Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of Continue reading JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to Continue reading Web Shells: Types, Mitigation & Removal
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with black hat SEO tactics, or inject content — the range of possibilities for misuse is Continue reading What is .htaccess Malware? (Detection, Symptoms & Prevention)
Experiencing a “This account has been suspended” warning on your website can be both confusing and alarming. This message means that your hosting provider has put your site on a temporary hold. The reasons for an account suspension can range Continue reading Fixing Website Hosting Issues: “This Account Has Been Suspended”
One of the most frequent problems that we observe in website hosting environments is “cross contamination” — the lateral movement of an attacker between websites. Cross-site contamination occurs when a site is infected by neighboring sites within the same hosting Continue reading The Dangers of Lateral Movement & Website Cross Contamination
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to secure your site and server from attacks and malware. In today’s post, we’ll be outlining Continue reading How to Harden & Secure a Website (12 Steps)
Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being compromised from their checkout page. The website owner had even been contacted by a major Continue reading Compromised OpenCart Payment Module Steals Credit Card Information
A question we frequently get from new users as they’re onboarding is: why does WordPress get hacked? Of course, this question makes sense in this context; it’s extremely frustrating to find out that your WordPress website has been compromised and Continue reading Why WordPress Gets Hacked
Out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. Best practices suggest you take a few of these steps to harden WordPress and protect your environment against bad Continue reading How to Harden WordPress: A Basic Overview
The php.ini file, a critical configuration file containing your web server’s PHP settings, is integral to the functioning of your website. Each time PHP initiates, your system hunts down this file to identify directives that will be applied to your Continue reading What is php.ini? Where It’s Located, How to Edit & Common Directives
One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. Continue reading New Guide on Secure VPS Configuration
What is an SSH brute force attack? An SSH brute force attack is a common form of attack that targets remote services, particularly unix-based servers running SSH services for secure remote connections. These attacks often involve automated tools and bots Continue reading How to Prevent SSH Brute Force Login Attacks
Running a website isn’t easy, but modern content management systems (CMS) like WordPress have revolutionized the way you can manage your website. Headless CMS solutions take this a step further, decoupling the back-end source of the website content from its Continue reading What is a Headless CMS?
Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your blog, or even collect payment details. But if your forms Continue reading Input Validation for Website Security
Thanks to the rapid growth of JavaScript frameworks like Angular, React, and Vue, Cross-Origin Resource Sharing (CORS) has become a popular word in the developer’s vocabulary — and for good reason. It’s common practice for modern web applications to load Continue reading What Is Cross-Origin Resource Sharing (CORS)?
Most people would agree — living in a house full of accumulated debris and unnecessary objects can create a chaotic environment, and even cause health problems. This scenario is easily applicable to your website, too. You can think of your Continue reading 7 Tips to Clean & Maintain Your Website