A core component of setting up a Content Delivery Network (CDN) is defining the origin of the site. This origin is traditionally the IP address for the server that houses the site content. It’s where the CDN will be pulling content from. A few CDN’s even allow you to specify multiple origins, empowering admins to […]
Navigating 81 Layers of Encoding to Reveal the C&C
This past week we have been sharing a series of articles that highlight steps a hacker has taken to commandeer one of our honeypot domains. We have shared steps taken to take control, the payloads deployed, and the configurations leveraged to take control of the sites SEO. As interesting as all that has been, today […]
PHP Backdoor on a compromised WordPress to DDoS Attacks
Last week we shared our research on how we investigated and restored a Hacked WordPress site running on a Linode VPS. In that article, we showed the steps we took on the compromised server to identify and remediate the issue; from looking at the server activities, to checking the logs and comparing the integrity of WordPress to […]
How WordPress Gets Hacked in 2022 – Initial Reconnaissance
WordPress is the most popular open-source CMS in the world, as such it carries with it a massive target. For a bad actors it makes all the sense in the world to spend time and resources understanding the platform, especially its weaknesses and features. This article will build on this, and some research we’re doing […]
Protecting SSH on Web Servers
Of all the ways a server is compromised, the access vertical continues to be the #1 vector. Whether it is through brute forcing attacks that guesses a users weak password, or credentials (i.e., username and password) being leaked via another compromise. Bad actors take advantage of this vector and it is why we see automated […]
The Domain Name System (DNS)
In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we will dive deeper into the world of DNS. The art of Routing Web Requests (Hello DNS) DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS). It is the mechanism that […]
Analyzing 17,000 Spam Links on a Hacked WordPress Site
We have been analyzing how bad actors attack WordPress, and what they do after they take control of a website. In our most recent article we watched as they modified a functions file for the active theme and injected it with 17,000 SEO links. This article dives into those 17,000 links to see what they are and […]