Ask Sucuri

Ask Sucuri: How Do You Find Website Backdoors?

In a previous post, we have explained what website backdoors are and what they look like. Today, we want to focus on ways that we identify and remove backdoors to prevent reinfection. Techniques to Find Backdoors Finding a website backdoor is not an easy task because the main function of a backdoor is to keep

[ Read More ]

What are Website Backdoors?

When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to leave a door open to retain control of the website and to reinfect it continuously. This type of malware is called a backdoor. What Are Backdoors? Backdoors are types

[ Read More ]

The Importance of Website Backups

Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no,  all your files are deleted from the database. What would

[ Read More ]

How to Improve Website Resilience for DDoS Attacks – Part I

Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application resources by sending spikes of fake traffic to your website. It is also notoriously difficult to conduct forensics on a DDoS attack, making the source of the attack a mystery. DDoS attacks

[ Read More ]

Steps to Keep Your Site Clean: Updates

This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates. Updates Repeatedly we see websites being infected or reinfected when important security updates are not taken seriously. Most software updates are created

[ Read More ]

What is Virtual Hardening?

If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of protection to reduce the potential attack surface. Hardening often involves manual measures of adding code or making changes to the configuration. To virtually harden your site involves allowing a

[ Read More ]

Steps to Keep Your Site Clean: Access Points

Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can help, and the worry it causes. Maybe you were able to get your site back on track or had a company clean the site for you, but the important thing

[ Read More ]

Intro to Securing an Online Store – Part 2

Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These principles can help in satisfying PCI DSS requirements 8 & 10: Requirement 8 – Identify and authenticate access to system components. Requirement 10 – Track and monitor all access to

[ Read More ]

The Impacts of Zero-Day Attacks

Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from exploiting it. Today, we would like to expand on the impacts of these attacks. What Do Zero-Day Attacks Depend On? The impact a zero-day attack can have on your online

[ Read More ]

Understanding Zero-Day Vulnerabilities & Attacks

In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as: The team maintaining the project The users of the project Vulnerability researchers Vulnerability researchers are the good guys – people who won’t take advantage of the vulnerability for their own gain

[ Read More ]