HackDig : Dig high-quality web security articles for hackers

“Fancybox for WordPress Has Expired” Infection

Today I began to notice quite a massive and very unusual attack that leverages vulnerabilities in older versions of the FancyBox for WordPress plugin. As you might know, versions 3.0.2 and older of this plugin allowed anyone to craft special POST requests to /wp-admin/admin-post.php or /wp-admin/admin-ajax.php and change values of specific plugin options in
Publish At:2015-04-02 02:20 | Read:3731 | Comments:0 | Tags:General Short Attack Reviews Website exploits April1 Fancybo

Darkleech Update – November 2014

Just wanted to document some latest changes in Darkleech behavior that may help you detect it. I’d like to thank internet security enthusiasts who share their findings with me. Without you, I could have easily missed these new (?) details. Quick recap Darkleech is a root level server infection that installs malicious Apache modules. The modules inject
Publish At:2014-11-27 18:15 | Read:4227 | Comments:0 | Tags:Short Attack Reviews Website exploits Apache Darkleech Emula

Rich Snippets in Black Hat SEO

Competition in search marketing can be tough. Regardless of number of businesses/products/services relevant to a specific keyword there is only one top position and unless it’s your site at the top you miss out on the hefty share of the search traffic generated by that keyword. The lower the result is displayed the less attention it gets. Even if you a
Publish At:2014-08-15 20:40 | Read:4829 | Comments:1 | Tags:Website exploits black hat seo cloaking doorway google rich

Cloaking: Think Outside of [Your] Box

Cloaking in SEO is defined as a technique in which the content presented to the search engine spider is different from that presented to the user’s browser (Wikipedia). But in case of hacked sites, cloaking is more tricky than just different content for search engines and for real users. It can also be different content for different types of users. Mo
Publish At:2014-08-15 20:40 | Read:5550 | Comments:0 | Tags:Website exploits black hat seo cloaking hidden links Joomla

Rotating Iframe URLs – One a Minute

Earlier this week, Sucuri wrote about auto generated iframes in hacked WordPress blogs. The malicious PHP code fetched the iframe URLs from a remote server (hxxp://82 .200 .204 .151/config.inc.php) on-the-fly every time someone loaded infected web pages. This trick helped regularly update the malicious URLs without having to change the code on each hacked si
Publish At:2014-08-15 20:40 | Read:18809 | Comments:0 | Tags:Website exploits htaccess iframe Joomla nginx redirects Unit

FTP Brute Force Attacks?

Hacking websites using FTP access has been one of the most popular attack vectors during the last few year. I can still see many massive site infections done via FTP. In most cases, the first step of such attacks is stealing FTP credentials from local computers of webmasters. Back in 2009, I described how PC malware stole passwords saved in popular FTP clien
Publish At:2014-08-15 20:40 | Read:6472 | Comments:0 | Tags:Website exploits brute-force FTP log analysis

Invasion of JCE Bots

Joomla has been one of the most popular CMS for a long time.  It powers a huge number of sites.  That’s great! The flip side of this fact is Joomla has been very popular for a long time and there are still very many sites that use older versions of Joomla as well as older version of Joomla components. For example, the 1.5.x branch of Joomla (2008-2010)
Publish At:2014-08-15 20:40 | Read:5685 | Comments:0 | Tags:Website exploits exploit JCE Joomla


Tag Cloud