infected WordPress websites Archives - We Watch Your Website

infected WordPress websites Tag

behavior analysis for website malware detection

One of our customers recently received an email from their hosting provider. The hosting provider stated the hosting account had malicious website files. The customer forwarded it to us: Dear CUSTOMER, During a routine scan, the security team at HOSTING_PROVIDER discovered infected files in your "customer name" account. Typically, these security vulnerabilities are due to the presence of an outdated application or script in your account. You can view a list of...

Read More

Investigating some interesting entries in log files from our customers, we see that hackers apparently are still looking for infected WordPress websites. First we see this: (IP address blanked to protect the infected) - - [28/Dec/2016:20:44:14 -0500] "GET / HTTP/1.1" 200 [qodef_highlight background_color="yellow" color="red"]72904[/qodef_highlight] "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" The big tipoff here is the size of the GET request: 72904. And then this: (IP address...

Read More