Website owners and developers tend to buy a lot of domains. With different projects on the go and working with multiple different clients at any given time it can be a challenge to keep track of all your inventory. Sadly, Continue reading Abandoned US Congressional Website Used in Asian Gambling Spam Infection
Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections resulting from known website vulnerabilities continue to plague website owners. According to our 2022 Hacked Website Report, last Continue reading How to Scan A Website for Vulnerabilities
We’ve all received spam and phishing emails — our inboxes are often full of them. They let us know that our package is being delivered (even when we haven’t ordered anything), provide details on our “recent” tax filing (that was Continue reading How to Recognize & Avoid Phishing Emails: A Cautionary Tale
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file: This script fetches a list of links Continue reading Massive Google Colaboratory Abuse: Gambling and Subscription Scam
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to Continue reading Malicious Injection Redirects Traffic via Parked Domain
The php.ini file, a critical configuration file containing your web server’s PHP settings, is integral to the functioning of your website. Each time PHP initiates, your system hunts down this file to identify directives that will be applied to your Continue reading What is php.ini? Where It’s Located, How to Edit & Common Directives
One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. Continue reading New Guide on Secure VPS Configuration
With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating Continue reading How to Quickly Find & Fix Mixed Content Issues (SSL/HTTPS)
Ever had an uninvited guest crash your party, resulting in chaos, confusion, and some unhappy visitors? Well, SEO spam is that party crasher — just for websites. Why should you care, you ask? Well, just imagine your meticulously crafted website Continue reading Spamdexing: What is SEO Spam & How to Remove It
Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good malware does best! We have recently observed attackers leveraging both excessive amounts of unicode as Continue reading Remote Code Execution Backdoor Uses Unicode Obfuscation & Non-Standard File Extensions
When we think about website malware, visible infection symptoms most often come to mind: unwanted ads or pop-ups, redirects to third party sites, or spam keywords in search results. However, in some cases these very symptoms are the results of Continue reading Demystifying Website Hacktools: Types, Threats, and Detection
In the realm of WordPress security, there’s a powerful tag team working tirelessly behind the scenes to safeguard your website’s login process. Meet salts and security keys, the cryptographic wonders responsible for protecting the sensitive information housed within the cookies Continue reading What Are WordPress Salts & Security Keys?
A 403 error can be a frustrating interruption to anyone’s day; it can lead to exasperated website visitors, even leading to lost traffic and website revenue depending on the affected page. When you (or your site visitors) encounter an unexpected Continue reading What is a 403 Error & How to Fix It
WordPress, like other open-source content management systems, allows you to enhance your website’s appearance and functionality through custom code and third-party components like plugins and themes. It’s these extensions that allow you to publish content with added functionality for your Continue reading How to Update, Install & Remove WordPress Plugins & Themes With WP-CLI
Welcome to another installment in helping website owners secure their digital assets, this time with a focus on the world of ecommerce. If you’re an ecommerce website owner, you’re likely aware that online stores face a unique set of challenges Continue reading How to Secure Your Online Store: A Ecommerce Security Primer
Welcome to the world of keyloggers, where every keystroke you make may be watched, recorded, and potentially used against you! Now that we’ve got your attention, let’s dive into the somewhat unsettling realm of these sneaky little digital spies. In Continue reading What Is a Keylogger?
On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Continue reading Vulnerability in Essential Addons for Elementor Leads to Mass Infection
On May 16, 2023, the WordPress core team released a crucial update — WordPress 6.2.1. This latest security and maintenance release addresses a number of bug fixes and vulnerability patches, including an unauthenticated Directory Traversal vulnerability, unauthenticated Cross-Site Scripting vulnerability, Continue reading WordPress 6.2.1 Security & Maintenance Release
It’s not often that we get the opportunity to write about website defacements on this blog. Defacements — where a website homepage is replaced with a hacker logo or some sort of political or religious message — are usually fairly Continue reading Websites Defaced with Belarusian Bottled Water Company Content
As a website owner (and frequent website visitor), you might have encountered the notorious ERR_SSL_PROTOCOL_ERROR at least once. This Secure Sockets Layer (SSL) error occurs when the browser fails to establish a secure connection with the website, usually due to Continue reading Troubleshooting ERR_SSL_PROTOCOL_ERROR: How to Fix this Pesky Error in 6 Steps