One of the easiest ways to attack a web site is to gain entry through a content management system, such as WordPress. To do this, hackers try to force a login to a site’s WordPress installation using frequently used passwords. These sorts of attacks are known as brute-force attacks. 

The Imunify security team has identified a security threat: a website, wpnull24.com, that provides WordPress themes infected with malware. This site offers “nulled” themes, or paid-for themes that have been modified so they can be downloaded for free. 

The themes provided free of charge at wpnull24.com are particularly dangerous, because installing one of them infects all of a site’s themes, plugins, and core WordPress files with malware. Once a site is infected, it can be used for black SEO, phishing, and sending spam as well. Access to an infected site can also be sold to other cyber-criminals. 

Web spam, phishing links, commercial comments, and other unwelcome additions to web pages is a big headache for many webmasters and blog owners. It seems to flow unceasingly to site users, and countermeasures such as comment approval, registration confirmation, and CAPTCHAs are inconvenient for admins and users alike. 

If you’re running Imunify360 on your servers, you should enable real-time scanning. Why and how should you do that? Find out below. 

WP-VCD is a hacking campaign that’s responsible for the vast majority of WordPress malware infections. It has launched massive campaigns that have been very effective. Conducted on weekends, when many security staff are off the job, its campaigns have infected around two million WordPress sites. 

Imunify360 has six core components: Web Application Firewall, Linux Malware Scanner, Proactive Defense, IDS/IPS, WebShield, and Cloud-Based Security. The last component, Cloud-Based Security, runs according to what we call heuristics. 

In Imunify360, heuristics are a set of rules based on information coming in from thousands of Imunify-protected servers all over the world. These servers send threat information to the Imunify cloud server, where it’s automatically processed by dozens of scripts. It’s also manually processed by our Analytics team. 

Doorway pages are a great way to improve a website’s SEO ranking.

They’re also a great way to get your domain blocked by major search engines.

So why are they still prevalent? How do they work, and why should you care if your web server hosts them?

That’s what I’ll cover in this article.

Updated: September 12, 2019 11 AM EST.

We fixed a vulnerability in the recent release. We advise you to update to the latest stable version available.

We are pleased to announce that the new Imunify360 version 4.2.9-2 is now scheduled for gradual roll-out from our production repository and will be available for all customers in about two weeks or less.​

Imunify’s Malware Intelligence Team has been witnessing an increase in malware samples using the goto programming construct. Here’s a chart showing the recent surge of malware using goto as an obfuscating mechanism.

The Imunify360 Threat Intelligence Group are monitoring a remote code execution vulnerability targeting installations of the Drupal CMS.