Profile

Cover photo
Denis Sinegubko
Works at Unmask Parasites
524 followers|96,682 views
AboutPostsCollectionsPhotosVideos

Stream

Denis Sinegubko

Shared publicly  - 
 
 
We recently received a report from one our clients claiming that their website was experiencing a Distributed Denial of Service (DDoS) attack.
Our Website Firewall offers DDoS protection capable of mitigating very large-scale attacks and it is rare that we need to step in to help mitigate.
After a quick look, it was clear that no DDoS attack was occurring. Here's what we found: http://hubs.ly/H01-6yY0
When one of our clients reported an abnormal surge in traffic, our team investigated and found signs of fraudulent traffic from blackhat SEO networks.
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Using Drupal? There is a new maintenance release out, v. 7.42. Make sure you update. http://hubs.ly/H020K0H0
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
My new post about an ongoing infection of .js files in WordPress sites
 
We discovered a massive javascript infection on WordPress sites that uses encoded iFrames to deliver malware and reinfect websites: http://hubs.ly/H01_M5Z0
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
A good read about how Lloyd Sealy Library (the City University of New York) detected, investigated and removed spammy doorways from their site.

The most interesting part is how hackers verified the site in Google Search Console (using PHP tricks to hide the verification file) and requested a reconsideration request in hope that Google would remove the "this site may be hacked" label.

You can read more about how hackers verify sites in Google Search Console in my article here https://blog.sucuri.net/2015/09/malicious-google-search-console-verifications.html

#drupal #searchconsole #cloaking #reconsiderationrequest  
TL;DR: A hacker uploaded a fake JPG file containing PHP code that generated “invisible” spam blog posts on our website. To avoid this happening to you, block inactive accounts in Drupal and monitor Google Search Console reports. I noticed something odd on the library website the other day: a search of our site displayed a …
8
8
Rick Bucich's profile photoRose Webster's profile photoian Hobbs's profile photoChuck Croll's profile photo
 
Very interesting, got some of those seo spam hackers a while back, their methods are so confusing and it's not easy to find the backdoors
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Emails are a treasure trove of information, and as such we should all be spending a bit more time thinking of not only what we say, but how we keep what we say safe from prying eyes. http://hubs.ly/H01MP1j0
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
How to spot if your site has been hacked with your SEO tool! 
2 comments on original post
2
Add a comment...
Have him in circles
524 people
Jayakumar K's profile photo
jose colon's profile photo
Андрей Шестеров's profile photo
Robin Dale's profile photo
Colin McDermott's profile photo
jec nunez's profile photo
Matthew Shepherd's profile photo
Betty Baker's profile photo
Denys A Jaime's profile photo

Denis Sinegubko

Shared publicly  - 
 
 


"You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we’re expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads."

https://googleonlinesecurity.blogspot.com/2016/02/no-more-deceptive-download-buttons.html
2 comments on original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
WordPress 4.4.2 Security & Maintenance Release is now available, update ASAP! http://hubs.ly/H020cMN0 #WordPress
WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affec…
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
My new post about an ongoing infection of .js files in WordPress sites
 
We discovered a massive javascript infection on WordPress sites that uses encoded iFrames to deliver malware and reinfect websites: http://hubs.ly/H01_M5Z0
View original post
3
1
Patrick Domanico's profile photo
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Did you know that Google has a global team of 1,000+ people dedicated to fighting bad ads?
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Security Advisory - Stored XSS found in Magento core libraries, affecting all major versions of Magento.

Patch now or use a WAF to protect Magento from this dangerous vulnerability. 
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Stored XSS Patched Version: Magento CE: 1.9,2.3, Magento EE: 1.14.2.3 During regular research audits, we discovered a Stored XSS vulnerability affecting Magento. Vulnerability Disclosure Timeline: November 10th, 2015 – Bug discovered, initial report to Magento’s security team December 1st, 2015 – No response from Magento. Requested confirmation ofRead More
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
cPanel just released an update to address various security vulnerabilities. It is recommended that you update ASAP: http://hubs.ly/H01TrMh0
View original post
1
Add a comment...
Denis's Collections
People
Have him in circles
524 people
Jayakumar K's profile photo
jose colon's profile photo
Андрей Шестеров's profile photo
Robin Dale's profile photo
Colin McDermott's profile photo
jec nunez's profile photo
Matthew Shepherd's profile photo
Betty Baker's profile photo
Denys A Jaime's profile photo
Basic Information
Gender
Male
Work
Occupation
security researcher
Employment
  • Unmask Parasites
    Founder, 2008 - present
  • Sucuri, Inc.
    security researcher, 2013 - present
Links