One of our customers recently received an email from their hosting provider. The hosting provider stated the hosting account had malicious website files. The customer forwarded it to us: Dear CUSTOMER, During a routine scan, the security team at HOSTING_PROVIDER discovered infected files in your "customer name" account. Typically, these security vulnerabilities are due to the presence of an outdated application or script in your account. You can view a list of...
Read More
Investigating some interesting entries in log files from our customers, we see that hackers apparently are still looking for infected WordPress websites. First we see this: (IP address blanked to protect the infected) - - [28/Dec/2016:20:44:14 -0500] "GET / HTTP/1.1" 200 [qodef_highlight background_color="yellow" color="red"]72904[/qodef_highlight] "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" The big tipoff here is the size of the GET request: 72904. And then this: (IP address...
Read More
I know I've ranted about this before, but I recently read this in an article about WordPress security: Preventing Cross-Site Contamination Shared hosting services are popular among businesses to host their WordPress blogs. Unfortunately, such shared services open the possibility of cross-site contamination. This is essentially a strategy that hackers use to attack a website by gaining access to another website in your shared server. One way...
Read More
You might imagine that find and removing website malware is relatively straightforward, right? Find malicious code and remove it. Easy right? Most website malware removal services work on signatures. These signatures positively identify a string of text in your website files. This method is very fast. The average WordPress website has about 1,900 files. This is regardless of how many posts you have (posts are stored in the database)....
Read MoreI get real tired of people reading something online and then thinking it's the real truth. Of course, this blog post falls into that category too, but I will explain. Over this past weekend I read an article about best practices for making your website more secure. It was a great article about some general tasks to perform to keep your website secure. However, the comment...
Read More
We're always asked, "What can be done to stop hackers from infecting my website with malware?" In this post, we will provide you with some answers....
Read More