One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It’s another lesson for web users to be careful what they Continue reading Mal.Metrica Redirects Users to Scam Sites
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector Continue reading Thousands of Sites with Popup Builder Compromised by Balada Injector
A redirect happens when someone asks for a specific page but gets sent to a different page. Often, the site owner deleted the page and set up a redirect to send visitors and search engine crawlers to a relevant page Continue reading 6 questions about redirects for SEO
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect Continue reading How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning of 2023, this malware campaign had expanded to over a hundred domain names to redirect Continue reading Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of Continue reading From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious Continue reading SiteCheck Remote Website Scanner — Mid-Year 2023 Report
The notorious Error 404 Not Found stands firmly at the top of the list of most common website issues. Encountering this HTTP status code indicates that your requested page is nowhere to be found on the server. A 404 Page Continue reading What is Error 404? How to Fix & Troubleshoot 404’s On Your Site
Website owners and developers tend to buy a lot of domains. With different projects on the go and working with multiple different clients at any given time it can be a challenge to keep track of all your inventory. Sadly, Continue reading Abandoned US Congressional Website Used in Asian Gambling Spam Infection
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to Continue reading Malicious Injection Redirects Traffic via Parked Domain
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection Continue reading Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Finding bogus content and unexpected links for prescription drugs on your WordPress website can be a frustrating experience. But don’t blame your site: it just got caught up in a bad crowd of black hat SEO spammers and fell victim Continue reading How to Find & Fix: WordPress Pharma Hack
Late last year we reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. The sites themselves contained very little useful information to a regular visitor, but — more importantly — also contained Continue reading Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign
Your website’s search results and rankings are vital to the success of your online business. Better search visibility equates to more traffic — which results in more opportunities to convert leads into customers. And while it may be tempting to Continue reading What is Black Hat SEO?
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including Continue reading Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Weebly is an easy-to-use website builder that allows admins to quickly create and publish responsive blogs and sites. Website builder environments are usually considered to be very safe and not prone to malware infections, but during a recent investigation I Continue reading Finding & Removing Malware From Weebly Sites
A recent infection has been making its rounds across vulnerable WordPress sites, detected on over 160 websites so far at the time of writing. The infection is injected at the top of legitimate JavaScript files and executes a script from Continue reading Fake jQuery Domain Redirects Site Visitors to Scam Pages
Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more difficult for webmasters to detect or understand. Obfuscation can take many forms, such as encrypting Continue reading Infected WordPress Plugins Redirect to Push Notification Scam
Since 2018, our team has been tracking an interesting type of website infection where the tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code. However, Continue reading Chinese Gambling Spam Targets World Cup Keywords
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. Continue reading Massive ois[.]is Black Hat Redirect Malware Campaign