Personal Security Guide – iOS/Android
We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal information. Website owners should consider how their entire digital life can impact the security of their website and visitors.
If your phone is compromised, website access can be impacted through access to credentials and sensitive apps like email. I will also admit that some of this is a bit paranoid and has to do more with privacy than security – but for me, both go together.
Continue reading Personal Security Guide – iOS/Android at Sucuri Blog.
Decoding Complex Malware – Step-by-Step
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase the chances of reinfecting the site and maintaining access for as long as possible. Our research finds that in 67% of the websites we clean, there is at least one backdoor variant.
Although we have hundreds of posts on backdoors and their effects, today we want to discuss a few techniques and provide in-depth technical knowledge on how to decode an advanced piece of malware.
Continue reading Decoding Complex Malware – Step-by-Step at Sucuri Blog.
How to Restore Website Backups from the Command Line
Earlier this week we wrote about how to use command line tools to back up your website. Check out our previous article for details on how we create these backups.
In case the worst happens, you might need to restore your backup. No worries. We can easily do this from the command line too! Basically, we are going to do the same thing, but in reverse.
Restoring Backup Files to the Server
We are going to use the scp command again, except this time the syntax will vary a little since we need to upload our backup file to the server, not the other way around.
Continue reading How to Restore Website Backups from the Command Line at Sucuri Blog.
How to Create Website Backups Using Command-line Tools
Creating website backups should be one of the most important recurring tasks for a website administrator, and yet backups are often forgotten when thinking about website security.
Creating backups using command-line tools are available to all Linux/Mac users for free. If you’re not on Linux/Mac, we have step-by-step guide on how to create website backups using software with a graphical interface that works on Windows.
This post is not intended to provide a complete solution for backups, but instead, for someone who has the time and wants to learn a few basic command-line tools that can be used to create backups.
Continue reading How to Create Website Backups Using Command-line Tools at Sucuri Blog.
Setting Expectations For Your Website Security
I have a website. Sweet! What happens next?
Well, it’s a natural question. I had a brilliant idea and purchased a domain name, but what do I do next? Storks don’t fly by to deliver a basket of tasks upon the purchase of your domain.
For most new website owners, a core understanding of expectations is crucial. There are a lot of boxes to check off during the deployment of your website, but security and convenience are core components of the decisions you’ll have to make.
Continue reading Setting Expectations For Your Website Security at Sucuri Blog.
Register My Backdoor – Unorthodox Invocation Mechanisms
Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to retain access to your site and reinfect it later, whenever they see fit.
From time to time we come across unique backdoors that don’t involve the usual PHP functions like eval, create_function, preg_replace, assert, base64_decode, etc.
These unusual backdoors often look like legitimate code without any obfuscation tricks like encrypted strings, concatenations, and typecasting.
Continue reading Register My Backdoor – Unorthodox Invocation Mechanisms at Sucuri Blog.
Labs Notes Monthly Recap – June/2017
This month, our Malware Research and Incident Response teams wrote about redirects that deliver malware and ads to visitors, as well as a backdoor method that attempts to hide from webmasters by using undefined variables.
Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past monthly recaps to catch up on trends we look at every month.
Continue reading Labs Notes Monthly Recap – June/2017 at Sucuri Blog.
What is Cross-Site Contamination and How to Prevent it
If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contamination.
Cross-site contamination is when a site is negatively affected by neighboring sites within the same account/server due to poor isolation on the server and/or account configuration. This phenomenon is one of the greatest contributors to the VPS/Dedicated/Shared hosting secure or insecure debate.
The greatest contributor to cross-site contamination is what I call soup-kitchen servers.
Continue reading What is Cross-Site Contamination and How to Prevent it at Sucuri Blog.
Code Injection in Signed PHP Archives (Phar)
PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts some additional security benefits by signing archives with a digital signature, disallowing the modification of the archives on production machines.
According to the official PHP documentation:
Phar can compress individual files or an entire archive using gzip compression or bzip2 compression and can verify archive integrity automatically through the use of MD5, SHA-1, SHA-256 or SHA-512 signatures….
Continue reading Code Injection in Signed PHP Archives (Phar) at Sucuri Blog.
New Guide on How to Clean a Hacked Drupal Sites
Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. For these reasons and more, it’s favored by technical developers and many large websites, including .gov and .edu domains.
With its popularity among enterprise and mid-market users, there is a strong focus on security within the community. Even with this, there is no software in the world that can claim to be immune from hacks and vulnerable code.
Continue reading New Guide on How to Clean a Hacked Drupal Sites at Sucuri Blog.