Recent hacking news Archives - We Watch Your Website

Recent hacking news

We just received a notification: We are getting in touch to let you know about a stored XSS and a CSRF vulnerability in the Avada WordPress Theme versions prior to 5.1.5 (releases prior to April 4th, 2017). This is a security release for all previous versions and we strongly encourage you to update immediately. We have worked with ThemeFusion, the creators of Avada, to address this vulnerability, which...

Read More

I had been preparing this write-up for over a week now, but I see that SiteLock beat me to the punch in their blog. As some of you know, we specialize in root cause analysis. I've built an incredible engine to analyze how websites were infected. Some of it is correlation analysis - matching the infection patterns and traffic to previously serviced websites. Other times, it's just...

Read More

Investigating some interesting entries in log files from our customers, we see that hackers apparently are still looking for infected WordPress websites. First we see this: (IP address blanked to protect the infected) - - [28/Dec/2016:20:44:14 -0500] "GET / HTTP/1.1" 200 [qodef_highlight background_color="yellow" color="red"]72904[/qodef_highlight] "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" The big tipoff here is the size of the GET request: 72904. And then this: (IP address...

Read More