What is the Gibberish Hack?

Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard?”

But when you open the folder, you find a series of HTML files, each named with some kind of nonsensical phrases like “cheap-cool-hairstyles-photos.html.” If you open one of these files on the browser, you’ll likely be redirected to something you’re not expecting, such as a suspicious ecommerce site or an error page.

Continue reading What is the Gibberish Hack? at Sucuri Blog.

Experience + Technology: How We Clean Infected Websites at Sucuri

Our malware removal service is particularly effective because it combines automated and human elements. The process gets off to a quick start thanks to cleanup scripts developed by our threat researchers.

Real people also get their hands dirty handling tough work that shouldn’t be automated.

The automated scripts identify and remove a lot of website malware using the same threat definitions that power our Web Application Firewall (WAF) and SiteCheck website scanner.

Continue reading Experience + Technology: How We Clean Infected Websites at Sucuri at Sucuri Blog.

Evasion Tactics in Hybrid Credit Card Skimmers

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.

Though popular with bad actors, one of the drawbacks of this approach is that it’s possible to track requests to suspicious servers if you monitor the traffic generated by checkout pages — or any other infected pages.

A lesser-known, but still very popular, type of skimmer can instead be found harvesting information server-side.

Continue reading Evasion Tactics in Hybrid Credit Card Skimmers at Sucuri Blog.

What is a Website Defacement?

Website defacement is the most obvious sign of a hack. In these cases, bad actors who have gained access to an environment leave their mark through digital vandalism. For website owners, it means trying to access your homepage, only to find all of the code and content you’ve worked on replaced with something like this:

While many website hacks are designed for financial gain, website defacements are a different kind of hack.

Continue reading What is a Website Defacement? at Sucuri Blog.

Labs Notes Monthly Recap – May/2020

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture.

Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs Notes are usually shorter than blog posts and they focus on a highly technical audience.

This month, our Malware Research and Incident Response teams disclosed a WordPress plugin vulnerability and wrote about a web shell packer.

Continue reading Labs Notes Monthly Recap – May/2020 at Sucuri Blog.

What is FTP? Why use it to clean hacked websites?

The File Transfer Protocol (FTP) is a network protocol used to transfer files between a client server and a network. In other words, it is through FTP that we get text and images onto a website.

Why is FTP used to clean up a website?

Not only is FTP used to insert files into a website, It’s also necessary for removing malicious files left by a hacker. Let’s take a look at what FTP is and why we need access to it when cleaning infections and removing malware from websites.

Continue reading What is FTP? Why use it to clean hacked websites? at Sucuri Blog.

Pin It on Pinterest