<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Tag: analytics

Blocking Brute Force Attacks On WordPress

brute force wordpress imunify360

One of the easiest ways to attack a web site is to gain entry through a content management system, such as WordPress. To do this, hackers try to force a login to a site’s WordPress installation using frequently used passwords. These sorts of attacks are known as brute-force attacks. 

Neutralizing Malware From The WPNull24 Site

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_01

The Imunify security team has identified a security threat: a website, wpnull24.com, that provides WordPress themes infected with malware. This site offers “nulled” themes, or paid-for themes that have been modified so they can be downloaded for free. 

The themes provided free of charge at wpnull24.com are particularly dangerous, because installing one of them infects all of a site’s themes, plugins, and core WordPress files with malware. Once a site is infected, it can be used for black SEO, phishing, and sending spam as well. Access to an infected site can also be sold to other cyber-criminals. 

Blocking Web Spam With ModSec Rules

web-spam

Web spam, phishing links, commercial comments, and other unwelcome additions to web pages is a big headache for many webmasters and blog owners. It seems to flow unceasingly to site users, and countermeasures such as comment approval, registration confirmation, and CAPTCHAs are inconvenient for admins and users alike. 

Enabling Real-Time Scanning In Imunify360

real-time-scan

 

If you’re running Imunify360 on your servers, you should enable real-time scanning. Why and how should you do that? Find out below. 

New Imunify Protection Against WP-VCD

 

WP-VCD

WP-VCD is a hacking campaign that’s responsible for the vast majority of WordPress malware infections. It has launched massive campaigns that have been very effective. Conducted on weekends, when many security staff are off the job, its campaigns have infected around two million WordPress sites. 

 

Imunify360 Heuristics: Improving Threat Detection

heuristics

Imunify360 has six core components: Web Application Firewall, Linux Malware Scanner, Proactive Defense, IDS/IPS, WebShield, and Cloud-Based Security. The last component, Cloud-Based Security, runs according to what we call heuristics. 

In Imunify360, heuristics are a set of rules based on information coming in from thousands of Imunify-protected servers all over the world. These servers send threat information to the Imunify cloud server, where it’s automatically processed by dozens of scripts. It’s also manually processed by our Analytics team. 

How to stop doorway pages damaging your domain's reputation

doorway pages seo Imunify360

Doorway pages are a great way to improve a website’s SEO ranking.


They’re also a great way to get your domain blocked by major search engines.

So why are they still prevalent? How do they work, and why should you care if your web server hosts them?

That’s what I’ll cover in this article.

Imunify360 4.2.9-2 updated

b2ap3_large_imunify_update

 

Updated: September 12, 2019 11 AM EST.

We fixed a vulnerability in the recent release. We advise you to update to the latest stable version available.

We are pleased to announce that the new Imunify360 version 4.2.9-2 is now scheduled for gradual roll-out from our production repository and will be available for all customers in about two weeks or less.​

PHP malware obfuscation using goto

php goto malware banner

Imunify’s Malware Intelligence Team has been witnessing an increase in malware samples using the goto programming construct. Here’s a chart showing the recent surge of malware using goto as an obfuscating mechanism.

[Threat Intelligence Report] Remote Code Execution in Drupal 8 (CVE-2019-6340)

b2ap3_large_drupal-vulnerability

The Imunify360 Threat Intelligence Group are monitoring a remote code execution vulnerability targeting installations of the Drupal CMS. 

Subscribe to Imunify security Newsletter