SSL port numbers serve as communication endpoints for transmitting or receiving data. One of the primary functions of these ports is to establish a secure connection between a web page and a website hosting server or the CDN/WAF that might sit in front of it. These add an extra layer of security by leveraging either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificates for encryption. At their core, HTTPS ports are identified using numerical codes ..read more

Navigating your WordPress site’s dashboard can provide you with significant control over your website’s functionality and appearance. Yet it won’t offer a direct interaction or management of your server. This is where Secure Shell Access (SSH) steps in. SSH is a protocol that provides a secure and effective way to connect with your website and server to implement changes. In this blog post, we’re going to delve deeper into what Secure Shell (SSH) is, how it operates, and why it’s useful ..read more

With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content issues and warnings. In this post, we’ll take a look at common reasons for mixed content errors, what causes them, and how you can fix them on your website ..read more

With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content issues and warnings. In this post, we’ll take a look at common reasons for mixed content errors, what causes them, and how you can fix them on your website ..read more

During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento websites, and more recently on WordPress — however, in this case the customer was using a lesser known eCommerce solution known as X-Cart ..read more

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how it works! One of our clients was reporting that one of their website visitors was receiving a warning from their antivirus program when navigating to their checkout page: Calls were being made to a known malicious domain that was already blacklisted by multiple vendors for distributing malware and involvement in carding attacks: This certainly indic ..read more

Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole. With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content warnings. Today, let’s look at these common errors, what causes them, and how you can fix them ..read more

This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use comments or other text within malicious code to confuse website owners and prevent detection and removal of malicious files. In this case, the “Loader for Secured Files. Copyright 2001-2017. All rights reserved.” text is used in an attempt to add some authenticity to the file ..read more

OK, so we’ve all been there. We want something Premium, such as a paid version of an app or piece of software, but it would be great not having to pay for it, right? Well, we know that while there are some great pieces of software around the web for free, most of the fancy stuff is likely going to cost you something. The same happens with Premium themes/plugins for our beloved CMSs ..read more