Blog - We Watch Your Website
 

Blog

I had been preparing this write-up for over a week now, but I see that SiteLock beat me to the punch in their blog. As some of you know, we specialize in root cause analysis. I've built an incredible engine to analyze how websites were infected. Some of it is correlation analysis - matching the infection patterns and traffic to previously serviced websites. Other times, it's just...

Read More

Google recently published a blog post stating that website infections were up in 32% in 2016 compared to the previous year. Some of you will be thinking, Yeah, you want to scare everyone into thinking they need your service Nothing could be further from the truth. I started this company to address the need of the market. Our focus is and has always been, those website owners who don't have...

Read More

It seems like everyone likes to save money. Often times when it comes to hosting websites, that frequently means you select shared hosting. Shared hosting doesn't mean that you share the same file system as websites on other hosting accounts. It simply means you share the server. We've been removing malware from websites since 2007 and during our time in this industry there have only been a couple...

Read More
behavior analysis for website malware detection

One of our customers recently received an email from their hosting provider. The hosting provider stated the hosting account had malicious website files. The customer forwarded it to us: Dear CUSTOMER, During a routine scan, the security team at HOSTING_PROVIDER discovered infected files in your "customer name" account. Typically, these security vulnerabilities are due to the presence of an outdated application or script in your account. You can view a list of...

Read More

Investigating some interesting entries in log files from our customers, we see that hackers apparently are still looking for infected WordPress websites. First we see this: (IP address blanked to protect the infected) - - [28/Dec/2016:20:44:14 -0500] "GET / HTTP/1.1" 200 [qodef_highlight background_color="yellow" color="red"]72904[/qodef_highlight] "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" The big tipoff here is the size of the GET request: 72904. And then this: (IP address...

Read More