PerezBox

Tony Perez On Security, Business, And Life

  • Security
  • Business
  • Life
  • About
  • Contact
Securitystandard post icon

ANALYZING SUCURI’S 2018 HACKED WEBSITE TREND REPORT

Published in Security on April 15, 2019

The Sucuri team recently released their second annual security report for 2018 – Hacked Website Report 2018. It looks at a representative sample of infected websites from the Sucuri customer base ONLY. This report helps understand the actions taken by bad actors once they penetrate a website.

This report analyzed 25,466 infected websites and 4,426,795 cleaned files; aggregating data from the Threat Research Group. This is the team that works side-by-side with the owners of infected websites on a daily basis, and are also the same team members that generate a lot of the research shared on the Sucuri Blog and Sucuri Labs.

This report is divided into the following sections:

  • Top affected open-source CMS applications ​
  • Outdated CMS risk assessment​
  • Blacklist analysis and impact on webmasters​
  • Malware family distribution and effects​

This post will build on the analysis found in the report, and share additional insights from the reports webinar.


CMS ANALYSIS

The analysis shows that in 56% of the hacked sites the core platform was patched with the latest version. The real insights, however, come into focus as we dive into the specific CMS’ distribution in the sample base.

2018 – Sucuri CMS Distribution fo Out-of-Date Core at point of Infection

Although WordPress is the one platform that is the most up-to-date at the point of infection, it continues to be the # 1 platform we see in our environment.

2018 – Platform Distribution in Sucuri Sample Base

This is undoubtedly related to Sucuri’s popularity in the platform ecosystem, but with 60% market share of CMS applications, and 34% of the websites on the web its representation is also understandable. What this also highlights is that something else is contributing to these hacked sites.

2018 – WordPress Out-of-Date State at point of infection

WordPress Version – In the 2016 report, 61% of the WordPress sites had been out of date at the point of infection. In 2018, this number dropped to 36.7% (2017/39.3%). Overall I’d say that’s pretty amazing, and a direct reflection of the hard work by the WordPress security team to introduce and deploy auto-updates.

E-commerce Platforms – The platforms that do concern me the most are the platforms used for online commerce. They represent a big % of the platforms that are out-of-date at the point of infection – Magento (83.1%), OpenCart (91.3%) and PrestaShop (97.2%). These are the core applications users are leveraging to perform online commerce transactions. This is especially concerning, because unlike WordPress, these platforms are still experiencing critical vulnerabilities in its core. Coincidently, these are also the platforms that have security obligations set forth by the Payment Card Industry (PCI) Data Security Standards (DSS), one if which includes keeping software up-to-date (requirement 6).

PCI Requirement 6.2 Ensure that all system components and software 
are protected from known vulnerabilities by installing applicable
vendor supplied security patches. Install critical security patches
within one month of release. - 2018 Payment Card Industry (PCI) Data
Security Standard, v3.2.1

Another theme you’ll find with this cohort is that they are also the platforms whom struggle with backwards compatibility. This speaks directly to the complexities associated with these platforms to upgrade, which when coupled with human behavior, is a recipe for disaster.

Common Issues & Threats

While the report does show an increase of WordPress sites year over year, it’s not indicative of the platform being more or less secure. The leading contributions to websites hacks, holistically speaking, can be boiled into two key categories:

  • Credential Stuffing (Brute Force Attacks)
  • Exploitation of Vulnerabilities in Third Party Ecosystems

I won’t spend much time talk to credential stuffing, the act of stuffing access control access points with different username / password combinations; instead I want to focus our discussion on the third party ecosystems.

The accompanying webinar did peal the layers back on the threats posed by the third-party ecosystem (e.g., plugins, modules).

2018 – Identified and Analyzed Vulnerabilities in CMS Third-Party Ecosystems

Of the 116 WordPress vulnerabilities Sucuri identified, 20 were categorized as severe (17%), and another 28 in Joomla! (50%). Of the 196 total vulnerabilities, 35 had an installation base over 1 million users. 2019 has seen a spike in the number of vulnerabilities hitting the market; to date, WordPress severe vulnerabilities are 50% of the total identified in 2018.

The one platform you don’t see in this analysis is Magento. For that, I would leverage insights from Willem’s Lab. His insights on the platform and its ecosystem are spot on; unlike WordPress, Magento has predominantly been plagued with issues from core vulnerabilities (e.g., ShopLift crica 2015), but the end of 2018 and beginning of 2019 is seeing a shift in which the platform’s third-party ecosystem is becoming the attack vector of choice.

Note: If you’re a Magento operator, I encourage you to leverage the new central repository of insecure modules released by a group of Magento professionals. A similar repository exists for WordPress.

BLACKLIST ANALYSIS

The report highlights the distribution of blacklisted and non-blacklisted sites at the point of infection. This illustrates a) the different indicators of compromise and b) the effectiveness and reach of blacklist authorities.

2018 – % of Hacked Websites Blacklisted at Point of Cleanup

This year we saw a 6% drop (17% -> 11%) in the blacklist state of the sites worked on. It’s difficult to say exactly why this is, but it’s likely related to how these blacklists operate. It does highlight the need to have a comprehensive monitoring solution set as part of your security controls, depending solely on authorities like Google, Norton, and McAfee is not enough.

This becomes even more evident when you look at the detection effectiveness across the different authorities.

This year we saw Google drop from 12.9% to 10.4%, and we also saw Yandex join the the top 4 (previously it was not material enough to rank). We also saw McAfee drop about 4% and Norton continue to lead the detection rate at 46.1%.

Not all blacklist authorities are the same.

Google is the most prominent because it’s the one that most browsers leverage, most commonly Chrome. The Sucuri team put together a great guide to understand the different Google warnings. When it detects an issue it presents the users with a red splash page – stopping a visitor dead in their tracks.

2018 – Example Google Blacklist Block

Other entities however are effective for a different reason; for instance, when Norton and McAfee flag you this implies anyone using their desktop AV client will be prevented from visiting the site or at least notified of an issue. These entities also share their API’s with a number of different services and products, great example is the use of McAfee in Facebook to parse malicious domains.

2018 – Example AV Blacklist Block

Being blacklisted by one doesn’t necessarily mean the other will, and being removed from one doesn’t mean others will respect this state change. This introduces a lot of stress and frustration with website owners. The best approach managing this is to register with as many of them as possible so that you can maintain direct relationship with each:

  • McAfee Site Advisor: http://trustedsource.org/
  • Norton SafeWeb: https://safeweb.norton.com/tags/show?tag=WebMaster
  • Yandex Webmaster: https://webmaster.yandex.com/
  • Google Webmaster: https://www.google.com/webmasters/#?modal_active=none
  • Bing Webmaster: https://www.bing.com/toolbox/webmaster

MALWARE FAMILIES

This section shows you what attackers are doing once they have access to your environment. It helps shed light on “intent”.

2018 – Malware Family Distribution (Sucuri Labs)

It is very common to have sites with more than one payload, which is why the report represents sites with multiple malware families. Backdoors are a great example of the type of thing you can expect to find in any compromise.

Backdoors are payloads that are designed to give attackers continued access to an environment, bypassing existing access controls. They were found in 68% (modest 2% drop from 2017) of the infected sites analyzed. Backdoors will be one of the first things an attacker will deploy to ensure that even if their actions are found, they can retain access and continue to use the site for nefarious actions. It is one of the leading causes of reinfections, and the most commonly missed payload.

2018 – SEO Spam Growth

Last year I called out the continued rise of SEO Spam, this year was no different.

This is the result of a Search Engine Poisoning (SEP) attack in which an attacker attempts to abuse the ranking of your site for something they are interested in. Years ago this would be almost synonymous with the Pharma Hack, but these days you see attackers leveraging this in a number of other industries (e.g., Fashion, Loans, etc..). You can expect this in any industry where impression based affiliate marketing is at play.

Example Site with SEO SPAM

The teams analysis highlighted an impressive increase (78%) in the number of files being cleaned in every case. This shows the pervasiveness you should expect after every compromise.

2018 – Sucuri Report – # fo Files Affected Post-Compromise

It’s not enough to clean the file you see, but instead perform a deep scan across files and databases to ensure everything has been removed.

Of the files affected, there were some trends in the file types targeted. The Top 3 modified files were the index.php (34.5%), functions (13.5%), and wp-config.php (10.6%) file.

Every file saw an increase over 2017, and there was a change in the top three – .htaccess dropped to make remove for wp-config.

2018 – Top Three Files Modified to Post-Compromise

The report outlines how each of the files are being leveraged, specifically for what malware families.  These three files are not a surprise, they are popular because they load on every site request, belong to core files, and are often ignored by integrity monitoring systems.

Great details by Fio Cavallari & Denis “Unmaskparasites” Sinegubko on what attackers are using these files for.

Index.php

  • Approximately 34.5% of sites had their index.php files modified after a compromise.​
  • The index.php file is modified by attackers for a variety of reasons including malware distribution, server scripts, phishing attacks, blackhat SEO, conditional redirects, and defacements.​
  • 24% of index.php files were associated with PHP malware responsible for hiding a file inclusion.​
    • This malware calls to PHP functions like include and include_once by replacing the file path characters with corresponding Hexadecimal and mixed up alphabetic characters.​
  • 15.8% of index.php files were affected by malicious PHP scripts disguised using absolute paths and obfuscated characters and hidden within seemingly innocent files.​
    • Instead of injecting full malware code into a file, this method makes the malware more difficult to detect by using PHP includes and obfuscation.​

Functions.php

  • 13.5% of compromised sites had modified functions.php files, which are often used by attackers to deploy SEO spam and other malicious payloads, including backdoors and injections.​
  • Over 38% of functions.php files were associated with SEO spam injectors:​
    • Malware that loads random content from a third-party URL and injects it on the affected site.​
    • Able to update configurations through a remote command.​
    • Doesn’t explicitly act as a backdoor but can use the function to load any kind of code – including a backdoor.​Usually found on nulled or pirated themes and plugins.​
  • 8.3% of functions.php files impacted by generic malware.​
  • 7.3% of files associated with PHP.Anuna, which injects malicious code into PHP files.​
  • Malicious payloads vary from spam injection, backdoors, creation of rogue admin users, and a variety of other objectionable activities.​

WP-Config.php

  • wp-config.php was the third most commonly modified file (10.6%).​
  • Contains sensitive information about the database, including name, host, username, and password. It is also used to define advanced settings, security keys, and dev options.​
  • 11.3% of wp-config.php files were associated with PHP malware responsible for hiding a file inclusion, also commonly seen with index.php.​

CryptoMining and Ransomware

As we talk about what attackers are doing post-compromise, it’s worth spending a few minutes on Cryptomining and Ransomware.

In 2017, we saw the rise of Ransomware across the entire InfoSec ecosystem. It’s impacts on websites, however, were marginalized because of its ineffectiveness; mitigating a ransomware attack on a website is relatively straight forward, have a backup.

Cryptomining, however, is a bit of a different story.

Relationship Between Crypto Currency and CryptoMining Activity (2018 CheckPoint Report)

Cryptomining, the act of verifying and adding different forms of cryptocurrency transactions to the blockchain ledger. This process is the necessary step to adding to the ledger, and under this model the spoils belong to the group that processes the request the fastest. To achieve this you need processing power, this is where sites and their associated hosts come into play.

Although we saw a decrease in cryptomining activity in 2018, it’s an interesting payload to pay special attention to.

What you see in CheckPoints report is the correlation between the “value” of a coin, and cryptomining activity. In other words, as the price of cryptocurrency increases (think back to the 1: $19k) so did the cryptomining activity.

Analyzing this behavior (Thanks Thiago), you also find the following actions:

  • 67% of all Cryptomining signatures were related to client-side infections with JavaScript based miners like CoinHive.​
    • This means these payloads are abusing your browsers processing on your users local machines (ever go to a site and your browser dies? or it starts chewing up a lot of local resources?)
  • Remaining 33% of Cryptominers were server-side and used PHP to mine digital currencies.​
    • This means these payloads are abusing your host server, the server housing your website. This can lead to your hosting provider shutting down your site or you might experience degraded performance on your site.

I am particularly fond of this payload because it’s a great example of what we can expect form attackers when incentives are aligned. While I don’t really expect to see much activity with website ransomware, I do expect to see more with cryptomining when the incentive increases (e.g., value of cryptocurrency increases again).


I encourage you to read through Sucuri’s Hacked Website Report for 2018. It’s perfect for a website owners to understand the threats they face as they get their ideas online.

If you’re an online consumer and wondering how you can protect yourself from falling victim to hacked websites, then I encourage you to spend some time learning more about how DNS resolvers, like CleanBrowsing, can help keep infected websites from reaching your devices.

Watch Sucuri’s webinar, with yours truly, below:

Sucuri 2018 Hacked Website Webinar
Securitystandard post icon

Analyzing Sucuri’s 2017 Hacked Website Trend Report

Published in Security on April 6, 2018

The Sucuri team just released  their first annual security report that looks at telemetry from hacked websites – Hacked Website Report 2017. It uses a representative sample of infected websites from the Sucuri customer base to better understand end-user behavior and bad-actor tactics.

It specifically focuses on 34,371 infected websites, aggregating data from two distinct groups – Remediation and Research Teams. These are the teams that work side-by-side with the owners of infected websites on a daily basis, and are also the same team members that generate a lot of the research shared on the Sucuri Blog.

In this post I  will expand on the analysis shared, and add my own observations.

Read More

standard post icon

Open-Source CMS Security In The Enterprise

Published in Security on April 20, 2016

Regardless of the size of your organization, the security challenges with open-source Content Management Systems (CMS) security are the same. In the enterprise the issue stems not from the technology or existing processes, but the fact that security is slipping through our fingers. We’ve made it too difficult for our counter parts in marketing and sales, and where there is a problem new solutions step in to solve them. We see this being enabled by the explosion of cloud platforms like Platform as a Service (PaaS), Software as a Service (SaaS) and technologies that easily work in those environments like open-source CMS applications.

As a community we have to do something about this. These activities stem from the perception that IT / Security is always going to say “no” or “make my life too hard” and I can’t help but think there is a better way to handle this. To do this, we have to be prepared to embrace technologies like open-source CMS application and be willing to silence our personal biases towards them (i.e., WordPress is insecure, which is grossly untrue). A good first steps is better understanding how these technologies might fit into existing governance and their associated security policies and tools.

Accounting for Website Security in The Enterprise

Open-source CMS web applications are no different than any other applications enterprise security teams are responsible for. The principles like Defense in Depth still apply, and integrating things like Prevention, Detection and Response solutions are just as critical. The difference being that in the enterprise, these aren’t new concepts, yet when it comes to open-source CMS applications they’re dismissed.

Compromises within the open-source CMS domain are achieved through two key areas: access control and exploitation of software vulnerabilities. Here are a few tips to help enterprises think through the security challenges they face:

Read More

standard post icon

Security In Open-Source CMS Applications

Published in Security on February 12, 2016

Open-source CMS applications are no stranger to the battle they face with security. The size of the organizations adopting the platform also has little to do with it – from bloggers to mom and pop shops to Fortune 500 companies; the concern is the same. Can open-source CMS applications be deployed securely within their respective stacks?

There are those that look at open-source and have a general distrust for it. The idea that people can see the code and submit patches makes them uneasy. There are also those who can’t get their head around the general ambiguity of open-source, in which the code belongs to no-one and everyone. What they don’t realize is that most open-source projects have a stringent commit process.

The security perception is still a very real problem for the open-source CMS industry, and many feel it’s unattainble.

Read More

standard post icon

Website Security is Not an Absolute

Published in Security on October 31, 2015

I work in the field of Information Security (InfoSec), specifically website security. With that in mind, it’s but one very small piece of a very large pie. Security is complex, even at the 50,000 foot level; within each specific area of the industry, it can get even more complex. It’s no wonder it can feel overwhelming.

I have to remind myself that Security, regardless of which domain you’re focused on, always comes down to three basic elements working in conjunction with one another:

  • People
  • Process
  • Technology

Read More

Tony Perez Keynote Speaker YoastConvideo post icon

YoastCon: The State Of WordPress Security

Published in Security on June 9, 2015

Almost five years ago, Joost started the company Yoast, offering website reviews and free plugins. Yoast’s core business was, and is, sharing knowledge and making it easier to create usable websites. Five years later Yoast has turned into one of the biggest WordPress plugin providers with 21 employees (and counting)!

To celebrate reaching five years, awesome growth, and much success, Yoast celebrated with a conference: YoastCon!

The conference was held in de Lindenberg in Nijmegen, with myself, Chris Lema, Marcus Tandler, Karl Gilis, and Joost de Valk speaking, and Marieke van de Rakt, Thijs de Valk, and Taco Verdonschot giving workshops.

The State of WordPress Security

My talk was on the current state of WordPress security. There is no denying that WordPress, powering over 23.5% of the top websites in the world, has become the platform of choice for bloggers and businesses alike.

With this fame however, WordPress has become a target, making it the top targeted platform on the web by malicious actors with ill intent.

Read More

Website Access Controlstandard post icon

Website Access Control and Security

Published in Security on January 23, 2015

Website security has become a hot bed over the past few years. More and more companies are joining the game in hopes of capitalizing on what they perceive to be huge opportunities. The one vector that seems to be all the rave is Access Control.

When I talk to access control, I specifically talk to mechanisms in place to restrict access to a resource. Think how you connect to your website. Are you using WordPress, Joomla, Magento or  some vBulletin? Maybe it’s a custom PHP, HTML, ASP website?

Regardless of the platform, you have some form of access vector you employ daily.

If you’re a WordPress user, you’re likely leveraging /wp-admin. If you’re on Joomla, you’re using /administrator, and so on and so on — each platform providing its own means for connection. Access vectors don’t stop there. They extend well beyond the application itself. Think about things like File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP) and Secure Shell (SSH). These are transfer protocols that are still part of your website access vectors.

This can be extended further when you think about things like your hosting panels and database log in panels, additional forms of access vectors. But now we start diving into a very deep rabbit hole.

Read More

Auto Update Software WordPressstandard post icon

Website Security and Auto-Updates

Published in Security on November 27, 2014

If we could only auto-update our applications when vulnerabilities are identified, then we’d surely be safe… that seems to be today’s mindset. To a certain extent, that’s true, but it’s also false.

The idea of auto-updates is not new, it’s been around for a while. It’s all the rave as of late when we talk about websites. It only makes sense, if you know that the weakest link in the chain is the end-user (whom for whatever reason is unable to update) then remove the weakest link, and remove the choice.

The Challenges of Auto Updates in Website Security

There are however a few challenges that come to mind when I think about Auto-Updates, specifically how they relate to Website Security:

  1. Does little against Unknowns
  2. Introduces an unmanageable access point
  3. Goes against best practices
  4. Requires applications to write to itself

Read More

How We Think About Website Securitystandard post icon

How We Think About Website Security

Published in Security on October 30, 2014

I recently attended WordCamp San Francisco (WCSF) where Matt Mullenweg, founder of the WordPress project and CEO of Automattic, gave his annual State of the Word.

WordCamps are informal, community-organized events that are put together by WordPress users like you. Everyone from casual users to core developers participate, share ideas, and get to know each other.

WordCamp Central

As I sat there and listened to the various accomplishments the platform had achieved, one common theme continued to pop in my head around security. It’s a theme that plagues all platforms, not just WordPress. It’s something that my business partner and I struggle with on a daily basis — it’s the biggest vulnerability every website and CMS faces, it’s users.

Read More

Tony Perez WordCamp Europe 2014 Securitylink post icon

WordCamp Europe 2014: WordPress Security Starts With Posture

Published in Security on October 16, 2014

Recently I spoke at WordCamp Europe 2014 on the topic WordPress Security — It Starts With Posture. The threats website owners face today range in scale and complexity — from large DDOS attacks leveraging WordPress core functionality, to vulnerabilities found in some of the largest plugins in the ecosystem.

The Security dilemma is not shrinking, it’s getting bigger.

Today more than ever, it’s important we take the time to educate and bring awareness to the things everyday website owners can do to improve their over security posture.

Web security is not a turn of a knob, or click of an option, it’s about state of mind — it’s about good posture.

Check out the video of my presentation:

Watch The Video

CMS Security Updatesstandard post icon

Importance of Updates in Website Security: WordPress, Joomla, Drupal and CMS’s

Published in Security on August 17, 2014

In my recent post talking to the dilemma that is WordPress Security, there seemed to be some confusion as to my position on updates. Allow me a moment to provide clarity on the subject, yes, updates are very important.

My previous statements are specific to the importance level of updates, it was designed to foster a very different type of conversation than one you would have with an everyday website owner. An everyday website owner doesn’t care about the nuisances or philosophical arguments that occur at higher echelons of a specific domain their concern is what affects them right now.

For the everyday website owner, along with a variety of other best-practices, you should be applying updates as they become available. This post is more specific to you and your needs and what you must understand about the world that is Updates.

Read More

WordPress Securitystandard post icon

The Dilemma that is WordPress Security

Published in Security on August 9, 2014

The past few weeks WordPress Security has come to the forefront of the discussion again, as it often does every few months. As is often the case, it’s highly emotional and generates a lot of discussion. Chris Lema shared a post, Our discussions around WordPress security should change, and that sparked some interesting conversations.

He’s absolutely right, it should.

What many fail to realize within the community however is that the crux of the problem goes beyond Access Control and Software Vulnerabilities. The problem is the end-user, the website owner, the grandma turned website owner, the full-time mommy turned SEO expert, and the message that is pushed from top down through the various niches / factions of clicks within the community.

The irony of it all is that it revolves around the concept that made WordPress so popular — it’s ease of use.

Read More

Tony Perez WordCamp Chicago 2014link post icon

WordCamp Chicago 2014: WordPress Security Is All About the Basics

Published in Security on July 2, 2014

Recently I had the opportunity to share my insights from the past five years working at Sucuri at WordCamp Chicago 2014 held at the University Center in downtown Chicago.

My talk, WordPress Security: It’s All About the Basics, focused on experiences with end-user security issues and threats in the web security industry.

With the goal of greater awareness of security issues for website owners, I share information about the latest security threats and trends, what to watch out for and be careful of, and as always some (hopefully valuable) takeaways and recommendations for the future.

Check out the video of my presentation:

Watch The Video

Tony Perez WordCamp Philly 2014 WordPress Securitylink post icon

WordCamp Philly 2014: The Key to WordPress Security Is Awareness

Published in Security on June 12, 2014

This past weekend, I had the opportunity to speak about WordPress Security at WordCamp Philly 2014 as part of the Power User Track.

It’s critical to understand that the key to website security is awareness — and that is exactly what we achieve in this talk.

Getting down to the basics and sharing insight that very few can share through the experiences we have ascertained at Sucuri. The latest threats and trends will be shared, and of course, some good, hardening takeaways and recommendations.

Checkout the video of my presentation:

Watch The Video

Tony Perez WordCamp Minneapolis 2014 WordPress Security Basicslink post icon

WordCamp Minneapolis 2014: The Basics Of WordPress Security

Published in Security on April 28, 2014

Over the years, I have seen and experienced an amazing amount of security threats, vulnerabilities, malware attacks, and other problems website owners face. Recently I had the opportunity to speak at WordCamp Minneapolis 2014 on The Basics of WordPress Security, specifically targeted for the website owner or end user.

In this presentation, I share insights into security threats and trends site owners should be aware of, provide tips and recommendations on keeping your website secure, and share some of my experiences and insights from working at Sucuri.

I also participated in a panel discussion on Commercial WordPress Products with Reid Peifer, Marc Benzakein, Carl Hancock, and Ben Fox that was moderated by Kiko Doran.

Check out the video of my presentation and thanks to Matt Porath for snapping this great photo!

Watch The Video

Tony Perez and Dre Armeda Speak at WordCamp Las Vegas 2013link post icon

WordCamp Las Vegas 2013: Real WordPress Security, Kill The Noise!

Published in Security on December 28, 2013

This month I joined my business partner Dre Armeda at WordCamp Las Vegas 2013 to speak about web security.

Our presentation, titled Real WordPress Security, Kill The Noise! cut through the false sense of security many website owners enjoy to address the real security issues, threats, and vulnerabilities facing WordPress websites and their owners.

But don’t worry — it’s not all doom and gloom.

While we address the issues, we also provide tips and recommendations on how you can secure your website and our no nonsense approach to reducing risk with WordPress.

Check out the video of the presentation:

Watch The Video

Website Hacking Lessons Learnedvideo post icon

WordPress Security: Learning From Hacks

Published in Security on December 7, 2013

This evening I will be giving a presentation at WordSesh at midnight PST (0800 UTC).

This goal of this presentation is to learn from hacks as the name implies. It’s fairly straight forward to talk about hardening and malware, it’s something different all together to understand the attackers. That’s what this presentation attempts to do in a very short time period (45 minutes). In it I share two scenarios that were recently analyzed at my company, Sucuri.

Here is the presentation I’ll be giving and the video:

Read More

Analysis Website Security Hacklink post icon

Forensics: Analyzing a WordPress Attack / Hack

Published in Security on November 8, 2013

Recently one of our honeypots was it by an attacker and in the process we were able to gather a bunch of good intelligence on the actions taken by the attacker.

I write and detail the forensics of the attack in my latest post, for Sucuri: Case Study: Analyzing a WordPress Attack – Dissecting the webr00t cgi shell – Part I. My goal is to put out a part II next week in which we break down the shell used.

All in all, it was pretty interesting and amusing at the same time. Any questions or insight let me know.

Check Out The Article

WordPress Securitystandard post icon

Crazy April for the WordPress Platform

Published in Security on April 25, 2013

In case you haven’t been following the month of April has been a bit of a whirlwind for website owners, specifically those using the WordPress platform. The good news is it’s motivated me to start writing again, not so much here but on our company blog. That being said, let me get you caught up on what’s been going on.

Fortunately, it all started off with my presentation at WordCamp Miami, which was pretty awesome I might add.

It really kicked off with the big challenges presented by the apparent abuse of trust that came from the Social Media Widget plugin.

If you didn’t hear, the original developer of the plugin sold the rights to a marketing firm, who then outsourced it to a freelancer. That freelancer then took it upon himself to inject code into the core of the plugin, so when it was pushed to the repository and notified everyone of updates it injected everyone with the payload. Nasty, I know. Talk about taking all the fun out of hacking, boo for laziness, yay for ingenuity. The obvious downside here being the abuse of trust as I just stated, making you wonder what is being done to address that very apparent vulnerability. What do you think?

Read More

Trusted Security Information WordSeshvideo post icon

WordPress Website Security: WordSesh 2013

Published in Security on April 15, 2013

Here is an online presentation I gave at WordSesh 2013. Always weird when you give an online presentation, unable to gauge the crowd and respond accordingly. Look forward to your feedback.

Read More

  • 1
  • 2
  • Next Page

Tony Perez CEO Sucuri

About Tony Perez

I've spent the better part of the past 15 years dabbling in various technical industries, and these days my focus is website security and business. This blog, regardless of topic is a chronicle of my thoughts and life as I navigate those things that interest me the most.

  • Facebook
  • Twitter
  • LinkedIn

CleanBrowsing

How To Block Porn

Recent Security Posts

Feelings Have No Place in the World of Security

Unleashing the Power of Authoritative DNS

Content Filtering with CleanBrowsing

You Don’t Need a VPN

3 Tips to Secure Your Home Network

View All Security Posts

Recent Business Posts

Stop Thinking, Start Doing

The Selling Process

Negotiations are a Game of Chess, Not Checkers

Yes, You will Have to Hustle

Decentralizing Social Platforms

View All Business Posts

Recent Life Posts

What Are the Trade-Offs that Make Trump Ok?

Thanks FaceBook, Bye

A World of Absolutes

Thank You GoDaddy / Sucuri. A New Chapter Begins | CleanBrowsing

Don’t fear failure. Embrace Your Scars. 

View All Life Posts

Like what I have to say?

Subscribe to hear more...

I don't always have something to say, but when I do I will aim to make it insightful. Subscribe to hear my thoughts as I make them available.

PerezBox

  • Facebook
  • Twitter
  • LinkedIn

Copyright © 2021 Tony Perez, PerezBox. All Rights Reserved | Security | Privacy