Website Hacked Report 2016 – Q1 | Sucuri

Another great insight from Sucuri on the state of CMS based site compromises and what platforms are affected the most.

As this blog runs on WordPress (the most commonly targeted and most popular) it highlights how import it is to stay protected and harden your site against attack. I have posted on this before and produced some guidelines to help secure WordPress based sites.

This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). It analyzes over 11k infected websites and shares statistics associated with:

  • Affected open-source CMS applications

  • Details on the WordPress platform

  • Malware families and their effects

Source: Website Hacked Report 2016 – Q1 | Sucuri

Continue Reading

 Upgrade Site Security with CloudFlare Origin CA

Really interesting development from CloudFlare on encrypting the webs connections. Takes their ‘Flexible SSL’ to the next level and beyond.

“Faster, more secure alternative to public CA certificates for your CloudFlare-fronted servers. Extraneous overhead removed to optimize performance.

With Origin CA, we questioned all aspects of certificate issuance and browser validation, from domain control validation (DCV) to path bundling and revocation checking. We asked ourselves what cruft public CAs would remove from certificates if they only needed to work with one browser, whose codebase they maintained? Questions such as “why bloat certificates with intermediate CAs when they only need to speak with our NGINX-based reverse proxy” and “why force customers to reconfigure their web or name server to pass DCV checks when they’ve already demonstrated control during zone onboarding?” helped shape our efforts.”

Source: CloudFlare Origin CA

Continue Reading