• Avoid Scammers this Holiday Season

    Season’s greetings to all security conscious website owners! As we approach the holiday season, it’s important to pay special attention to the security of your websites. Unfortunately, this time of year brings out unsavory characters who aim to unleash a torrent of scamming and phishing emails. To get an idea of the types of traps… Continue Reading »

  • The POODLE vulnerability – stay safe and disable SSLv3

    In the past few weeks – we have seen a lot of discussion going on about the POODLE vulnerability. Since a lot of StopTheHacker customers manage their own websites we would like to provide a little guidance on this matter. A new vulnerability has been released that targets SSLv3. This vulnerability allows attackers to pad a… Continue Reading »

  • Custom WAF protection for web platforms

    Web Application Firewalls (WAFs) are an integral part of the security stance for most companies. This piece of software protects websites as a first layer of defense from malicious attacks. StopTheHacker customers can now get access to this important technology by visiting our parent company—CloudFlare. Below we present a more detailed description of how a… Continue Reading »

  • Drupal SQL Injection Protection

    Over The last week we have released information about how to protect your website from SQL injection if you are using Drupal CMS. StopTheHacker customers can protect themselves by using our mother company’s WAF – the CloudFlare WAF. Yesterday the Drupal Security Team released a critical security patch for Drupal 7 that fixes a very… Continue Reading »

  • A (very) Brief Introduction to DNSSEC

    This blog entry is meant to provide StopTheHacker customers with a basic understanding of secure DNS. This is important as most customers manage their own websites, which are critical for their businesses. We would like to provide our customers with the information and tools which they can use to secure their websites further. The Domain… Continue Reading »

  • CloudFlare’s Privacy Policy Annual Review

    CloudFlare makes an annual review of its privacy policy. Our internal committee of legal, policy, and engineering has completed its annual review of the CloudFlare privacy policy and concluded that the policy is working well, serving our customers needs. So, we have decided not to change our privacy policy at all. Given this outcome, we… Continue Reading »

  • Protected: CloudFlare’s Privacy Policy Annual Review

    There is no excerpt because this is a protected post.

  • We’ve been acquired by CloudFlare

    Published by Dr. Anirban Banerjee After 4 years, I’m pleased to announce that we’ve been acquired by CloudFlare, the website security and performance company. Our mission at StopTheHacker has always been to make website security dead simple for our customers. This acquisition brings end-to-end security to CloudFlare and enables StopTheHacker to benefit from CloudFlare’s global… Continue Reading »

  • Scheduled Maintenance

    Our service provider will be conducting scheduled maintenance on Wednesday, August 14th, from 11 AM to 1 PM PT. The maintenance will take approximately 1 hour. This maintenance will improve performance and security of our services. During this maintenance, some webpages at StopTheHacker.com may be unreachable or be served slower than usual. Logins to the… Continue Reading »

  • When Ads Go Wrong: Malware Attacks Embedded in Advertising

    The Problem With Rotating Advertisements Rotating advertisements are a staple of many websites today and can be a generous passive revenue stream when implemented correctly. However, some webmasters may not be aware of the risks that they may present. Along with having to protect themselves from inappropriate content and competing products, many webmasters will find… Continue Reading »

  • Website Malware Scanning vs. Vulnerability Assessment

    These days, computer viruses aren’t the only clear and present danger facing users. Today’s websites feature a vast number of vulnerabilities that make it easy for hackers to hijack and add malicious code. Attacks from malicious code samples including “W32.Downadup” and “W32.Ramnit” can infect visiting machines and compromise confidential data. Google’s latest update to its… Continue Reading »

  • 10 Simple steps to protect your Drupal site

    Web devs have seen many articles detailing how to secure popular scripts, but where’s the equivalent guide if you prefer the CMS Drupal? These steps are user-friendly, even if you’re new to the system. Keep up with each of these activities for every install to prevent hackers from authorizing your site. You’ll sleep better at… Continue Reading »

  • It’s Dangerous Out There! Website Security Trends

    Website security has become a continuous do-loop of attackers exploiting vulnerabilities in software of ever-increasing complexity and software engineers developing new defenses and patches. It’s almost impossible to keep up with the cat-and-mouse game, but the United States Computer Emergency Readiness Team (US-CERT) tries to do just that through alerts and a blog of high… Continue Reading »

  • Hackers Slipping in Malware through Fake Groupon Mails

    A guest article by Jane Andrew. Hackers, crackers and cyber fiends are deploying new tactics of getting through their malicious applications to the users these days. One such group is pushing fake Groupon discount emails yearning for the naïve users to fall for their trap and consider that those emails are sent from some of… Continue Reading »

  • StopTheHacker at HostingCon 2013 in Austin, TX

    We’re happy to announce that StopTheHacker will be participating at HostingCon 2013 in Austin, TX. HostingCon Is an Annual, ‘Must-Attend’ Event for a Broad Range of Web Hosting and Cloud Services Professionals of Every Level. HostingCon attracts more than 1,900 attendees from all areas of the hosted services industry from start-ups to global giants. Attendees… Continue Reading »

  • What happened when my website was hacked

    A guest article from John McGarvey. He writes about subjects like IT security and web hosting for IT Donut. It all started one morning with a worrying email subject line: ‘Your portfolio page may have been hacked’. Inside was an unsolicited message from a friendly web developer, letting me know that my website’s usual portfolio… Continue Reading »

  • How to set up Server-Side Scanning for your website

    The new server-side scanning features are available with release 3.7 and includes the following new features within the Professional and above editions: Phishing Page Detection PHP Spam Shell Detection Webpage Defacement Detection Insecure Folder Permissions Detection .htaccess Hack Detection Website Error Reporting For detailed information on the individual features, please check out our Feature page… Continue Reading »

  • Microsoft Hacked – Method similar to Apple and Facebook Attacks

    Microsoft has announced yesterday via its Security Response Center blog that it has been attacked and hacked with methods similar in nature to those experienced by Apple and Facebook recently. All attacks were perpetrated by utilizing a zero-day Java vulnerability. Microsoft reported that a small number of its computers, including some in its Mac software business… Continue Reading »

  • Zendesk Hacked – Tumblr, Pinterest and Twitter Users affected

    Zendesk, the customer service software provider with 25.000 customers, yesterday announced a security breach that affects users of Twitter, Pinterest and Tumblr. According to Zendesk, email addresses of users who have contacted Twitter, Pinterest or Tumblr for support have been downloaded by the hackers. Wired reports passwords were not part of the breach but that some customers may… Continue Reading »

  • Quick tips for removing malware from Joomla

    Joomla has become a preferred CMS to develop websites. While a number of apps and functionalities help you attain customized visage to your website, ensuring security against Malware attacks is equally necessary and you know it’s hard to ignore. Removing malware from your Joomla website will ask for a number of modifications and other features… Continue Reading »

  • StopTheHacker Introduces Server-Side Scanning – Release 3.7 Available Now!

    Today we launched an extensive upgraded version of its award-winning suite of website protection services, forming its platform into a holistic one-stop-shop for website security. Key features of Version 3.7 incorporate extensive improvements designed to go even beyond the standard approach of website security: Detection of phishing pages to prevent hackers from using customers’ accounts… Continue Reading »

  • Quick tips for removing malware from osCommerce

    Malware attacks are no longer things that PC owners on server maintenance officers have to fear. Website owners are currently also victim to this deadly attacks propagated by hackers. Incase your website is hit and for some reason you did not have backup, there are several things that you should consider doing to make sure… Continue Reading »

  • Join us at Parallels Summit 2013 – February 4-6, 2013

    As an Exhibitor sponsor at Parallels Summit 2013, we invite you to join us in Las Vegas, February 4-6 for this exciting event. The Parallels team has put together a great lineup of keynote speakers, breakout sessions and networking opportunities. By gathering the brightest and most innovative minds in the industry, Parallels Summit makes it easier… Continue Reading »

  • The Grinch Chronicles: 2012 and Data Theft

    A guest article by Jane Andrew. While we revel in the merry spirit of Christmas as the year ends, somewhere in this world there is a large group of menacing Grinchs that are having a little celebration of their own. However, it is not because they have come up with yet another plan to steal… Continue Reading »

  • Deciding to use SSL – Which certificate type should you choose?

    A guest article by Steve Waite, CEO, GlobalSign Americas An introduction to SSL There is still much confusion surrounding the trust and security of websites, but when building a web application that deals with any personal data, security is the first priority.  SSL provides a safe form for the transmission of data – like transferring… Continue Reading »

  • WordPress plugins – How to check for updates and install them

    How to check the WordPress plugins version? Plugins are tools to extend the functionality of WordPress. The core of WordPress is designed to be lean, to maximize flexibility and minimize code bloat. Plugins offer custom functions and features so that each user can tailor their site to their specific needs. To check the version of… Continue Reading »

  • The Marriage of SSL & Malware Monitoring

    A guest article by Steve Waite, CEO, GlobalSign Americas As a security company we always encourage our customers to take a layered approach to security by understanding the risks and implementing appropriate solutions. GlobalSign is a CA, and we provide one component of such a strategy – SSL. As SSL is primarily used on webservers,… Continue Reading »

  • Removing Malware from a WordPress blog

    Malware is a type of software that attempts to steal your personal information or use your computer to do things that you do not intend. Malware infections quite often lead to harsh consequences, causing victim’s computer become slow or unresponsive. Malware is usually spyware, deceptive adware, etc. Common malwares are free screen savers that secretly… Continue Reading »

  • How to discover and remove malicious redirects in the .htaccess file

      In most of the cases malicious redirects are made by hacking the .htaccess file. Also, after cleaning up the .htaccess file the malicious code is being added back to the file within 30 minutes. This is being done with “backdoor(s)” the hackers have placed on the website files. Here is a step-by-step guide on… Continue Reading »

  • Consequences of your website being blacklisted by Google

    Safe Browsing Warning

    9.500 websites are blacklisted by Google on a daily basis due to malware infection. The malware infection are the results of a hacker attack on your website. When your website does get infected with malware there are devastating consequences: Your site gets blacklisted by major search engines, and this causes all major browsers like safari,… Continue Reading »

  • Special Offer: Get a free Application Vulnerability Assessment for your Website

    Worried your website is or might get infected by hackers? Find out if your website is vulnerable and more likely to be compromised by Hackers and malware attacks.  For a limited time only, we offer you a completely free application vulnerabilty assessment of your website. We check for web application vulnerabilities in most popular software… Continue Reading »

  • New product version 3.5 has been released

    A host of new advanced features to keep your site safe from even more threats. Version 3.5 of our product went live yesterday, October 14th. The new release 3.5 brings the following improvements and new items for you: McAfee and Symantec Norton blacklists integrated in reputation monitoring service – More info Auto cleanup now cleans up hidden… Continue Reading »

  • How to change WordPress password without having the access to wp-admin

    There may happen certain incidences like for some reason if your site is hacked, or something else, you are no longer able to login to your admin panel using the login information, and you are not able to reset the password via email. But, you want to change the password immediately. In situations like this… Continue Reading »

  • Reputation Monitoring now includes McAfee & Symantec data

    StopTheHacker now provides you with even more critical information about your website! Find out if your website is blacklisted by McAfee and Symantec/Norton, the two big Anti Virus companies. StopTheHacker’s reputation monitoring scan, part of every package available from StopTheHacker now includes data from these large security companies. StopTheHacker’s reputation monitoring service helps you take control… Continue Reading »

  • Webinar – Tips and Tricks on Website Security

    Yesterday we hosted our first free webinar on website security tips and tricks together with our friends from Stopbadware.org. The goal was to provide an overview of important tips on why website get hacked and blacklisted and what website or blog owner can do to protect their website. The webinar was moderated and presented by… Continue Reading »

  • 10 tips to make your WordPress blog secure

    WordPress Saftey

    Easily one of the most popular blogging platforms preferred by the amateur and professional alike, WordPress has many advantages over its competitors. However; its relative ease of use and many attractive themes and capabilities must be enhanced by WordPress security and protection, so that your website doesn’t fall victim to malware attacks that exploit weaknesses… Continue Reading »

  • What is PHP Malware? And how to protect your WordPress blog against it

    While blogging hasn’t replaced baseball as the national pastime, it’s safe to say that it’s made the Top Ten List. The internet has become a catalyst for this infectious hobby, but that’s not the only infection it’s spreading. WordPress Blogs are a prime target for hackers to unleash their latest malware (malicious software) creations. Over… Continue Reading »

  • Vulnerability Patching is only the first step – why malware monitoring is necessary

    So you just downloaded the latest patch to protect your website from the latest hacker-developed malware or virus. Congratulations. Your site is protected. Now you can sleep easy … for a minute, anyway. The truth is, getting the latest patch is only the first step in protecting your website from the myriad viruses and other… Continue Reading »

  • Disadvantages of signature based web malware monitoring

    When it comes to your website, nothing is more important than security. Monitoring and protecting your website against malware attacks is all that stands between a functional, working website that meets your needs and a domain name that’s dark, broken or worse: embarrassing for your brand or you. The good news is that when it… Continue Reading »

  • First Steps You Should Take on How to Become a Hacker for the Good Side of the Force

    Being a security professional, or white hat hacker, is not a job that is easy. Anyone who wants to find work in the IT security field needs to have a lot of sincerity, dedication to learning, knowledge, ability to explore the thinking and the ability to think outside of the box. For people who want… Continue Reading »

  • Five of of the Worst Viruses You Haven’t Heard Of


    It’s hard to imagine a world without computers, mobile devices or the Web. Cyber criminals and malicious hackers know just how important these tools are to not only work, but everything we do in our personal lives as well. And because we rely on them so heavily, they are a prime target for attack. Viruses… Continue Reading »

  • Malware That Affected Facebook Users

    Facebook Safety

    Statistics released by BitDefender in 2010 showed that 20 percent of Facebook’s users at that time were exposed to malware being distributed through malicious posts. Even as people are more aware of malware being spread via Facebook, that number still hovers at 20 percent according to ZoneAlarm. Over time, Facebook has seen quite a few… Continue Reading »

  • Five Most Famous Good Guy Hackers

    The term hacker really carries some negative connotations thanks to the media. Whenever there is an act of cyber crime the news media is quick to point out that hackers are responsible. Movies portray hackers as evil geniuses locked away in rooms as they navigate their way through mazes in cyberspace. Even heroes in books… Continue Reading »

  • How Malware Infects Websites

    We all know that earning a spot on the Google blacklist can be devastating to your business. If your web site is infected with malware then a visit from Google’s quality control team is sure to follow. Once they determine that a site is potentially harmful to visitors, they aren’t too keen on sending visitors… Continue Reading »

  • History of Malware

    When it comes to malware, history tends to get a bit fuzzy. Different web sites make different claims as to which piece of code is considered the first virus based on any number of variables such as replication, operating system and potential for damage. So instead of debating as to what constitutes malware or who… Continue Reading »

  • Cleaning up malware-infected WordPress sites

    Web-malware – a relatively new kind of threat, is sweeping the internet right now. Thousands of websites are compromised every single day, leading to an average of 7 – 10 days of lost revenue, immeasurable stress and damage to reputation. When websites get infected with Web-malware, it takes days to clean. In this article, we… Continue Reading »

  • How to: StopTheHacker Trust Seal

    StopTheHacker Trust Seal

    We have launched a completely new trust seal, one that clearly conveys the safety status and last scan date of your website. This new trust seal also projects an invaluable sense of trust to your website’s visitor. In this article we provide information on how to get access to the trust seal. New Trust Seal… Continue Reading »

  • How to: Use the new StopTheHacker Dashboard


    This article describes how to use the new dashboard with details on the new design, new features and why they are in place. If you rather like to watch a video then reading through this article, we have prepared a video on the new dashboard for you as well. New Dashboard  Our new dashboard allows… Continue Reading »

  • Check out StopTheHacker’s New Dashboard and Trust Seal

    StopTheHacker has completely redesigned its dashboard. It’s faster, easier to use, more intuitive and easy on the eyes. Yes, we have tried to make the customer experience for our community of security conscious website owners better. This dashboard allows customer to get access to frequently used features more easily, cutting down the amount of time… Continue Reading »

  • Best Way to Protect Your WordPress Blog from Malware

    In April over 700,000 Macs were infected with the Flashfake, or Flashback, malware. These computers were infected because the user visited any one of the 100,000 WordPress blogs that contained the malware and infected their visitors via drive by download. These numbers only reflect the damage done by one single strain of malware, and as… Continue Reading »

  • LinkedIn Security Breach!

    Security Breach At Yet Another LARGE Corporation – LinkedIn Users Beware June 6, 2012 As of this afternoon, one of the world’s largest professional networking sites has retracted their earlier denial of any security breach of 6.5 million of their users’ account passwords to confirm the rumors. The company has invalidated the passwords of affected… Continue Reading »

  • StopTheHacker Customer Case Study: La Vie Céleste

    La Vie Céleste is an all-natural, anti-aging skin care line that provides commercial quality skin care at affordable prices. Founded and led by Dr. Teri Dourmashkin, who holds her Doctorate in Health Education, the La Vie Céleste skin care collection is known for featuring the finest ingredients that nature has to offer. Committed to health and… Continue Reading »

  • StopTheHacker Customer Case Study: Christopher Imaging, Inc.

    Christopher Imaging, Inc. is a full-service photography lab for traditional and digital photographic imaging. A third-generation family business led by CEO Todd Christopher, the company employs 25, and consists of three business divisions including a wholesale and professional sales lab, a consumer mini-lab and a portrait studio. Christopher Imaging staff are proud of their reputation… Continue Reading »

  • How do cybercriminals profit from infecting websites with malware?

    A guest post by Caitlin Condon, StopBadware’s raconteur We at StopBadware see a lot of hacked websites. We also get a lot of questions from webmasters who want to know why bad actors make it a point to hack legitimate sites. The primary motivator of malware authors and distributors today is simple: money. The more… Continue Reading »

  • They Got Hacked? Sites You Never Knew Got Hacked

    Let’s take a trip back to 1992, when the hacking thriller “Sneakers” dropped in theaters. If you’ll recall, a team led by Martin Brice obtained a box capable of breaking any encryption code. This meant that they could, if they so desired, hack into any government system in the world. Unfortunately (or fortunately, depending on… Continue Reading »

  • The Biggest Data Breaches of All Time

    When you hear the term “data breach,” what comes to mind? Probably recent events like  the credit card problems at Global Payments or PlayStation’s breach of end user accounts. And while these are certainly nothing to scoff at, they certainly weren’t as bad as they could have been. With that in mind, let’s take a… Continue Reading »

  • Best Ways to Tell if Your Site is Not Secure

    If you own a web site, odds are malicious hackers will take notice. Whether their aim is to inject  your site with malware to pass along to your visitors, flood your web pages with spam links, bring your site down via a denial of service attack, deface your web site or steal confidential information if it has a URL… Continue Reading »

  • Website Malware You Should be Aware Of – The Top 10

    It used to be that malware was spread through sharing floppy disks. The threat eventually moved on to USB drive, email and file sharing downloads. Nowadays, the threats are so advanced that simply visiting a web site that contains malicious code can cause your computer to be infected. Below, you will see a few examples… Continue Reading »

  • Update now – WordPress releases Security Update 3.3.2

    It’s time to update your WordPress installs. WordPress released an update to WordPress 3.3.2 addressing some serious bug fixes. These update was released by the WordPress core security team on Friday, 20th April. The WordPress 3.3.2 update includes security updates of three external libraries included in WordPress: Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress… Continue Reading »

  • Ten Scariest Hacking Statistics

    We hear about cyber crime and malicious hacking all the time in the news but have you ever stopped to wonder just who it affects? After all, unless we are aware (the key word being aware) that we were directly touched by cyber crime we may never know just how much of a problem it… Continue Reading »

  • How StopTheHacker Works to Help Prevent Attacks on Websites

    Current research shows that over 85% of all malware comes from the web. This number is so high because it is estimated, by the same report, that more than 30,000 websites are infected with some sort of malware every day. And this number is not limited to malicious sites set up by cybercriminals, a majority of these sites are… Continue Reading »

  • Website Security: What do I need to know? What do I need to do? – Part 2

    This is the second part of our blog article about the emerging security issues for and threats to websites as well as some of the options to address them. To read the first part of our article click: Website Security: What do I need to know? What do I need to do? – Part 1 In… Continue Reading »

  • Startup Security Checklist: Things You Should Do Before Launching Your Site

    There was a time when attackers concentrated their efforts on large corporate web sites. Smaller businesses usually did not tend to the security of their web site as much because there wasn’t enough notoriety in bringing down a small mom and pop site. But now things have changed. Any site on the web has become a target for… Continue Reading »

  • Website Security: What do I need to know? What do I need to do? – Part 1

    This article describes some of the emerging security issues for and threats to websites as well as some of the options to address them. The information is first in a series of articles that will discuss how to make a website more secure. This target audience is owners and managers of websites. The contents reflect… Continue Reading »

  • The 5 Most Infamous Hackers of All Time

    We all know that the term hacker is synonymous with computer enthusiast. However there are hackers out there who use their skills in less than legitimate ways. This list shows five of the most well known black hat hackers of all time. Kevin Mitnick At age 12 Mitnick used his social engineering skills to ride Los… Continue Reading »

  • How to set up Automatic Malware Cleanup for your site

    Visit “panel.stopthehacker.com” in your web browser. If you don’t have an StopTheHacker account you can sign-up for one of our four editions easily. When logged in to the panel you will see your dashboard.  Here you will see a number of notifications in the top area of the dashboard, as sown below. Click on “Setup… Continue Reading »

  • How to Deal with the Latest WordPress Outbreak?

    Malicious hackers are finding new ways to compromise legitimate, benign websites with web malware. The goal of this post is to highlight a long running saga of a specific kind of malware injection, which we’re calling the “rr.nu/mm.php” variety. This specific variety of malware has very poor detection rates when Anti Virus programs are used… Continue Reading »

  • What is Malware? And How is Web-Malware Different?

    The word malware has been used often in recent times. However, what does malware actually mean? There is a lot of confusion among Internet users and others about what malware really is and what a piece of computer software branded as malware really does? In this short article, we will explain what malware is and… Continue Reading »

  • Host Europe Group Launches StopTheHacker’s SaaS Website Protection Suite in Europe

    SAN FRANCISCO, CA – February 22, 2012 – Host Europe Group – the largest privately owned hosting group in Europe – has today announced that it has partnered with website security services provider –  StopTheHacker –  to offer its SaaS website security services throughout  Europe. Host Europe Group will roll out StopTheHacker’s comprehensive suite of… Continue Reading »

  • Experts Explain: WordPress Security

    This is the sixth part in our series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article we will talk about WordPress security. WordPress is arguably the most popular content management system (CMS) on the Internet today. Malicious… Continue Reading »

  • Experts Explain: .htaccess Attacks

    This is the fifth part in our series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article we will talk about a very popular attack method used to infect legitimate websites: .htaccess redirection. This technique is used by… Continue Reading »

  • StopTheHacker Announces Funding Round

    SaaS Website Security Startup StopTheHacker Launches Commercial Services Based on Initial Funding Round Investment Fuels Ongoing Development and Sales Push for Emerging Internet Security Player SAN FRANCISCO, CA – February 13, 2012 – SaaS website security services provider StopTheHacker has received $1.1M in initial funding from public and private investors including Runa Capital, an early-stage… Continue Reading »

  • Experts Explain: Hidden Backdoors

    This is the fourth part in a series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article we will discuss one of the most common attack methods used to infect benign websites: Hidden backdoor shells. This particular compromise… Continue Reading »

  • Experts Explain: FTP Account Compromise

    This is the third part in a series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article, we will describe one of the most common reasons why benign websites are hacked and then are infected with malware: FTP… Continue Reading »

  • Experts Explain: Cross Site Scripting

    This is the second part in a series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. This time, we will discuss one of the most prolific techniques used to compromise millions of websites: Cross Site Scripting. Cross Site Scripting attacks… Continue Reading »

  • Experts Explain: SQL Injection

    Website security is an arms race. Malicious hackers modify their methods constantly to infect benign and legitimate websites with web-malware. One of the most common techniques used to compromise millions of websites is called SQL Injection. SQL injection attacks have been making headlines increasingly in the past few months. This highlights the sorry state of… Continue Reading »

  • Chickenkiller Infections

    Malicious hackers are continuously evolving the strategies they use to infect thousands of innocent and benign websites with malicious computer code, i.e. web malware. Web malware is a relatively recent phenomenon and is quite different from the “standard” viruses and trojans that are known to infect PCs and servers. How do I identify the malicious… Continue Reading »

  • RokBox.js Infections

    Today’s websites make use of many third party plugins to add new functionality with the least amount of effort. The inclusion of these third party plugins brings significant additional risk, namely the introduction of vulnerabilities to one’s website through vulnerabilities in the plugin itself. A prime example of this is the Timthumb malware outbreak that… Continue Reading »

  • DragosImport, Domboware Attacks

    In the recent weeks, two websites have been used increasingly to mount attacks on unsuspecting visitors of legitimate, benign, sites compromised by malicious hackers. We will discuss the details of these distribution sites in our post. Is my site infected? First, to determine if your site has been compromised by the infections mentioned here, search… Continue Reading »

  • Willysy Injection Attacks

    Code injection attacks are now affecting millions of websites on the Internet. It is no longer an option to leave your website unprotected. We will be discussing the major outbreak of the “willysy.com” injection attacks in this article that at one time affected more than 100,000 websites. What is the Willysy attack? This particular code… Continue Reading »

  • Redirection Attacks

    Malicious hackers are continuously changing the tactics they use to compromise websites. Over 6,600 new websites are hacked and blacklisted every day and begin distributing malware to potential customers and visitors, destroying their owner’s online reputation. One of the primary mechanisms used to infect visitors to a website is insertion of malicious code into a… Continue Reading »

  • Google Groups Hacked?

    As of November 21, 2011, a large number of posts on Google groups seem to have been replicated to some adult chat rooms on Google Groups. This seems to be an attempt to game the search engine algorithm that Google uses and gain high search rankings for adult, spammy and potentially malicious websites. We have… Continue Reading »

  • Simple Machines Malware

    Simple Machines is a forum software used by thousands of website owners around the world to build online communities into their websites. Unfortunately, it is a perfect target for malicious hackers too. Finding a way to compromise the Simple Machines installation to inject malware into a legitimate website thereby infecting its visitors is an attractive… Continue Reading »

  • nl.ai p,a,c,k,e,d Malware

    Malicious hackers are continuing to find new ways to infect benign websites. A recent spate of attacks on WordPress powered sites proves this more strongly than ever. One popular method for infecting WordPress powered websites is to infect a file called “wp-settings.php”. The malware is then spread from this file to all subsequent requests for… Continue Reading »

  • osCommerce Attacks

    Malicious hackers are always looking to exploit software used by website owners to power their websites. One popular type of application that malicious hackers target is shopping carts, like osCommerce. This allows them to compromise a large number of websites using the software, infecting the visitors to these sites with malware. We have described how… Continue Reading »

  • Conflg.php Hack

    One of the latest attacks we are tracking on the Internet has already infected about 250 websites at the time time of our post. This number is growing rapidly. We will be posting more details regarding the Conflg.php Hack and the reason it is infecting benign websites in our forthcoming posts. What is the purpose… Continue Reading »

  • Domain Chaining Attacks

    Malicious hackers are constantly changing tactics in order to evade detection. One of the relatively new mechanisms that has been used to infect thousands of websites on the Internet is known as Domain Chaining. Domain Chaining is the act of using multiple malware infected domains to form a network that distributes exploit code to benign,… Continue Reading »

  • Blogutils.net Tumblr Hack

    A recent spate of hacking incidents has led to the compromise of the popular website blogutils.net. Blogutils.net provides website utilities like visit counters that can be embedded on websites built using popular software. Many websites, including some accounts created on tumblr.com have been recently blacklisted by Google. The primary reason for this is the compromise… Continue Reading »

  • TimThumb Malware

    The ability to integrate useful third party plugins into a CMS like WordPress provides website owners the ability to add new functionality to existing websites. Unfortunately, this feature comes at a price. Third party plugins often have security vulnerabilities that allow malicious hackers to break into websites and use them to distribute malware. We take… Continue Reading »

  • IFRAME-based Web-Malware

    The IFRAME element, part of the HTML specification, continues to be a favorite attack vector for malicious hackers. Loading malicious payload by means of an IFRAME is an extremely easy and effective. Attackers infect and compromise websites and use them to infect other websites by loading malware from external locations, like other hacked sites. Think… Continue Reading »

  • It’s LizaMoon All Over Again

    The state of website security has been steadily improving over the last few months. Website owners and administrators are beginning to wake up to the fact that malicious hackers can use legitimate, benign, websites to spread malware on the Internet. However, there is along way to go. Just recently we have seen a spike in… Continue Reading »

  • Google Acknowledges Challenges in Detecting Web-Malware

    Google announced today that the fight to detect web-based malware is far from over. The problem is growing and changing every day. Websites must be protected to prevent the spread of web-based malware. From the Article Google issued a new study on Wednesday detailing how it is becoming more difficult to identify malicious websites and… Continue Reading »

  • We’re at HostingCon!

    StopTheHacker is at HostingCon 2011 in beautiful, sunny yet cool, San Diego! Come visit us at booth #623. If you’re at HostingCon, whether you are a customer or you would like to learn about our services, affiliate program, or how to partner, come by and say hi! We’re also giving away fee stuff including a… Continue Reading »

  • Scheduled Maintenance

    Our service provider will be conducting scheduled database maintenance tomorrow, Wednesday, August 3rd, at approximately 6:00 AM PT. The upgrade will take approximately 30 minutes. This maintenance will improve performance of our websites. During this maintenance, some webpages at StopTheHacker.com may be unreachable or be served slower than usual. Logins to the customer panel and… Continue Reading »

  • Free Facebook Safety App

    Building on our efforts to identify malware and spam on social networks like Facebook, we are very happy to announce the release of our Facebook safety app, MyPageKeeper, in collaboration with researchers from the University of California, Riverside (Press Release). For more information about MyPageKeeper, visit the Facebook app page. Why should you use MyPageKeeper?… Continue Reading »

  • Koobface Malware Detection

    Malware authors are constantly coming up with new ways to compromise web sites. Now malicious hackers have started to focus on the weakest link in the security chain, web sites, breaking in and then using them to distribute dangerous viruses. This spreads malware on PCs which are then used to form bot networks of compromised… Continue Reading »

  • BlackHole Toolkit: Malware Running Wild

    Malicious hackers are infecting websites in droves using new kinds of malware. Websites are the newest malware battleground. Benign websites are being compromised and infected by hackers in order to infect their visitors. In the vast majority of cases, the affected website owners are completely oblivious to the fact that a malicious hacker has used… Continue Reading »

  • Apache Used to Inject Malware

    Malware authors are constantly coming up with new ways to compromise web sites. Now the weakest link in the security chain, malicious hackers have started to focus on web sites, breaking in and then using them to distribute dangerous viruses. This spreads malware on PCs which are then used to form bot networks of compromised… Continue Reading »

  • Malware Faking Google (g-oogl-e.com)

    Malicious hackers are compromising websites in droves. Over 6,600 websites are hacked everyday and begin distributing malware to potential customers and visitors, destroying their owner’s online reputation. In the vast majority of cases, affected website owners are completely oblivious to the fact that a malicious hacker has used their website to infect their visitors. In… Continue Reading »

  • Web-Malware Spoofing Images (imgaaa.net)

    The incidence of web-malware is on the rise, thousands of websites are infected every day as webmasters and business owners grapple with this new hydra of the Internet. Traditional Anti-Virus software is completely helpless when it comes to detecting these new and evolving pieces of malware which are being used to infect websites by malicious… Continue Reading »

  • prw1.co.cc Malware Alert

    Malicious hackers are infecting websites in droves using a relatively new kind of malware. Websites are the newest malware battleground. Benign websites are being compromised and infected by hackers in order to infect their visitors. In the vast majority of cases, the affected website owners are completely oblivious to the fact that a malicious hacker… Continue Reading »

  • OpenX: Iframe Malware

    Online advertisements are a significant source of revenue for many web sites. Even small websites can make money by serving up targeted advertisements to their visitors. A popular piece of software which helps deliver these online advertisements is OpenX. This software displays advertisements and rotates ads on web site pages. In the last few months,… Continue Reading »

  • osCommerce: Identifying Malware

    Websites are now the primary sales funnel for many businesses. Every day, billions of dollars of business is conducted by small to medium sized businesses via their web sites. Most e-commerce web sites use a piece of software called a shopping cart to allow users to pick and choose what they would like to buy… Continue Reading »

  • LizaMoon Hack: Mass SQL Injection

    SQL injection is a technique used by malicious hackers and security researchers to inject code into a website. This mechanism exploits the improper use of input by web sites, such as the use of raw input from forms, and direct database queries using this information. SQL Injection continues to be a major security vulnerability. Malicious… Continue Reading »

  • MySQL.com Hit by SQL Injection!

    MySQL.com, the website of the extremely popular database software used worldwide was reported to be compromised today by the use of, ironically, an SQL injection attack. This compromise was released into the public domain via a post on Seclists.org: http://seclists.org/fulldisclosure/2011/Mar/309 The group responsible for this disclosure also disclosed passwords, password hashes and other sensitive information.… Continue Reading »

  • 300,000 Instances of Data Leakage

    Websites are the new battleground between malicious hackers and the general public. Malicious individuals and organizations use websites as a conduit for spreading malware. More than 6,600 otherwise benign websites are compromised every single day. One of the primary enablers of this kind of compromise is the amount of publicly available data about a website,… Continue Reading »

  • Identifying Plesk Users: A Spammers Delight?

    Parallels Plesk is an extremely popular platform for web hosts and service providers who design and service websites. This software is widely deployed all around the globe with thousands of installations. In this article we discuss how a spammer could direct an attack at Parallels Plesk users or trick them into giving up their credentials.… Continue Reading »

  • Web-Malware with a Sense of Style

    Web based malware is quite interesting in the way it changes. This emerging threat can destroy the reputation of websites and online businesses, get them blacklisted by search engines and hurt their customers and visitors . Every single day, close to 6,600 new websites are added to popular malware blacklists. In this article, we will… Continue Reading »

  • Web-Malware Faking Norton

    The growth of web-based malware continues unabated. Malware developers are targeting websites to distribute malicious viruses, Trojans and other harmful computer programs. This modern modus operandi banks on the fact that most websites have weak security and can be easily compromised. In fact even the top 15 financial institutions have vulnerabilities. In this article, we… Continue Reading »

  • Malware Posing as jQuery

    Web-based malware is the new bane of the Internet. Malware developers have focused on using websites to distribute millions of copies of viruses, Trojans and other malicious computer programs. This modern modus operandi banks on the fact that a website’s security is weak and can be easily compromised. In this article we want to raise… Continue Reading »

  • SEO Poisoning: Hijacking Miss Universe 2010

    Today, we’ll expand on our previous post which described SEO poisoning. Hackers are using this relatively new technique to lure users into visiting malicious websites with a vengeance. SEO poisoning is a method by which hackers can get a malicious link or URL, indexed by a search engine. When users search for terms that match… Continue Reading »

  • Is Posterous’ Posting Policy Secure?

    Services like Posterous have changed the way Internet users post information about themselves, their likes, and their dislikes. Posterous follows a very simple model. A user simply needs to send an email to post@posterous.com and they can attach files, such as music that they like, and post it to their personal page. Its very easy… Continue Reading »

  • Youtube Hit with HTML Injection Attack

    YouTube is reported to have been hit by hackers. They have exploited a loophole in the way YouTube lets users post comments. More information can be found in the Google Support Forum and on Slashdot. Analysis It seems that when someone places a piece of JavaScript in the comment section, beginning with the <script> tag,… Continue Reading »

  • Analyzing the Google Blacklist, Part 2

    Building on our first article in the series, we continue to analyze the Google Safe Browsing List. In this part, we present more detailed statistics about the hashes seen on the blacklist and try to provide insight into what we observe. Motivation Understanding the behavior of infected websites is very important. This provides security researchers… Continue Reading »

  • Analyzing the Google Blacklist, Part 1

    Google’s efforts to clean up the Internet and provide a useful advisory to Internet users has been very successful. Nearly every modern browser now incorporates Google’s Safe Browsing List information, to prevent users from inadvertently visiting malware infested websites and phishing websites. Motivation In this article we will be analyzing the Google malware hash lists… Continue Reading »

  • American Express Website Leaks Sensitive Documents

    This morning, a close friend of mine pointed me to some interesting documents on the American Express website. These documents seem to be leaking sensitive information including detailed activity for a corporate purchasing card. The documents clearly show the amounts, the specific merchants, dates, and places where the transaction was made and more. The documents… Continue Reading »

  • Misconfigured Log Files: A Treasure Trove of Email Addresses

    Most websites and services today use some kind of framework, based on modern languages such as PHP, Ruby, Python and others. This has allowed many individuals to host arguably complex websites. This can be a good thing except when it comes to the fact that many website owners do not pay sufficient attention to the… Continue Reading »

  • Why Did My PageRank Go Down? – SEO Poisoning

    Search engines like Google drive the majority of traffic to websites. Therefore, it is important for webmasters to appear high on search rankings and prominently in search results. To this affect website owners often spend large sums of money on Search Engine Optimization (SEO) strategies: using the right keywords, getting linked to by popular sites,… Continue Reading »

  • Hackers Understand the Value of Backups

    Hackers have been trying new tricks to obfuscate their malicious code and sneak it surreptitiously into benign websites. This trend is ever increasing as websites are now the weakest link in the entire malware chain. Hackers discover vulnerabilities in websites, exploit them to inject malicious bad code and voila – you have at your disposal… Continue Reading »

  • Is User Trust More Effective Than Blacklisting?

    Blacklists are published by many security groups and organizations around the world to share knowledge about malicious websites, IP addresses and other security features which allow others to insulate themselves from the dark side of the Internet. In recent years, the number of blacklist being published by web-centric organizations have grown by leaps and bounds.… Continue Reading »

  • Hackers Use Google Trends to Poison Searches

    Hackers are using a relatively new technique to lure users into visiting malicious websites. SEO poisoning is a method by which hackers can get a malicious link or URL, indexed by a search engine. When users search for terms that match the context of the malicious link, unsuspecting web surfers are often served malicious links… Continue Reading »

  • Are Universities Hosting Spam Zombies?

    It has been said that universities all around the world are harboring zombie machines in droves. These are the same zombie machines responsible for sending out massive amounts of spam. In this article, we attempt to understand if the university zombie-spam problem really is as big a deal as it is made out to be.… Continue Reading »

  • Popular Websites Host More Spam

    Popular Internet websites are a good place to advertise and therefore a target for spammers. Large throngs of visitors who view content on popular sites are the main draw. Spammers use vulnerabilities in message boards and forums to insert spam advertisements. This “malvertising” is bad for the reputation of the website in question and because… Continue Reading »

  • Yes, Search Engines Can Infect Your Computer

    Search engines, like Google, Yahoo and Bing offer users the ability to scour the plethora of information on the Internet. These search engines index content on websites and often maintain cached copies of these sites so that, in the event that the site is unavailable, visitors can still view the contents of the website. Unfortunately,… Continue Reading »

  • The “Underground” Credit Card Blackmarket

    Credit card data has been traded on the cyber black-market for a number of years. The relatively recent breaches of TJX Companies (owner of T.J. Maxx) and Heartland Payment Systems show the extent to which criminals will go in order to harvest credit card numbers, social security numbers, names, addresses and more. All this legitimate… Continue Reading »

  • Virus Infects 13 Million PCs, Steals Credit Card Numbers

    “Spain Busts Hackers for Infecting 13 Million PCs” Reuters via Threat Level | Wired.com Users were targeted via a vulnerability in Internet Explorer when they visited websites infected with the malware. Spanish authorities shutdown the Mariposa bot-net on December 23, 2009 although the details of what is being called the “largest cyber-raid to date” are… Continue Reading »

  • Zero to 3000+ Infected Sites in Less Than 30 Minutes

    Code injection attacks show no signs of abating. Everyday more than 6000 new websites are added to Google’s Safe Browsing List (blacklist). Hackers are compromising websites without the knowledge of the website owner to, in turn, infect website visitors. Malicious hackers don’t care if the website they infect is a small mom and pop operation… Continue Reading »

  • Do Government Websites Care About HTTPS?

    Government websites play a critical role in the transfer of information to citizens, visitors, businessmen and others throughout their lives. Most importantly many people trust government websites implicitly. By virtue of this immense trust placed in websites which are relied on for information dissemination and collection by the government, one would expect that something as… Continue Reading »

  • stopthehacker.com Attends Technology Forum

    The stopthehacker.com team traveled to Omaha, Nebraska, in early February to meet with other cyber security companies and corporate, academic and government leaders. Anirban Banerjee, stopthehacker.com co-founder, appeared in a video interview conducted by Jeff Slobotski of the Silicon Prairie News. Watch Anirban describe the goals of stopthehacker.com: Scott Tech Center & Innovation Accelerator Host… Continue Reading »

  • The Curse of the URL Shorteners: How Safe Are They?

    URL shortening services have become all the rage on the Internet. These services take a long URL as input and produce a short, easy to use, URL as an output. Simple! By virtue of their ease of use, millions of Internet surfers use them to post messages on twitter. In fact, URL Shortening services like… Continue Reading »

  • Analyzing Popular CMSs: Are vBulletin Users at Risk?

    This article is the last in our series of articles on CMS analysis, this time we will be focusing on vBulletin. We have previously profiled Joomla, WordPress, Drupal and phpBB. vBulletin is a little bit different than the list of CMSes we have been analyzing in this series. The first and most apparent being that it… Continue Reading »

  • Analyzing Popular CMSs: Are phpBB Users at Risk?

    Continuing with our series of articles on CMS security, this time we will be focusing on phpBB. We have previously profiled Joomla, WordPress, and Drupal. I can already hear CMS purists howling that phpBB is not a CMS. In a way they’re right, but in other ways it is a CMS.  phpBB is without a doubt… Continue Reading »

  • Analyzing Popular CMSs: Are Drupal Users at Risk?

    Continuing with this series of articles on CMS security, we have previously profiled Joomla and WordPress, this time we will be focusing on Drupal. Another, in a line of popular CMSs available today, Drupal, is used by tens of thousands of websites. Similar to WordPress, it has various plugins to customize the base installation and also… Continue Reading »

  • Analyzing Popular CMSs: Are WordPress Users at Risk?

    Following up on our last article, this time we will be discussing issues relevant to, likely, the most popular CMS software package available today: WordPress.  WordPress, is used by a plethora of individuals and organizations, from bloggers to content publishers, news media outlets and many more. The great thing about this particular CMS is the… Continue Reading »

  • Analyzing Popular CMSs: Are Joomla Users at Risk?

    In this series of articles, we will be discussing issues relevant to popular Content Management Systems (CMS). These software packages make it relatively simple for web-administrators and lay people to host a website or an Internet forum and manage the content on it. Using a CMS, one can easily keep track of various versions of… Continue Reading »

  • “Online Pharmacy” Spam Stalks Internet Forums/Boards

    Malicious hackers have, for many years, been offering services to unscrupulous individuals and companies for monetary compensation. With the growth of Email Spam advertising everything from medical supplements to cars and lottery tickets, email scrubbers and filters have taken the game up a notch by implementing ever increasing layers of complexity to cut down on… Continue Reading »

  • How Safe are Internet Website Directories?

    Recently, we told you that Dmoz.org, one of the largest user-edited directories on the Internet, is also one of the safest directories. Directories such as Dmoz.org contain links to hundreds of thousands to millions of sites. These directories are categorized by volunteers or through automated means. Many search engines, including Google, Hotbot and others, potentially use… Continue Reading »

  • An Interesting Sample of Malware

    This afternoon, a post on Badwarebusters.org reminded me of a somewhat interesting piece of malicious code I have not seen for some time. Our scanners flagged it as malware. The original post is found here , answered by redleg on Badwarebusters.org. This malware, found embedded in “eslpod.com/website/index.php”, is displayed below. The code has been slightly… Continue Reading »

  • Where Can You Find (2.8 million) Safe Websites?

    Hackers are hitting websites hard and fast. Everyday, upwards of 6,000 new websites are compromised by malware due to code injection, FTP credential compromise, weak server security, web-application flaws and the full gamut of other security issues. In this vein, any system used to determine whether a website is clean or infected, needs to be… Continue Reading »

  • Do News Aggregation Websites Point to Blacklisted Sites?

    News aggregation sites, like Digg.com, Reddit.com, Ycombinator and Yahoo Buzz play an important part in the lives of many web-surfers. It is reported that sites like Digg.com have garnered more visitors than heavyweights like Facebook [1]. I was recently asked: “What is the probability of  a site listed on popular news aggregation sites to be… Continue Reading »

  • Large Webhosts: How Serious About Security Are They?

    Some of the largest web hosting companies in the United States and abroad host more than 500,000 websites individually. These web-hosting companies focus on providing a cost-effective solution for clients to develop and maintain their Internet-facing websites. To protect these websites, these web-hosting companies often use Web-Application-Filters (WAFs) and more traditional firewall-type devices along with… Continue Reading »

  • Website-Reputation Services Agree to Disagree

    We have recently published statistics comparing various website reputation services and have received good feedback over private channels regarding our article. In this sequel we add Microsoft’s Bing, malware filter along with comparison to other website reputation services. At StopTheHacker.com (Jaal LLC) we have conducted tests of 721 URLs, all of which have been reported… Continue Reading »

  • Do Zombie IPs Host Blacklisted Websites?

    Zombie IPs can be defined as Internet Addresses which participate in bot net communications. When Internet surfers visit websites contaminated with malware, the malicious code often times is successful in infecting the computer of the unsuspecting visitor. Once the malware has installed itself on the personal computer of the Internet surfer, it proceeds to receive… Continue Reading »

  • Profiling Autonomous Systems Hosting Blacklisted Websites

    An Autonomous Systems or AS is a routing construct that represents a group of networks under the control of an organization (credit for edit :Max@badwarebusters.org). These form the “structure” of the Internet. These organizations can be thought of as web-hosting companies, large Internet-based companies or resellers of bandwidth and IP addresses. These are usually large… Continue Reading »

  • How Good Are Website-Reputation Services?

    Websites on the Internet have now become the standard modus operandi for spreading malicious software to infect personal and corporate environments. A large number of benign and well-meaning websites are compromised everyday by hackers inserting malicious code to, in turn, infect the computers used by visitors to the hacked site. One of the ways to… Continue Reading »

  • Catch Me if You Can: Antivirus Poor at Detecting Web-Malware

    There is every indication from sources internal to StopTheHacker.com and external sources comprised of web hosting companies, administrators, security companies and government organizations that the threat from web based malware is looming large and is only going to intensify in the coming years. Website owners, and administrators, even website hosting companies are the directly affected… Continue Reading »

  • When Benign scripts attack – V

    Building on with this series of posts, which try to capture the evolution of how hackers are injecting benign scripts with malware in the hopes of hiding their malicious content amongst good code. The malicious code displayed this time leads to the famous “Gumblar” infection strain and can cause a lot of headaches. This particular… Continue Reading »

  • When Benign scripts attack – IV

    We have received significant requests to keep up with this series of posts which try to capture the evolution of how hackers are injecting benign scripts with malware in the hopes of hiding their malicious content amongst good code. This particular example shows how a menumachine script was used by a hacker to spread malicious… Continue Reading »

  • Is Yahoo Really Hosting Malware?

    Yahoo’s cached pages can be distributing malware. Yahoo, has allowed users, for several years, to use the “cached pages” options displayed along with its search results on Yahoo-Search. Yahoo has partnered with McAfee’s SearchScan to provide safer searches since about May 2008. This is all good. The intention of providing safer searches to visitors is… Continue Reading »

  • Top Banks Suffering from Multiple Vulnerabilities

    Solid financial institutions are the cornerstone of any successful economy. These institutions need to maintain the highest levels of security to protect sensitive customer data from becoming prey to malicious interests. Given the fact that these giants of industry have emergency response and security teams and that they spend hundreds of thousands of dollars a… Continue Reading »

  • What’s up with Sitemeter?

    It has been a busy day. Lots of interesting things have happened over the course of the last few hours. One interesting issue which we faced today was when trying to help out on badwarebusters.org today. It seems that one of our scans popped up a script hosted by Site Meter as potentially malicious. This… Continue Reading »

  • Free Google Blacklist Monitoring from stopthehacker.com!

    Try our Blacklist Monitoring service for free. Blacklisting can happen to anyone. Now, with Blacklist Monitoring, know before it’s too late to keep your customers. Getting quick notice can let you fix the problem faster. Together, we can help make the web a safer, better place to surf. What’s in it for you? We tell… Continue Reading »

  • New SSL Issues = New SSL Attacks

    You might remember the article I wrote a couple of weeks back regarding the then recently found vulnerabilities of SSL 3.0 (TLS 1.0). Well, things just got real. New Security Issues come to light with SSL 3.0 At the time, some researchers even went so far as to say that the vulnerability was only theoretical!… Continue Reading »

  • New kid on the block: Google Chrome OS

    This weekend the only hot discussion topic except what awesome black Friday deals can people lay their hands on is the announcement concerning the fabled Google chrome OS. Early press articles have provided a good overview of what the Google OS might look like. The following articles are informative and entertaining. www.pcmag.com blogs.computerworld.com One of… Continue Reading »

  • How to write shell code – I

    Writing shell code is perceived as a black art by many. The good news is that it is far from that. Anyone with a basic knowledge of programming and a desire to catch up on some basic assembly programming and CPU architecture can churn out shell code in less than an hour. Lots of people… Continue Reading »

  • When Benign scripts attack – III

    In this post we continue to analyze how popular scripts are being targeted by hackers to cause infections on websites and computers which load them up in browsers for the viewing them. The motivation behind using these originally benign scripts to do the dirty work on their behalf is that a lot of webmasters and… Continue Reading »

  • When Benign scripts attack – II

    A few weeks back I wrote about how hackers are targeting benign scripts to do the dirty work on their behalf. The trend is now intensifying. In the last post about this issue, we saw how common scripts like JQuery and AC_RunActiveContent, mootools and others were being targeted. This time we will look at injection… Continue Reading »

  • XST: One of the Most Prevalent Security Holes

    Cross Site Tracing (XST) are one of the most prevalent threats in the Internet today. The surprising fact is that even though developers are somewhat familiar with other attack vectors, XSS (Cross site scripting), SQLi (SQL injection) and others, relatively few seem to know what XST is. XST uses the HTTP TRACE functionality which is… Continue Reading »

  • Shockwave Vulnerability Directs Users to Malicious Websites

    Researchers at VUPEN have discovered four major vulnerabilities and one minor in the Adobe Shockwave Player. The vulnerabilities are present in version and those predating it. Adobe Shockwave is installed on over 450 million client systems world-wide. The most problematic of the vulnerabilities can be exploited to execute arbitrary commands when a visitor views… Continue Reading »

  • New Security Issues come to light with SSL 3.0

    New SSL Security Issues: A vulnerability allowing hijacking of an already connected SSL 3.0 (TLS 1.0) sessions has been disclosed. SSL technology provides an end-to-end secure communications tunnel used most commonly by the HTTPS protocol. This, most recent, vulnerability allows an attacker to insert text of their choice into the data-stream, even after the secure… Continue Reading »

  • HTTP and HTTPS

    A lot of times, people confuse HTTP and HTTPS. This is primarily because of the lack of understanding of a simple encryption based security mechanism that nearly all browsers can work with. HTTP is the protocol according to which your web browser transfers data to and from any web server, a computer that throws web… Continue Reading »

  • When Benign scripts attack!

    Code injection attacks are constantly morphing. The bad guys are constantly looking to deposit malicious code into websites in order to infect visitors to these sites. Once the visitors are infected, their machines can become part of extremely large bot armies and can be used to propagate the cycle of code injection attacks further. This… Continue Reading »

  • Windows (Win32) Shell coding pointers – I

    Although a bit dated, these pointers for shell coding provide a decent starting point for enthusiasts to go and poke around with binaries :-). Most of the information is collected from various texts on nologin.org (read win32-shellcode.pdf and many more) during the last few years and experiences with binaries. These pointers are definitely good for… Continue Reading »

  • Whats up with twitter?

    Twitter is over capacity. In this vein, here’s a post from gist.github.com which displays the source code for the stalkdaily twitter XSS worm. Its a good example of how to use CSRF/XSRF with XSS.

  • Beef with IE – II

    Building on my post, Beef with IE, here’s another little look into what can crash the world’s most popular browser.  Running this script may crash your browser so save your work.  Again, I’m not sure whether to classify this as malware or something else. Tested with IE7 Vista, IE6 XP2, IE6 XP3 (courtesy milw0rm).

  • Twitter spamming: Some pointers

    Twitter has now become the undeniable darling of marketing enthusiasts, as this medium of communication has augured millions of dedicated users. This has also led to a lot of the bad guys looking at this medium to spread bile. I am going to provide some links based on which some “twitspam” tool-kits are developed. I… Continue Reading »

  • Difference between Heap Spray and NOP Sled

    A lot of people I meet often think that NOP Sled and Heap Spraying are actually the same thing. Not true at all. I wanted to write a description myself, but there were already good pointers on Wikipedia. Heap Spray “In computer security, heap spraying is a technique used in exploits to facilitate arbitrary code… Continue Reading »

  • Beef with IE

    I’ve never been a fan of IE and one particular incident sways the decision I made long ago to switch to other browsers pretty decisively for me. I spend time tinkering with both JavaScript and Browsers, and some time back I came across a script to iterate through DOM objects on a  page. This script… Continue Reading »

  • Opera Unite: Boon or Bane

    Here’s some interesting piece of news, Opera 10, the shiny new version of one of the finest browsers available today has released a new version. Its slick and has tons of eye candy. One really interesting part about the new version is that it lets you start what’s known as Opera-Unite: this is basically a… Continue Reading »

  • Common Iframe injection target sites: Russia

    For the last few weeks we have been receiving communication from affected parties who have been hit with a spate of iframe injection attacks. If you see any of these sites embedded as an iframe or as an HTTP link on your site, it would be good to consider removing them. DO NOT VISIT THESE… Continue Reading »

  • Common Iframe injection target sites: China

    For the last few weeks we have been receiving communication from affected parties who have been hit with a spate of iframe injection attacks. If you see any of these sites embedded as an iframe or as an HTTP link on your site, it would be good to consider removing them. DO NOT VISIT THESE… Continue Reading »

  • A trojan which steals your money “intelligently”

    A relatively sophisticated trojan is making the rounds stealing money from bank accounts in an intelligent manner. Unlike a ton of “hammer and tongs” malware, this one actually tries to decide how much money should it steal form you bank account without raising alerts. This is especially interesting n users about as more and more… Continue Reading »

  • 43 cents for a compromised Mac!!

    Even though users of apple products are somewhat safer than windows users, this news article is  just another example of the fact that “ignorance is no panacea”. The bad news is that the bad guys are looking at infected Macs as a potential money-maker. Sophos researcher Dmitry Samosseiko at the Virus Bulletin conference in Geneva… Continue Reading »

  • Significant numbers of machines in enterprise networks are bot-infected

    In a detailed 3 month long study conducted by the guys at Damballa, reports that enterprise networks are deeply infiltrated by bot-nets. Bot infections are on the rise , and most come from bot-nets which do not get much publicity in the popular press. “In a three-month study of more than 600 different bot-nets found… Continue Reading »

  • Russian Security Group exposes source-code for 3000+ sites

    A russian security group, has exposed the wide spread existence of mis-configured web servers once again. The “exploit” itself is not new, it basically hooks on to the fact that there are usually some change files in the .svn/.cvs directories on a site and then tries to grab these meta-data files and extract source code… Continue Reading »

  • Microsoft takes on the cudgels to fight Fake Anti Virus malware distributors

    Microsoft has taken a hard line on malicious online advertisers — also known as “malvertisers” — by filing five lawsuits against the suspected fraudsters in what the software giant claims are the first-ever legal moves against malvertising. The software giant’s suits came on the heels of a rogue anti-virus attack on the high-profile New York… Continue Reading »

  • Hack a Facebook account: only $100!

    PandaLabs announced the discovery of an online service that promises to hack into any Facebook account for $100. The service’s creators claim, “Any Facebook account can be hacked,” promising to provide clients with the login and password credentials to access any account on the popular social networking site. “The service’s real purpose may be hacking… Continue Reading »

  • ISPs sued for hosting fake sites

    This is something that’s waiting to happen to a ton of other ISPs. In this case a large, well known fashion company went to court because a couple of ISPs were hosting sites selling fake products branded with their logo and name. Read more: darkreading.com I am pretty sure that the day is not far… Continue Reading »

  • A linux webserver botnet exposed

    A lot of people who use Linux based systems often say that “Linux is just so free of problems well, here’s a piece of news that should grab their attention. I do agree though that *nix based systems are somewhat more secure than windows based system, but that’s no reason to be stupid :-) .… Continue Reading »

  • Google groups used as malware command channel

    Gavin Gorman from Symantec made a post about how Google groups was being used as a back channel to control a bot-net. “The Web-based newsgroup can store both static ‘pages’ and postings. When successfully logged in, the Trojan requests a page from a private newsgroup, escape2sun. The page contains commands for the Trojan to carry… Continue Reading »

  • 130m Card Numbers Stolen in SQL Injection Attacks

    “US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.” Via BBC NEWS | Business Companies targeted in the online attacks: Heartland Payment Systems 7-Eleven (convenience stores) Hannaford Brothers (supermarket chain) others…

  • How to track down “anonymous-users”

    Staying anonymous on the Internet has been a much behooved ability for many different reasons. One group of malicious individuals, focusing on code-injection attacks on websites, often attempts to mask themselves by trying to use anonymizing proxies. These proxy servers should in theory cloak the identity of the individual using them. This is not widespread… Continue Reading »

  • The Saga of Web Defacement Continues

    “YAMWD: Yet Another Mass Web Defacement” The SANS Institute ISC Major web hosts down this week: servage.net – Thousands of sites defaced. 3dgwebhosting.com – Down since 8/14/2009.

  • More Press Coverage

    StopTheHacker.com is attracting the attention of research institutions. “UCR Student Launches Web Site Protection Service with Help from Professor” UC Riverside: Newsroom Thank you, Todd Ransom.

  • Security Giants Renewed Subscriptions without Permission

    According to PC Pro, the security giants, McAfee and Symantec have paid $375,000 USD in fines levied when they allegedly automatically renewed subscriptions without their customers’ consent. “Security firms ‘renewed subs without permission’ ” PC Pro: Security News Apparently, McAfee and Symantec had both hidden renewal clauses in their customers’ contracts. However, the details of the… Continue Reading »

  • SQL Injection wipes out 100,000 sites

    “Webhost hack wipes out data for 100,000 sites” The Register Likely the result of an SQL Injection attack, data for more than 100,000 sites hosted on the HyperVM virtualization platform were deleted. Over 24 hours later, administrators at Vaserv.com were still working to recover from the issue.

  • Free Web Security Whitepaper

    Things you should know about Web 2.0 security. Why antivirus software and firewalls are not enough. The Code Injection attack and how it can kill an e-business. Web Security Whitepaper – PDF

  • Press Coverage

    StopTheHacker.com has been featured in the news. “Riverside startup focuses on protecting Web sites” The Business Press Thank you, Juliane Ngan.

  • Large-Scale Script Vulnerabilities Uncovered

    Jaal helps websites detect and recover from code injection attacks in a large outbreak that affected more than 70,000 websites. Vulnerabilities Uncovered – PDF