into these three phrases. First, the economic times, then the wild times, and now the business times. In other words, in 1970, it was like, let’s see if we can destroy this computer. In 1990, it was like, let’s destroy this computer, ha, ha, ha. Now, since year 2000, let’s infect this computer secretly and profit from it. As I said, business times are, until now, only got really massive. In old times, they were just single persons were creating viruses and generating malware, and these were mostly academic attempts or joke attempts. Nowadays, we are seeing professional teams behind them. This results in much more major malware. Something still change since year 2000, and that’s the target. Nowadays, we have Internet. We have websites, stories we want to share. As an example, let’s say I have this awesome My Little Pony website, where I sell T-shirts with quotations from My Little Pony stories, which are so great that everyone buys my T-shirts. It’s just an example. This website is the new target. That’s why I’d like to change the definition a little bit by adding a website. So malicious software is any software intentionally designed to cause damage to a computer, server, client, computer network, or a website. I kind of feel that none of the previous terms fits the website. Our lives are moving to the virtual world, so the malware is following us. Websites are programs coded in some language, providing some input and output. As Murphy’s Law says, every known trivial program has at least one bug, and websites are programs. So the first vulnerable website was probably the first one created. The more complex they are, the bigger is the need for various frameworks and content management system. That leads to a somehow unified environment, and this unified environment of content management systems actually helps infections. When there’s a vulnerability and the attackers know, they can exploit it on the vast amount of victims, like thousands of websites, within one single vulnerability.

Peter Gramantik:Also, WordPress is the leader currently. Since not every is a programmer, me, as owner of My Little Pony blog, I go and download WordPress for that. It will be, sooner or later, vulnerable. In other words, it will be infectible by malware. So how does it actually work? In fact, there are only two main categories of malware. It’s this visible malware and this hidden malware. For example, this visible malware, like various defacements, redirects, unwanted pop-ups. When my site is infected with redirect, you, as visitor, are redirected from my website, My Little Pony website, to my competitor, who does much worse My Little Pony stories. You end up on his site instead of mine, and you are probably going to buy the T-shirt from him instead of me. That’s malicious behavior, right? You were fooled, because you wanted to visit my website. However, you are able to spot it easily. You know something happens just by visiting the site. You see some pop-ups or something, you are redirected somewhere. So that’s why, from my point of view, what’s more interesting and dangerous is this hidden malware. Oh, that’s like, yeah, it looks like we’ve been infected, and this pop-up covers part of my original content. This is exactly how this visible malware could look like in real life. As I said, you can spot it easily. So back to the hidden malware. We have various backdoors, CC stealers, blackhat SEO. This category of malware works secretly. You won’t see anything suspicious on your site, but hackers have now full control with. Of course, there are many subcategories, whatever. You won’t really notice. I’m having really interesting complete overview of malware on the next slide, and bam. Here we go again. This happens every time you are searching for something interesting. In this case, we’ve been infected by defacement, which is probably installed by using some backdoor. The attacker with backdoor has full access to your site and its content, and all the awesome My Little Pony stories are simply gone. Fortunately, you are probably Sucuri client, and we’ll fix this for you. You’re lucky. Those who don’t know anything about how cleaning could work, they’re not so lucky. For example, defacements are not so serious, on one side, like infection, because they usually just override the main index, the PHP file. Otherwise, they don’t do anything harmful, only your site is not visible. The only content there is this. You can see this. Sentences like, “We are legion. We do not forget. We do not forgive. Expect us.” Actually, it’s a little funny for me, because when I’m looking at this defacement, instead of thinking more about these hackers, I’m thinking more about having a pizza, because they sometimes use interesting color combination. Seriously.

Peter Gramantik:Back to the hidden malware. I’ve been talking about it, and I’d like to show you how a CC stealer, or a credit card stealer, works and why it’s so dangerous. This is example of malicious code in a legitimate Magento file. We can see here, in this slide, these highlighted lines, that it’s collecting some data, like the CC number, when the CC expires, CVV, some minor data like user age and IP client, but of course, name, address, city, country, et cetera. It sends everything it collected to some email, which is probably encoded here in the Base64 string, but it doesn’t matter now. This code simply sits here, does its job, sends the data to the attacker, and that’s it. You won’t know about that. Now your client is going to buy your My Little Pony T-shirt, but it will later cost him much more, because the attacker has their complete credit card information and will buy something with this credit card. Not now. Maybe in a few months, because they don’t want to point directly to your site. They want to keep it running, this malware running, as long as possible, but they’ll do that. They’ll abuse the stolen data. Since we have many fans, they’ll chat together on Facebook or various forums, and they’ll eventually find out that more of them had similar problems. This will be ultimately leading to destroyed reputation of your site and loss of your fans and your clients. Your business is done. In this case, the malware was buried down in the Magento file system, in one of those legitimate files. This brings the general question, where does the malware hide? The first choice is file systems, files. 9 of 10 malware creators recommend them. The malware is hidden somewhere in your site files. For example, clean WordPress installation has 1,713 files after installation. They are placed in 172 subfolders. A lot of places where you can hide malware, like this one you are looking at. Backdoor, which had probably some random name. We can probably directly delete the file, because it’s clear that it’s malware, but there are some others which are not so easy to spot, like, for example, this one. Where’s the malware here?

Peter Gramantik:This is obviously legitimate-looking code, but there’s a malware hidden somewhere. It’s here, only those highlighted lines. This is just a small piece of malware randomly placed with alleged-looking file. It’s sometimes very hard to spot. Sometimes it’s really not easy to find it, and sometimes it’s not even in the files. Number two is the database, the database infections. Modern content management systems use the database. Mostly, they store the real content there, and they use files just to keep the content management system running. Whenever the files are updated, the content your site has won’t change, because it’s still in the DB. The attackers are aware of this fact, and simple reinstallation of the CMS won’t fix your malware problem in case of database infection, because after reinstall, the malware is still there in the database. For example, in this case. I guess this is some redirect we’ve seen a few weeks ago in a mass wave. It just redirects your visitors to some completely malicious sites. Removing from the database could be tricky, because if common users are. Less experienced with data manipulation, they’re probably able to remove the basic malware from a file, like we saw earlier. But modifying DB content is not that easy. In this case the malware is placed within serialized data, and if it would be simply removed, it would break the site. So unless the serialization is handled correctly, it could- cleaning malware from a DB is pretty tricky. So please, be careful when touching your DB. It’s much more important than files. And of course there’s also a third possibility. Where malware could hide. And that’s a server-level infection. This is not classic website infection, as we know it, this is slightly out of scope of this webinar, but I wanted to mention it cause it happens and we are seeing that infections every now and then. The malware is not part of website files or DB but rather the whole server is compromised. And for example, some server modules are infected. So when such an infected web server module is infected, it attaches, the malware to every request from a visitor, like we request to open your website in your browser then we get your site, and as a bonus it gets malware. In from other malicious code. You won’t be able to find it in your files, you won’t be able to find it in your DB. Such infection is the hardest to find, and usually the whole server needs to be reinstalled in this case.

Peter Gramantik:But of course, there are much more simple techniques of hiding malware in your files or the DB. And that’s where obfuscation comes in place. So what is this obfuscation? It’s actually an action to make something unclear, obscure. Makes the code unclear, hard to decode. Helps to hide it. And it makes it hard to spot. Not that there’s nothing more behind one word, and let me show you some types of obfuscations we know. There’s just a few basic types of obfuscation, first one is packers. You can- by packing your code you can hide easily any suspicious code parts. By using some shrinking and [inaudible 00:15:33] which makes the code smaller, and in fact much much harder and sometimes completely impossible to read. Faking legitimate code, that’s pretending to be legitimate part of the site and it’s formatted and it’s wrong. Random names, that’s evergreen, variables, functions, other code objects are just random, random letters. Kind of opposite of obfuscation is also using undocumented functions or less used functions which are not so straightforward to understand. And actually abuse them in some way, using it- using them in not intended way. And last, last one from this small list could be placing the malware in random places. I know we saw it earlier, the malware was placed in a random place within the legitimate code. So let’s take a look at a few examples. Like on this screen, this is a typical packer. It’s impossible to tell whether it’s malicious or not, without the obfuscation. Legitimate content is, or file, is on the top, here this one is legitimate. The malicious is in the bottom, but without the code [inaudible 00:16:52] we are lost. This is why creating signatures is not a trivial task, and that’s why every antivirus is generating false positives. Sometimes it’s really hard to decide whether the code we are looking at is malicious or legitimate, and as you can see, even authors of legitimate software are using obfuscation. Possible to protect their code against piracy, but I’ve got my own suspicion that maybe their main goal is to make our work as security analysts as difficult as possible. Why? It usually takes me a few seconds or maybe up to minutes to get through such obfuscation. And if I could do that, anyone can do. And especially pirates. They can. And I like to take this place to greet, especially my plugin developers, I really love to identify and removing false positives on their code, that’s just brilliant. Just kidding. Greetings and thanks.

Peter Gramantik:And anyway, another example of obfuscation could be faking the legitimate code. Like on this screen. This looks legit on the first look, but when you try to understand how it works, you’ll notice some suspicious functions. Like why a routine doing something with mindful mapping, which we have here, why should it touch any directories and prepares of directories. This kind of a sign that something is not right. In this case, and I had to study the file more, and understand every aspect of the code, and in the end it turned out that after putting some commas there, regarding real functionality, it turned out it’s just another vector. Evaluating something stored in a file, which pretended to be an image, not sure where- where is it, right here, over here. That’s what I decoded, but in the end it was really just a vector. And I’m a little sorry about the quality of the image, because of- I took it from my blog post I wrote about this infection. And if you’re interested in more in obfuscation and techniques and if you want to read some nice articles, I recommend checking for links we have in our blog. First link is mine, of course, because I’m proud of my work. Obfuscation for legitimate appearance. It’s obfuscation as I just demonstrated. There are a lot of other very interesting articles such as these two from my colleagues Denis Sinegubko and Rodrigo Escobar. They’re really, really great. And you can actually find other articles in our blog as well under tag obfuscation. I’d like to show you one more sample, and this time it’s about how deobfuscating malware could look like. We are not going much into technical things but, this is nice classic obfuscation. It uses random variable names, random function names, and everything is put together piece by piece, from these small portions and in the end, it gives us another big door here, that’s decoded or deobfuscated malware. Right. We have another big door, it’s getting spelled from some managed aside and evaluating it through the assert function here. And it’s actually obfuscation of itself, because of assert function is primarily used for debugging code, not actually developing it. So, it’s obfuscation, it’s abused, this function is abused, and that’s what obfuscation means too.

Peter Gramantik:Since our time is running out a little bit, as I promised I am going to cover briefly on some mass infections and the third part, software issues. So, what are mass infections? Infections spreading through thousands of websites. Out of nowhere, we just start to see a lot of same, identical infections in our clients sides. And this is a mass infection indicator. And the common enter point now for such a mass infection is a vulnerability in the outer software. And usually, such vulnerability leads to secondary infections. The attackers are for example, able to upload a small malicious code like small back door it’s not always very easy to exploit the vulnerability. But that small back door could be- could be uploaded somewhere, and using this back door the attackers later able to do almost anything you can imagine- anything- any evil action you can imagine, like injections of spam, other redirects, even more back doors like web shells and so on. To gain complete control. The problem is usually on shared hostings, where the permissions are not set correctly. This environment- these are environments where one side infects another side, and inside the shared space is this leading to cross-contamination and it’s really hard to mediate. Really nice example of such mass infection was this vulnerability in malware plugin for WordPress, this was a pretty serious infection wave where thousands of websites were compromised, I guess it was in the year 2014, and if I remember correctly, the infectors even broken their and under some conditions it was breaking the infected sites. So, you can imagine how big a mess was it. Thousands of sites infected, some of them corrupted. Just because of this malware and this mass infection. And, as I said the problem was in third-party vulnerable software. So what all does this mean? What am I talking about? I mentioned it in the beginning of this webinar that every code has at least one bug. In theory, if you use just a clean WordPress without any plugins, there would be definitely some bugs. But thanks to the extensive curative process, the progress WordPress has. Hopefully, no easy exploitable holes are released. Hopefully. The situation is different with third-party software, such as plugins. They- most programs don’t have such an extensive curative process and there are also other risks. And generally, the more plugins you have, the bigger is the risk of serious exploitable vulnerability in your website. And because of- you need to think about these plugins as a place where a bug can appear.

Peter Gramantik:And these other risks are- and we are seeing it- the cases of hijacked plugins which the developer simply quit, they let the plugin to live it’s own life, but the bug took this chance, the hackers edit something there, took over the code. And with the next update of the plugin, that you used probably for several years, you are infected out of nowhere. And whoa, my side is down. And of course there is the risk of this pirated themes and plugins, because if you want to see something you really like and you want to put it on a blog, but you don’t have money for that or you just think that maybe you don’t want to pay for that, even though the developers spend numerous hours on building that theme, you just go Google it and just download it somewhere for free. Right? Only for free is not always free. Because usually, in this pirated world of themes, as we call them, there are spams and even back doors directly included. And your side gets infected within minutes or days. So that’s probably it. I hope I gave you some basic review about malware and how it works, but it’s just so complex stuff that it could take several books probably, or one really thick to cover it completely. Also I’m slightly better in writing probably than speaking, so if you’re interested in more in malware and virus cases, or case studies, just search for some- my blog both post and both of my colleges. So that’s it thank you for your attention and now it’s time to have a beer, I forget to take one, sorry, but before the end I’d like to point you to my new book Local series the Anatomy of website malware, where I will be covering this topic in many more details. Describing many forms of malware and it will have a lot more details. So if you have any questions I’ll be happy to answer them, thank you for your attention.

Nicole Gerren:Thank you Peter. Great job, thanks for presenting, we have several questions actually coming from Q&A and chat and we see you here on Facebook live too so we’ll get through what we can through the recording but everything will still be answered no matter what by Peter, we’ll have a written transcript later, specially for those who may have missed a little bit of this, no worries we have it all there later for you at our Sucuri.net webinars. Let’s start with question one we have “My site has redirects what should I do?”

Peter Gramantik:And this is still level one Northon?

Nicole Gerren:Yeah exactly. This is just level one, the unprotected machine is not actually been taken down, it’s just slowing a lot, and hurting the visitor experience.

Peter Gramantik:Redirects well, based on my experience redirects are usually pretty hard to find so you can for sure check your site files, check your DB if you find anything malicious try to remove it responsibly to know what your doing, or you can of course check the webinars my colleges did recently, I guess they were talking about how to clean infected WordPress how to clean infected Joomla and so on. So that could give you some hints how to, what to do in case of infection generally not only redirects or of course you can go with Sucuri and buy one of our plans and we’ll do that for you. That’s it.

Nicole Gerren:Alright it looks like Tony is asking you “Peter what do you use for digital forensic tools?”

Peter Gramantik:Usually I am using my TextPad, almost for everything of course I am using some virtual machines but generally no not really some fancy tools like debuggers and so on, just basic text editors where I’m doing a lot of stuff manually and when I am writing signatures sometimes I am using like a regex services so just standard tools. And I’m trying to do everything in virtual machines to keep myself safe.

Nicole Gerren:Makes sense totally. Lets see we have also “Can website virus damage my computer?”

Peter Gramantik:No. No it can’t but it can damage your bank account. That’s it.

Nicole Gerren:No that is it. “Is it hard to decode obfuscated malware?”

Peter Gramantik:Well that depends on the experience sometimes it takes like a few seconds when you know what your doing and when the obfuscation is not so serious, sometimes it could take like half a day or at least several hours. As I said it depends on your experience it’s like driving a car when you started to learn how to drive a car you are very slow you are trying to be aware of everything, you are sometimes confused with the pedals and everything and you are doing everything slowly, after a few years you get probably into some races and so on and you are doing everything quickly. Things that took me few hours like five years ago or ten years ago I could do like in probably in a few minutes now a days.

Nicole Gerren:Evolutions. Crazy. I see Nelson in chat we have been asking “Can they attack through email?” He received messages from a forum with dummy data during the night and the next day he saw his site had been hacked with malicious files but and added us but the malware was still coming through.

Peter Gramantik:That depends there are various infection types. Not only this web malware but there are also standard virus’ for coders and yes you can get infected through email. Sometimes even by opening email there’s something and you basically have to and there’s some exploit that exploits your computer. The common virus for the computer is downloaded or installed to your computer and it for example gets all your key press or keys that you press and this way it could check your for your FTP password or your admin password from WordPress and this whole chain could result in the infection of your website, so yes emails are dangerous.

Nicole Gerren:Okay. Back to one if we can, yeah we still have a little time, lets see. “Is there a third party application for scanning like open source to check whether its a malware attack or not?”

Peter Gramantik:Well there is a third party application, third party application even our site check, our site check you can use to scan your website and it will give you awesome results and if there’s something suspicious site check will detect that and give you the detection details. So yes and of course there are other antiviruses. We at Sucuri are providing antiviruses as well in fact if you go without plan we are providing you not only cleaning of infected website but also monitoring and scanning services so we are scanning your files, your site and everything so yeah we are a third party as well. If that answers the question.

Nicole Gerren:Yeah, I believe so, yeah they also had still another one a site check but “My hosting is telling me that I’m infected but your site check says my site is clean? Why?”

Peter Gramantik:Okay got it. As I was talking with Sanche this is a pretty nice question because of that’s just by design SiteCheck is designed to check only the website by design its able to detect only the visible malware which is visible on the website for the bitcam for the files there are other products like our server site scanner so its a check from outside and a check from inside. If the hosting told the visitor that the website owner that his site is infected and SiteCheck doesn’t see this infection that’s probably down in the files and its hidden as I was showing that there were two types of malware these hidden back doors and so on they are simply there not having any visible signs. So that’s why you could use probably our plugin for WordPress or our server site scanner which can detect this virus for you. Probably this is the case.

Nicole Gerren:Okay, if we can get one more in well its a few from, I see you John on Q&A and for everybody else in chat I dropped a link to SiteCheck also to Peters blog post he just put in here in the slide so your welcome to that and John’s asking “How do you protect your home business computer and where is the Sucuri SiteCheck located?”

Peter Gramantik:Where is the Sucuri SiteCheck located? The Sucuri SiteCheck is located in our servers as far as I know we have several servers huge servers and they are home of SiteCheck. Otherwise I have no more details because I am not a network guy, sorry. Anyway how I protecting my home business computer I’m using strong passwords, I’m using two step authentication always and I’m really very careful about what am I clicking at and also I am using Linux that’s kind of a security measure in itself. That’s probably it. I can’t have antivirus solution on it because I am working constantly with malware and it would be always beeping beeping beeping, bad malware bad malware bad malware, I don’t want to do that so no antivirus for me but absolutely recommend having an antivirus of your choice.

Nicole Gerren:Perfect love it. Okay I think that’s all if there’s other questions again we’ll get to them Peter has, thank you for taking so much time you know you have a busy day being our senior malware researcher so we appreciate you, I appreciate the audience for joining us I hope you did enjoy this found it beneficial. Peter I am going to drop off so you can say your goodbyes as well but links are everywhere you get all this written, transcript, video and everything this recording little bit later. Thanks.

Peter Gramantik:Okay. Thanks everyone as well for the attending this webinar and hopefully will see us again in some next webinars. See you and stay safe. Bye.

See Full Transcript

Expand

Similar Past Webinars

In the website security community, our name is known for fast site hack cleanup and responsible vulnerability disclosure. As thought leaders in website security, we are committed to sharing what we know. Follow our concise and helpful website security guides and tutorials so you can learn how to clean and secure your website.

Resources

Picture of presenter of 2022 Website Threat Report Webinar

Webinar – 2022 Website Threat Report Webinar

Join us on April 5th as we cover the latest findings from our 2022 Hacked Website Threat Report. We’ll shed light on some of the most common tactics and techniques we saw within compromised website environments.

Picture of presenter of Virtual Patching Webinar

Webinar – Virtual Patching Webinar

All software has bugs – but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. In this webinar, we dive into the steps you can take to migrate risk from infection and virtually patch known vulnerabilities in your website’s environment.

Picture of presenter of Hacked Website Threat Report 2021

Webinar – Hacked Website Threat Report 2021

The threat landscape is constantly shifting. As attackers continue to hone their tools and exploit new vulnerabilities, our team works diligently to identify and analyze threats posed to webmasters. Join us on July 6th as we cover the latest findings from our Hacked Website Threat Report for 2021.

Picture of presenter of Logs: Understanding Them to Better Manage Your  WordPress Site

Webinar – Logs: Understanding Them to Better Manage Your WordPress Site

In this webinar we will highlight the various activity, access, and error logs WordPress site administrators have at their fingertips. Plus, learn how logs can best be used to manage, troubleshoot, and most importantly, secure your sites.

Picture of presenter of Personal Online Privacy

Webinar – Personal Online Privacy

In our latest webinar, we'll describe action items that can improve the security state of internet-connected devices we all use every day. These devices will include common household staples such as: WiFi Routers, iOS/Android devices, and personal computers.

Picture of presenter of Why Do Hackers Hack?

Webinar – Why Do Hackers Hack?

Join us as we delve into the minds of hackers to explain targeted attacks, random attack, and SEO attacks. Find out why bad actors target websites.

Picture of presenter of WAF (Firewall) and CDN Feature Benefit Guide

Webinar – WAF (Firewall) and CDN Feature Benefit Guide

A feature benefit guide for our agencies and end users. Why use our firewall? What kind of protection does it offer? How does it affect the efficiency and speed of my site? Will it affect my server's resources? Find out the answers to these questions and more in our webinar…..

Picture of presenter of Preventing Cross-Site Contamination for Beginners

Webinar – Preventing Cross-Site Contamination for Beginners

Cross-site contamination happens when one hacked site infects other sites on a shared server. This webinar is for beginners and web professionals to understand cross-site contamination and how to prevent it…..

Picture of presenter of Getting Started with Sucuri!

Webinar – Getting Started with Sucuri!

If you're considering security for your site or are new to our services, this webinar will guide you through Sucuri's simple setup processes. Potential notifications, support options for various scenarios, and ways that you can also work to keep your site malware-free will be discussed…..

Picture of presenter of How to Account for Security with Customer Projects

Webinar – How to Account for Security with Customer Projects

Learn how you or your agency can account for security with your client projects. Presented by Sucuri Co-Founder, Dre Armeda, this webinar shows how you can get involved and help clients who are not aware of some of the security risks involved with managing a website…..