Contact
Free web scan
Sitelock Blog

Behind the Code

Anatomy Of A Phishing Kit

Posted in Behind the Code
April 7, 20227 min read

In this article, we look at a few phishing kits that were recently found in customer sites and compare their structure and complexity.

What Your (Website) Style Says About You

Posted in Behind the Code
March 10, 20228 min read

Content stylesheets (CSS) are the primary way that websites tell a browser how to shape, color, and indent the content of a website and what fonts to use for the text. But did you know that malicious actors can also use CSS stylesheets to add malware to your site?

Questionable Colors? Or Malicious Code?

Posted in Behind the Code
February 10, 20226 min read

Although design is subjective, it’s fair to say that we’ve all seen creative images that looked somewhat questionable and wondered what the designer may have been thinking, particularly color choices. But did you know that there are some color choices that aren’t just bad, they really are out to get you?

Know Your Code

Posted in Behind the Code
January 13, 20226 min read

Your online presence is a complex assembly of components ranging from basic HTML to scripting languages such as JavaScript or even generated on the fly by a language such as PHP, Perl, or Python. Much of this, however, is hidden away behind the convenience of a content management system (CMS) or an application framework. How well do you really know all the parts that make up your online presence?

How Hackers Consistently Gain Web Server Access

Posted in Behind the Code
December 9, 20217 min read

It is nothing new for hackers to try and keep consistent access on their victim web servers. There are a multitude of ways that this can be accomplished, however, there are two methods that we encounter the most:

Common HTAccess File Hacks

Posted in Behind the Code
November 11, 202110 min read

In our recent article on misleading timestamps, we discussed one of the more common hacks that are seen in .htaccess file, the use of FilesMatch tags to block access to certain file extensions or to allow access to a specific list of filenames. In this article, we are going to talk about some of the other .htaccess directives that we see in malicious files and provide some examples from actual hacks.

The Case Of Misleading Timestamps

Posted in Behind the Code
October 11, 20217 min read

Recently, we had an .htaccess file show up in the SiteLock research queue. This isn’t particularly unusual, as .htaccess files are one of the more common files that an attacker will change to allow access to files or redirect users. In this case, the .htaccess file contained the following code:

The Most Interesting Malware Of Them All

Posted in Behind the Code
September 9, 20211 min read

As analysts investigating malware on web hosting platforms, we see a lot of the same thing over and over again. Phishing kits, for example, all look the same after a while: a copy of a legitimate page with a PHP script that sends email or a telegram message to the kit owner. Credit card skimmers, similarly, all look the same after a while. So, it is always refreshing when you come across something uncommon.