In our previous article, we shared details on cURL can be used to test the performance of a website, and how it can be used to troubleshoot performance issues. Building on that, we used the same technique to measure the performance of the NOC CDN. We created test servers across multiple datacenters to get the performance […]
WordPress Security: Active Attacks Against BackupBuddy Plugin Vulnerability
On September 6th, 2022, iThemes released a security advisory on their BackupBuddy plugin. As a global network, we’re able to actively monitor attacks in the wild as they hit our network. This article shares what we’re seeing. The BackupBuddy Plugin Vulnerability The iThemes article doesn’t go into detail about the vulnerability, but describes the vulnerability as […]
Optimized Origin with the NOC CDN
A core component of setting up a Content Delivery Network (CDN) is defining the origin of the site. This origin is traditionally the IP address for the server that houses the site content. It’s where the CDN will be pulling content from. A few CDN’s even allow you to specify multiple origins, empowering admins to […]
Navigating 81 Layers of Encoding to Reveal the C&C
This past week we have been sharing a series of articles that highlight steps a hacker has taken to commandeer one of our honeypot domains. We have shared steps taken to take control, the payloads deployed, and the configurations leveraged to take control of the sites SEO. As interesting as all that has been, today […]
PHP Backdoor on a compromised WordPress to DDoS Attacks
Last week we shared our research on how we investigated and restored a Hacked WordPress site running on a Linode VPS. In that article, we showed the steps we took on the compromised server to identify and remediate the issue; from looking at the server activities, to checking the logs and comparing the integrity of WordPress to […]
How WordPress Gets Hacked in 2022 – Initial Reconnaissance
WordPress is the most popular open-source CMS in the world, as such it carries with it a massive target. For a bad actors it makes all the sense in the world to spend time and resources understanding the platform, especially its weaknesses and features. This article will build on this, and some research we’re doing […]
Protecting SSH on Web Servers
Of all the ways a server is compromised, the access vertical continues to be the #1 vector. Whether it is through brute forcing attacks that guesses a users weak password, or credentials (i.e., username and password) being leaked via another compromise. Bad actors take advantage of this vector and it is why we see automated […]