Joomla Security
Backdoor Shell Dropper Deploys CMS-Specific Malware
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want. Another common ...
Vulnerabilities Digest: July 2020
Relevant Plugins and Vulnerabilities: PluginVulnerabilityPatched VersionInstalls Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0 – Arbitrary File Upload 7.0.5 ...
Hacked Website Threat Report – 2019
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively ...
Throwback Threat Thursday: JCE Vulnerability
Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS. In fact, even with a decreasing ...
Joomla! Security Best Practices: 12 Ways to Keep Joomla! Secure
At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management systems (CMS) exist in this ecosystem, and ...
Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
When our tools don’t automatically detect and clean malicious code, that’s when we start our investigation process—and the majority of these research findings end up on the blog or as a Labs ...
Return to the City of Cron – Malware Infections on Joomla and WordPress
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created ...
.htaccess Injector on Joomla and WordPress Websites
During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website, injected into all .htaccess files and redirecting ...
Hacked Website Trend Report – 2017
We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the ...
New Guide on How to Clean a Hacked Website
Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to ...
