Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Tags:
Through our experience as a part of the Foregenix forensic practice we are also aware of the issues that are consistently present in hacked eCommerce sites - one of those issues is that the login panel for administration of the sites is often left publicly and easily accessible, either through easy to guess URLs (like www.yoursite.com/admin) or unpatched vulnerabilities.
While this is not an immediate threat, an exposed and obvious administrative login panel can make it significantly easier for attackers to breach the site, especially if access controls are limited to username and password combinations alone. This situation allows for simple brute force attacks, signing in with compromised credentials/obtaining credentials, or in the case of unpatched systems, access by exploiting vulnerabilities. Even in cases where the admin login panel URL is complex and hard to guess, path disclosure vulnerabilities can be used to locate it.
In analysing the data in our latest report, we discovered that nearly 1,800 of the hacked sites we detected in the last scan had their admin login panel in the default location, making a brute force attack on these sites simple to execute and classing them as "low-hanging fruit" for criminals.
We recommend 3 steps to reduce risk of attack via the admin login:
If you are unsure about what your website's current risk exposure may look like, please use our ThreatView Community service - a free website security scanner incorporating all of our forensic experience and malware fingerprints.
You can get access here:
PrestaShop has recently issued a security alert warning store owners about a digital skimmer threat targeting their platform. If you're running a PrestaShop store, this is an important reminder to verify your site's security.
With growing numbers of clients hosting with WP Engine, we felt it may be useful to highlight how a WordPress eCommerce site security is handled by combining WP Engine and ThreatView.
TLDR: WP Engine gives you high-performance managed WordPress hosting. ThreatView Advanced makes sure your website stays secure.
It's Cyber Monday, following record-breaking Black Friday sales (according to Forbes magazine) and the Christmas rush is fast approaching - all with the backdrop of SessionReaper targeting Magento /Adobe Commerce sites and a significantly growing number of hacked sites worldwide.
As of this morning, we can see over 50,000 domains with indicators of compromise - with nearly 90% of the detected malware targeting eCommerce payment data.
