SiteCheck Remote Website Scanner: Mid-Year 2023 Report

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" /> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>  <title>SiteCheck Remote Website Scanner: Mid-Year 2023 Report | Sucuri</title> <meta name="description" content="Learn about the latest trends in website malware with Sucuri's SiteCheck 2023 Mid-Year Report. We summarize the most common malware detected on infected websites in the first half of the year, including SocGholish, Balada Injector, NDSW, SEO spam, and other prevalent website infections." /> <link rel="canonical" href="https://sucuri.net/reports/sitecheck-remote-website-scanner-mid-year-2023-report/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="SiteCheck Remote Website Scanner: Mid-Year 2023 Report" /> <meta property="og:description" content="Learn about the latest trends in website malware with Sucuri's SiteCheck 2023 Mid-Year Report. We summarize the most common malware detected on infected websites in the first half of the year, including SocGholish, Balada Injector, NDSW, SEO spam, and other prevalent website infections." /> <meta property="og:url" content="https://sucuri.net/reports/sitecheck-remote-website-scanner-mid-year-2023-report/" /> <meta property="og:site_name" content="Sucuri" /> <meta property="article:publisher" content="https://www.facebook.com/SucuriSecurity" /> <meta property="article:modified_time" content="2024-04-11T21:15:15+00:00" /> <meta property="og:image" content="https://sucuri.net/wp-content/uploads/2023/08/OG-SiteCheck-Mid-Year-Report-2023-2400x1261-1.jpg" /> <meta property="og:image:width" content="2400" /> <meta property="og:image:height" content="1261" /> <meta property="og:image:type" content="image/jpeg" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@sucurisecurity" /> <meta name="twitter:label1" content="Est. reading time" /> <meta name="twitter:data1" content="23 minutes" />  <link rel='dns-prefetch' href='//cdn.jsdelivr.net' /> <link rel="alternate" type="application/rss+xml" title="Sucuri » Feed" href="https://sucuri.net/feed/" /> <link rel="alternate" type="application/rss+xml" title="Sucuri » Comments Feed" href="https://sucuri.net/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/sucuri.net\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-components-css' href='https://sucuri.net/wp-includes/css/dist/components/style.min.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-preferences-css' href='https://sucuri.net/wp-includes/css/dist/preferences/style.min.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://sucuri.net/wp-includes/css/dist/block-editor/style.min.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://sucuri.net/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-patterns-css' href='https://sucuri.net/wp-includes/css/dist/patterns/style.min.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://sucuri.net/wp-includes/css/dist/editor/style.min.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuri_framework-cgb-style-css-css' href='https://sucuri.net/wp-content/mu-plugins/sucuri-framework/dist/blocks.style.build.css?ver=1645707241' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #fff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--green: #12A94B;--wp--preset--color--secondary-green: #41BA6E;--wp--preset--color--tertiary-green: #94D8AD;--wp--preset--color--blue: #2188AB;--wp--preset--color--secondary-blue: #6EB1C8;--wp--preset--color--tertiary-blue: #9AC9D8;--wp--preset--color--teal: #2D7A6D;--wp--preset--color--secondary-teal: #76A8A0;--wp--preset--color--tertiary-teal: A0C3BD;--wp--preset--color--darkblue: #0E406A;--wp--preset--color--secondary-darkblue: #61829D;--wp--preset--color--tertiary-dark-blue: #91A8BB;--wp--preset--color--red: #EA3232;--wp--preset--color--secondary-red: #F17070;--wp--preset--color--tertiary-red: #F5A2A2;--wp--preset--color--yellow: #F6DA23;--wp--preset--color--secondary-yellow: #F9E66F;--wp--preset--color--tertiary-yellow: #FAEE9B;--wp--preset--color--gray: #5D5D5D;--wp--preset--color--secondary-gray: #959595;--wp--preset--color--tertiary-gray: #B5B5B5;--wp--preset--color--form-gray: #D3D3D3;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='slick-css-css' href='https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuriwp-style-css' href='https://sucuri.net/wp-content/themes/sucuriwp/style.css?ver=6.7.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuriwp-theme-css' href='https://sucuri.net/wp-content/themes/sucuriwp/css/style.css?ver=1731466407' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-frontend-css' href='https://sucuri.net/wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1738771937' type='text/css' media='all' /> <link rel='stylesheet' id='widget-image-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.27.3' type='text/css' media='all' /> <link rel='stylesheet' id='widget-nav-menu-css' href='https://sucuri.net/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1738771937' type='text/css' media='all' /> <link rel='stylesheet' id='e-sticky-css' href='https://sucuri.net/wp-content/plugins/elementor-pro/assets/css/modules/sticky.min.css?ver=3.27.2' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-8778-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-8778.css?ver=1738771937' type='text/css' media='all' /> <link rel='stylesheet' id='widget-spacer-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-spacer.min.css?ver=3.27.3' type='text/css' media='all' /> <link rel='stylesheet' id='widget-menu-anchor-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-menu-anchor.min.css?ver=3.27.3' type='text/css' media='all' /> <link rel='stylesheet' id='widget-heading-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.27.3' type='text/css' media='all' /> <link rel='stylesheet' id='widget-text-editor-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.27.3' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10250-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10250.css?ver=1738774743' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10522-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10522.css?ver=1738771938' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10539-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10539.css?ver=1738771938' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-gf-local-opensans-css' href='https://sucuri.net/wp-content/uploads/elementor/google-fonts/css/opensans.css?ver=1738771945' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-gf-local-roboto-css' href='https://sucuri.net/wp-content/uploads/elementor/google-fonts/css/roboto.css?ver=1738771956' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-gf-local-titilliumweb-css' href='https://sucuri.net/wp-content/uploads/elementor/google-fonts/css/titilliumweb.css?ver=1738771957' type='text/css' media='all' /> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="https://api.w.org/" href="https://sucuri.net/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://sucuri.net/wp-json/wp/v2/reports/10250" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://sucuri.net/xmlrpc.php?rsd" /> <link rel='shortlink' href='https://sucuri.net/?p=10250' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://sucuri.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsucuri.net%2Freports%2Fsitecheck-remote-website-scanner-mid-year-2023-report%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://sucuri.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsucuri.net%2Freports%2Fsitecheck-remote-website-scanner-mid-year-2023-report%2F&format=xml" /> <script type='text/javascript'>/*<![CDATA[*/(function(n,d,c){d.setTime(d.getTime()+2592000000);c=(new RegExp('[?&]'+n+'=([^&#]*)','i')).exec(window.location.search);if(c=c?c[1]:null)document.cookie=n+'='+c+';expires='+d.toUTCString()+';domain=.sucuri.net;path=/';})('cjevent',new Date());/*]]>*/</script><script src="https://tags.tiqcdn.com/utag/gpl/sucuri/prod/utag.sync.js"></script> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-M6LV26K5');</script>  <script type="text/javascript"> (function(c,l,a,r,i,t,y){ c[a]=c[a]||function(){(c[a].q=c[a].q||[]).push(arguments)};t=l.createElement(r);t.async=1; t.src="https://www.clarity.ms/tag/"+i+"?ref=wordpress";y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y); })(window, document, "clarity", "script", "q4ab4uc7rl"); </script> <meta name="generator" content="performance-lab 3.8.0; plugins: "> <meta name="generator" content="Elementor 3.27.3; features: e_font_icon_svg, additional_custom_breakpoints, e_local_google_fonts; settings: css_print_method-external, google_font-enabled, font_display-swap"> <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style> <style> .e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } @media screen and (max-height: 1024px) { .e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } } @media screen and (max-height: 640px) { .e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } } </style> <link rel="icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-32x32.png" sizes="32x32" /> <link rel="icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-180x180.png" /> <meta name="msapplication-TileImage" content="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-270x270.png" /> <style type="text/css" id="wp-custom-css"> a{ color: #028673; } .sucuri-widget-hero-internal-revamp-section.parent .wrapper{ justify-content: flex-end; } p.priceText.spacerContentNeg { padding-top: 0px; } .btn-primary{ color: #fff; background-color: #028673; border-color: #028673; } .hero-nav{ z-index: 99 !important; } .cookie-policy-banner p { color: #028673 !important; } #no-underline p a{ text-decoration: none !important; } body, a:visited, p, select, textarea{ font-size: 16px; } .elementor-widget-text-editor ol, .elementor-widget-text-editor ul { margin-left: 0; padding-left: revert; } footer li a:hover{ color: #26ba9e !important; } .elementor-widget-text-editor .elementor-widget-container h1{ font-weight: 700 !important; font-size: 50px !important; line-height: 50px !important; margin-bottom: 50px !important; font-family: "Titillium Web", Sans-serif; } .elementor-widget-text-editor .elementor-widget-container h2{ font-weight: 700 !important; font-size: 25px !important; line-height: 25px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h3{ font-weight: 700 !important; font-size: 23px !important; line-height: 24px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h4{ font-weight: 700; font-size: 20px !important; line-height: 23px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h5{ font-weight: 700 !important; font-size: 18px !important; line-height: 23px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h6{ font-weight: 700 !important; font-size: 16px !important; line-height: 23px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides .elementor-widget-container h1{ font-weight: 700 !important; font-size: 64px !important; line-height: 64px !important; margin-bottom: 100px !important; font-family: "Titillium Web", Sans-serif; } .guides-template-default.single.single-guides .elementor-widget-container h2{ font-weight: 700 !important; font-size: 50px !important; line-height: 1 !important; margin-top: 50px !important; margin-bottom: 15px !important; font-family: "Titillium Web", Sans-serif; } .guides-template-default.single.single-guides .archive .elementor-widget-container h2{ margin-bottom: 25px !important; } .guides-template-default.single.single-guides .elementor-widget-container h3{ font-weight: 600 !important; font-size: 25px !important; line-height: 25px !important; margin-top: 30px !important; margin-bottom: 10px !important; } .guides-template-default.single.single-guides .elementor-widget-container h4{ font-weight: 500; font-size: 20px; line-height: 24px; margin-top: 25px; } .guides-template-default.single.single-guides .elementor-widget-container h5{ font-weight: 500 !important; font-size: 18px !important; line-height: 23px !important; margin-top: 20px !important; } .guides-template-default.single.single-guides .elementor-widget-container h6{ font-weight: 500 !important; font-size: 16px !important; line-height: 23px !important; margin-top: 15px !important; } .header-b .top-nav-wrapper .nav-bar.ua-lg .u-attack { background-color: #028673; } /*custom css*/ /*hero nav in double line when screen is small*/ .hero-nav__list{ flex-wrap: nowrap } .sucuri-widget-sub-nav.fixed{ top:90px !important; } .responsive-table{ overflow-x: auto; } .table_breakdown{ width: unset; min-width: 1080px; } .home .hero-nav{ top: 90px !important; } .sucuri-widget-table-content .linkContainer{ height: auto !important; } /* .guides-template-default.single.single-guides h1{ font-family: "Titillium Web" !important; font-size: 64px !important; font-weight: 700; margin-bottom: 100px !important; } .guides-template-default.single.single-guides h2{ font-family: "Titillium Web" !important; font-weight: 700 !important; font-size: 25px !important; line-height: 25px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides h3{ font-family: "Open Sans" !important; font-weight: 700 !important; font-size: 23px !important; line-height: 24px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides h4{ font-family: "Open Sans" !important; font-size: 22px !important; font-weight: 700 !important; margin-bottom: 30px !important; } .guides-template-default.single.single-guides h5{ font-family: "Open Sans" !important; font-size: 21px !important; font-weight: 700 !important; margin-bottom: 20px !important; } .guides-template-default.single.single-guides h6{ font-family: "Open Sans" !important; font-size: 18px !important; font-weight: 400 !important; margin-bottom: 20px !important; } */ .hero-nav__list { padding-left: 10px; } @media (min-width: 1200px){ .v2-subnav { height: auto; } } .v2-subnav { height: auto !important; } .sucuri-widget-sub-nav.fixed{ z-index: 1 !important; } .sucuri-widget-sub-nav ul li a{ font-size: 12px; } .sucuri-widget-card-plans .card-plans-container .card-plans-list #card-plans-list-single.background-important .card-plans-single .absolute-footer .card-sub-button p a{ color: #fff; } .sucuri-widget-brands-banner .sucuri-widget-brands-banner-internal .imgContainer.fiveRow{ padding-left:20px; padding-right:20px; } .sucuri-widget-faq-content h2{ font-weight: 700 !important; } /* chat bubble colors */ .chat-widget-wrapper .phone-banner { background-color: #26ba9e; } .chat-widget-wrapper .chat-widget-container { background-color: #028673; } .chat-widget-wrapper .chat-widget-container .chat-widget-avatar { background-color: #26ba9e; border: 4px solid #26ba9e; } /* footer custom css */ @media (min-width: 1400px) { footer .container { max-width: 1140px; padding: 0; } } .footer-b hr { width: 97%; display: block; margin: 0 auto; margin-top: 3rem; margin-bottom: 1rem; } /* custom css for hero nav menu list */ @media(min-width: 992px){ .header-b .top-nav-wrapper .nav-bar.pro-sol{ margin-left: 3rem; } } @media(min-width: 1400px){ .hero-nav__list{ max-width: 1300px; } .sucuri-widget-sub-nav ul{ max-width: 1300px; } } @media(min-width: 1920px){ .hero-nav__list{ max-width: 1140px; } .sucuri-widget-sub-nav ul{ max-width: 1300px !important; } } .v2-subnav .hero-nav__item a{ padding-left: 5px; padding-right: 10px; font-size: 10px; font-weight: 400; } .sucuri-widget-sub-nav ul li a{ font-weight: 400; font-size: 10px !important; padding-right:30px; } @media(min-width: 992px){ .v2-subnav .hero-nav__item a{ padding-left: 20px; } } @media(min-width: 1440px){ .v2-subnav .hero-nav__item a{ padding-left: 20px; padding-right: 20px; font-size: 12px; } .sucuri-widget-sub-nav ul li a{ font-size: 12px !important; } } @media(min-width: 1920px){ .v2-subnav .hero-nav__item a{ padding-left: 0px; } .sucuri-widget-sub-nav ul li a{ padding-left: 0 !important; } } /* custom css for nav content */ .elementor-widget.elementor-widget-text-editor a{ text-decoration: none !important; } .elementor-widget.elementor-widget-text-editor h4{ font-weight: 700; } .sucuri-widget-nav-content ul li a{ padding: 20px 12px !important; font-size: 14px; } /* cards */ .archive.post-type-archive .elementor-post__card .elementor-post__title{ font-size: 20px !important; } .archive.post-type-archive .elementor-post__card .elementor-post__title{ margin-top: 0px !important; } .archive.post-type-archive .elementor-post__card .elementor-post__title a{ font-size: 20px !important; line-height: 1.4 !important; } /* FAQ CONTENT */ .sucuri-widget-faq-content .faq-content-single p span{ display:block; padding-left:20px; } .sucuri-widget-faq-content .faq-content-single p span:first-child{ padding-top:10px } .sucuri-widget-faq-content .faq-content-single > ul > li input[type=checkbox]{ height: auto !important; } .sucuri-widget-faq-content .faq-content-single h4{ font-size: 18px !important; margin-top: 0px !important; margin-bottom: 0px !important; font-weight: 700 !important; } pre code{ padding: 0px; } article.post{ box-shadow: 0 0 10px 0 rgba(0,0,0,.15); border-radius: 8px; overflow: hidden; } article.post .post-content{ padding: 20px; } article.post .post-content .post-title{ color: #028673; font-family: "Titillium Web", Sans-serif; font-size: 20px; font-weight: 700; } .container-grid-layout{ display: flex; grid-template-columns: repeat(3, 1fr); grid-template-rows: repeat(auto-fit, minmax(200px, 1fr)); grid-auto-rows: 200px; grid-auto-flow: row dense; grid-gap: 14px; /* padding: 10px; */ box-sizing: border-box; padding-right: 15px; grid-template-rows: 160px 170px 0px; flex-direction: column; } .container-grid-layout .frame-1x1{ grid-column: span 1; grid-row: span 1; } .container-grid-layout .frame-1x2{ grid-column: span 1; grid-row: span 2; } .container-grid-layout .frame-2x1 { grid-column: span 2; grid-row: span 2; } @media(min-width: 768px){ .container-grid-layout{ display: grid; grid-template-columns: repeat(3, 1fr); grid-template-rows: repeat(auto-fit, minmax(200px, 1fr)); grid-auto-rows:200px; grid-auto-flow:row dense; grid-gap: 14px; /* padding: 10px; */ box-sizing:border-box; padding-right: 15px; grid-template-rows: 107px 113px 0px; flex-direction: column; } } @media(min-width: 992px){ .container-grid-layout{ grid-template-rows: 145px 145px 0px; } } @media(min-width: 1440px){ .container-grid-layout{ grid-template-rows: 160px 170px 0px; } } .container-grid-third{ display: flex; grid-template-columns: 1fr; place-items: start; padding: 0px; padding-right: 10px; grid-template-columns: 1fr 1fr 1fr; grid-gap: 8px; margin-bottom: 10px; flex-direction: column; flex-wrap: nowrap; align-content: center; } .container-grid-third .post{ width: calc(100% - 5px); position: relative; height: 0; width: calc(100% - 5px); position: relative; background-repeat: no-repeat; background-position: 50% 50%; background-size: cover; display: flex; flex-direction: column; justify-content: space-between; } .container-grid-third .frame-1x1{ padding-bottom: calc(48% - 5px); grid-row: span 2 / auto; } .container-grid-third .frame-1x2{ padding-bottom: calc(130% - 5px); grid-row: span 3 / auto; } @media(min-width: 768px){ .container-grid-third{ display: grid; grid-template-columns: 1fr; place-items: start; padding: 0px; padding-right: 10px; grid-template-columns: 1fr 1fr 1fr; grid-gap: 8px; margin-bottom: 10px; } .container-grid-third .frame-1x1{ padding-bottom: calc(48% - 5px); } .container-grid-third .frame-1x2{ padding-bottom: calc(250% - 5px); } } @media(min-width: 992px){ .container-grid-third .frame-1x2{ padding-bottom: calc(165% - 5px); } } @media(min-width: 1440px){ .container-grid-third .frame-1x2{ padding-bottom: calc(135% - 5px); } } .shortcodes-custom-container .box{ display: none; } .container-ad{ box-shadow: 0 0 10px 0 rgba(0,0,0,.15); border-radius: 8px; grid-column: span 1; grid-row: span 2; display: flex; flex-direction: column; flex-wrap: nowrap; align-items: center; justify-content: center; background-image: url('https://sucuri.net/wp-content/uploads/2023/07/23-sucuri-content-hub-we-are-here-to-help-bg.png'); background-position: center; background-repeat: no-repeat; background-size: cover; } .container-ad p{ margin-bottom: 0px !important; } .container-ad h2{ margin-top: 0px !important; font-family: "Titillium Web"; font-size: 50px; line-height: 1.2; } .container-ad h2, .container-ad p, .container-ad .link{ text-align: center; color: white; font-weight: 700; } .container-ad .btn{ background: #028673; color: white; margin: 0px 0 20px 0; } .elementor-widget-text-editor strong span { text-decoration: none !important; } select#post-filter-select { padding: 5px 10px; border: 1px solid #F0F1F2; box-shadow: 0 0 10px 0 rgba(0,0,0,.15); min-width: 180px; margin-right: 40px; border-radius: 7px; border-right: 10px solid transparent; } .custom-post-filter a{ background-color: #4F6CB5; color: white; padding: 7.5px 25px; border-radius: 7px; font-size: 16px; font-weight: 500; } .container-grid-third.second-option .frame-1x1{ padding-bottom: calc(82% - 5px); } /* faq section */ .sucuri-widget-faq-content .faq-content-single h4{ margin-top: 0px !important; } .sucuri-widget-faq-content-advanced .faq-content-single h4{ margin-top: 0px !important; } .sucuri-widget-faq-content-advanced .faq-content-single > ul > li input[type=checkbox]:checked ~ h4{ margin-top: 0px !important; } .sucuri-widget-faq-content h2{ margin-bottom: 50px !important; } .sucuri-widget-faq-content-advanced h4{ font-size: 25px; } /* table sign up */ .sucuri-widget-new-card-plans .sucuri-widget-platform-static-cards-widget .dropdown-content-table ul li:nth-child(2n+1) table tbody tr td svg{ max-width: 20px; } svg.e-font-icon-svg.e-fas-check-circle{ fill: #028673; } svg.e-font-icon-svg.e-fas-circle { fill: #f2f5f5; } .sucuri-widget-new-card-plans .sucuri-widget-platform-static-cards-widget .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } .sucuri-widget-platform-static .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } .sucuri-widget-platform-dropdown .platform-dropdown-single .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } /* end table sign up */ .sucuri-widget-sub-nav.fixed{ z-index: 98 !important; } .sucuri-widget-hero-revamp-section.parent .wrapper .div2 img{ max-width: 480px; } .sucuri-widget-hero-revamp-section.parent .wrapper .div2{ margin: 0 auto; } @media(min-width: 1440px){ .sucuri-table-plans-security-three-revamp .sucuri-widget-platform-static-cards-widget .dropdown-content-table .shadow { position: absolute; top: 7px; width: 1044px; right: 20px; } } @keyframes marquee { 0% { transform: translateX(0); } 100% { transform: translateX(-50%); } } .marquee { overflow: hidden; background-color: #00BB9F; height: 31px; display: flex; align-items: center; position: relative; } .marquee-content { display: flex; width: max-content; animation: marquee 50s linear infinite; } .marquee-content div { white-space: nowrap; display: flex; align-items: center; margin-right: 20px; /* Extra Styling */ font-size: 17px; font-family: 'Titilium Web', Helvetica, Arial, sans-serif; font-weight: 500; color: #02141B; } .marquee-content div span { font-weight: 700; margin:0 4px; } #header-container .login-drop-down{ top: 50px !important; } </style> </head> <body class="reports-template-default single single-reports postid-10250 single-format-standard wp-custom-logo elementor-default elementor-kit-8778 elementor-page elementor-page-10250"> <script type="text/javascript">(function(a,b,c,d){a='//tags.tiqcdn.com/utag/gpl/sucuri/prod/utag.js';b=document;c='script';d=b.createElement(c);d.src=a;d.type='text/java'+c;d.async=true;a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a)})();</script> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M6LV26K5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div data-elementor-type="header" data-elementor-id="10522" class="elementor elementor-10522 elementor-location-header" data-elementor-post-type="elementor_library"> <section class="elementor-section elementor-top-section elementor-element elementor-element-5dd7eb5 elementor-section-height-min-height elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-items-middle" data-id="5dd7eb5" data-element_type="section" id="header-container" data-settings="{"background_background":"classic","sticky":"top","sticky_on":["desktop","tablet_extra","tablet","mobile"],"sticky_offset":0,"sticky_effects_offset":0,"sticky_anchor_link_offset":0}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-ff5a8e8" data-id="ff5a8e8" data-element_type="column" id="menu-column-one"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-b873b2a elementor-widget elementor-widget-theme-site-logo elementor-widget-image" data-id="b873b2a" data-element_type="widget" data-widget_type="theme-site-logo.default"> <a href="https://sucuri.net"> <img src="https://sucuri.net/wp-content/uploads/elementor/thumbs/Sucuri-Logo-qio221wlg9vvaaewra0jqjt8rf04jyn1vtdestgfmi.png" title="Sucuri Logo" alt="Sucuri" loading="lazy" /> </a> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-42d43ff" data-id="42d43ff" data-element_type="column" id="menu-column-two"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c6a03bd elementor-nav-menu__align-start elementor-nav-menu__text-align-center elementor-nav-menu--stretch elementor-widget-tablet__width-initial elementor-nav-menu--dropdown-tablet_extra elementor-nav-menu--toggle elementor-nav-menu--burger elementor-widget elementor-widget-nav-menu" data-id="c6a03bd" data-element_type="widget" id="header-main-menu" data-settings="{"submenu_icon":{"value":"<svg class=\"fa-svg-chevron-down e-font-icon-svg e-fas-chevron-down\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M207.029 381.476L12.686 187.132c-9.373-9.373-9.373-24.569 0-33.941l22.667-22.667c9.357-9.357 24.522-9.375 33.901-.04L224 284.505l154.745-154.021c9.379-9.335 24.544-9.317 33.901.04l22.667 22.667c9.373 9.373 9.373 24.569 0 33.941L240.971 381.476c-9.373 9.372-24.569 9.372-33.942 0z\"><\/path><\/svg>","library":"fa-solid"},"full_width":"stretch","layout":"horizontal","toggle":"burger"}" data-widget_type="nav-menu.default"> <nav aria-label="Menu" class="elementor-nav-menu--main elementor-nav-menu__container elementor-nav-menu--layout-horizontal e--pointer-none"> <ul id="menu-1-c6a03bd" class="elementor-nav-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10468"><a href="https://sucuri.net/website-security/" class="elementor-item">Products</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10591"><a href="https://sucuri.net/website-security-platform/" class="elementor-sub-item">Website Security Platform</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10473"><a href="https://sucuri.net/website-firewall/" class="elementor-sub-item">Website Firewall</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10474"><a href="https://sucuri.net/custom/agency/" class="elementor-sub-item">Agency Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10589"><a href="https://sucuri.net/custom/enterprise/" class="elementor-sub-item">Custom & Enterprise Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10590"><a href="https://sucuri.net/partners/" class="elementor-sub-item">Partnerships</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10764"><a href="https://sucuri.net/developers/" class="elementor-sub-item">Junior Dev</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10530"><a href="#" class="elementor-item elementor-item-anchor">Features</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10592"><a href="https://sucuri.net/malware-detection-scanning/" class="elementor-sub-item">Detection<small>Website Monitoring & Alerts</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10593"><a href="https://sucuri.net/intrusion-detection-system/" class="elementor-sub-item">Protection<small>Future Website Hacks</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10594"><a href="https://sucuri.net/website-performance/" class="elementor-sub-item">Performance<small>Speed Up Your Website</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10595"><a href="https://sucuri.net/website-malware-removal/" class="elementor-sub-item">Response<small>Help For Hacked Websites</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10596"><a href="https://sucuri.net/website-backups/" class="elementor-sub-item">Backups<small>Disaster Recovery Plan</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10597"><a href="https://sucuri.net/ecommerce-website-security/" class="elementor-sub-item">Ecommerce<small>Security For Online Stores</small></a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10531"><a href="#" class="elementor-item elementor-item-anchor">Resources</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10598"><a href="https://sucuri.net/guides/" class="elementor-sub-item">Guides</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10599"><a href="https://sucuri.net/webinars/" class="elementor-sub-item">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10600"><a href="https://sucuri.net/infographics/" class="elementor-sub-item">Infographics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10601"><a href="https://blog.sucuri.net/" class="elementor-sub-item">Blog</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10602"><a href="https://sitecheck.sucuri.net/" class="elementor-sub-item">SiteCheck</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10603"><a href="https://sucuri.net/reports/" class="elementor-sub-item">Reports</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10604"><a href="https://sucuri.net/email-courses/" class="elementor-sub-item">Email Courses</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-11216"><a href="https://sucuri.net/ebooks/" class="elementor-sub-item">Ebooks</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10605"><a href="https://sucuri.net/technical-hub/" class="elementor-sub-item">Technical Hub</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10532"><a href="https://sucuri.net/website-security-platform/signup/" class="elementor-item">Pricing</a></li> </ul> </nav> <div class="elementor-menu-toggle" role="button" tabindex="0" aria-label="Menu Toggle" aria-expanded="false"> <svg aria-hidden="true" role="presentation" class="elementor-menu-toggle__icon--open e-font-icon-svg e-eicon-menu-bar" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M104 333H896C929 333 958 304 958 271S929 208 896 208H104C71 208 42 237 42 271S71 333 104 333ZM104 583H896C929 583 958 554 958 521S929 458 896 458H104C71 458 42 487 42 521S71 583 104 583ZM104 833H896C929 833 958 804 958 771S929 708 896 708H104C71 708 42 737 42 771S71 833 104 833Z"></path></svg><svg aria-hidden="true" role="presentation" class="elementor-menu-toggle__icon--close e-font-icon-svg e-eicon-close" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M742 167L500 408 258 167C246 154 233 150 217 150 196 150 179 158 167 167 154 179 150 196 150 212 150 229 154 242 171 254L408 500 167 742C138 771 138 800 167 829 196 858 225 858 254 829L496 587 738 829C750 842 767 846 783 846 800 846 817 842 829 829 842 817 846 804 846 783 846 767 842 750 829 737L588 500 833 258C863 229 863 200 833 171 804 137 775 137 742 167Z"></path></svg> </div> <nav class="elementor-nav-menu--dropdown elementor-nav-menu__container" aria-hidden="true"> <ul id="menu-2-c6a03bd" class="elementor-nav-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10468"><a href="https://sucuri.net/website-security/" class="elementor-item" tabindex="-1">Products</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10591"><a href="https://sucuri.net/website-security-platform/" class="elementor-sub-item" tabindex="-1">Website Security Platform</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10473"><a href="https://sucuri.net/website-firewall/" class="elementor-sub-item" tabindex="-1">Website Firewall</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10474"><a href="https://sucuri.net/custom/agency/" class="elementor-sub-item" tabindex="-1">Agency Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10589"><a href="https://sucuri.net/custom/enterprise/" class="elementor-sub-item" tabindex="-1">Custom & Enterprise Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10590"><a href="https://sucuri.net/partners/" class="elementor-sub-item" tabindex="-1">Partnerships</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10764"><a href="https://sucuri.net/developers/" class="elementor-sub-item" tabindex="-1">Junior Dev</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10530"><a href="#" class="elementor-item elementor-item-anchor" tabindex="-1">Features</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10592"><a href="https://sucuri.net/malware-detection-scanning/" class="elementor-sub-item" tabindex="-1">Detection<small>Website Monitoring & Alerts</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10593"><a href="https://sucuri.net/intrusion-detection-system/" class="elementor-sub-item" tabindex="-1">Protection<small>Future Website Hacks</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10594"><a href="https://sucuri.net/website-performance/" class="elementor-sub-item" tabindex="-1">Performance<small>Speed Up Your Website</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10595"><a href="https://sucuri.net/website-malware-removal/" class="elementor-sub-item" tabindex="-1">Response<small>Help For Hacked Websites</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10596"><a href="https://sucuri.net/website-backups/" class="elementor-sub-item" tabindex="-1">Backups<small>Disaster Recovery Plan</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10597"><a href="https://sucuri.net/ecommerce-website-security/" class="elementor-sub-item" tabindex="-1">Ecommerce<small>Security For Online Stores</small></a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10531"><a href="#" class="elementor-item elementor-item-anchor" tabindex="-1">Resources</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10598"><a href="https://sucuri.net/guides/" class="elementor-sub-item" tabindex="-1">Guides</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10599"><a href="https://sucuri.net/webinars/" class="elementor-sub-item" tabindex="-1">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10600"><a href="https://sucuri.net/infographics/" class="elementor-sub-item" tabindex="-1">Infographics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10601"><a href="https://blog.sucuri.net/" class="elementor-sub-item" tabindex="-1">Blog</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10602"><a href="https://sitecheck.sucuri.net/" class="elementor-sub-item" tabindex="-1">SiteCheck</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10603"><a href="https://sucuri.net/reports/" class="elementor-sub-item" tabindex="-1">Reports</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10604"><a href="https://sucuri.net/email-courses/" class="elementor-sub-item" tabindex="-1">Email Courses</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-11216"><a href="https://sucuri.net/ebooks/" class="elementor-sub-item" tabindex="-1">Ebooks</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10605"><a href="https://sucuri.net/technical-hub/" class="elementor-sub-item" tabindex="-1">Technical Hub</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10532"><a href="https://sucuri.net/website-security-platform/signup/" class="elementor-item" tabindex="-1">Pricing</a></li> </ul> </nav> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-75d4b41 elementor-hidden-mobile" data-id="75d4b41" data-element_type="column" id="menu-column-three"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-aa77472 elementor-widget__width-initial elementor-widget-tablet__width-initial elementor-widget elementor-widget-html" data-id="aa77472" data-element_type="widget" data-widget_type="html.default"> <div class="float-right-next"> <div class="nav-bar ua-lg"> <ul class="nav"> <li> <a href="/website-security-platform/help-now/" class="mp-under-attack-button u-attack auto-track" data-gatrack="Button_Click, Top_Nav_Under_Attack">Immediate Help</a> </li> </ul> </div> <div class="nav-bar plt"> <div class="login"> <a href="https://dashboard.sucuri.net/login/" class="login mp-login-btn auto-track" data-gatrack="Button_Click, Top_Nav_Login">Login</a> <svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M16 17.667C18.7614 17.667 21 15.4284 21 12.667C21 9.90557 18.7614 7.66699 16 7.66699C13.2386 7.66699 11 9.90557 11 12.667C11 15.4284 13.2386 17.667 16 17.667Z" stroke="white" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> <path d="M24.3333 24.3332C24.3333 20.6498 20.6016 17.6665 16 17.6665C11.3983 17.6665 7.66663 20.6498 7.66663 24.3332" stroke="white" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> <path d="M26 1H6C3.23858 1 1 3.23858 1 6V26C1 28.7614 3.23858 31 6 31H26C28.7614 31 31 28.7614 31 26V6C31 3.23858 28.7614 1 26 1Z" stroke="#38B299" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> </svg> <div class="login-drop-down inner-nav-bar"> <i class="pointer"></i> <div class="login-container"> <a href="https://dashboard.sucuri.net/login" class="login-btn" data-gatrack="Button_Click, Top_Nav_Login">Login</a> <div class="sign-up"> <p>New Customer? </p> <a href="/website-security-platform/signup/" style="padding: 0px">Sign up now.</a> </div> <ul> <li><a href="https://support.sucuri.net/support/?new" class="login-link">Submit a ticket</a></li> <li><a href="https://docs.sucuri.net/" class="login-link">Knowledge base</a></li> <li><a href="/live-chat/" class="login-link">Chat now</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div> <div id="primary" class="content-area"> <main id="main" class="site-main"> <div data-elementor-type="wp-post" data-elementor-id="10250" class="elementor elementor-10250" data-elementor-post-type="reports"> <section class="elementor-section elementor-top-section elementor-element elementor-element-6079995b elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="6079995b" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f60de26" data-id="1f60de26" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-b87deb7 elementor-widget elementor-widget-spacer" data-id="b87deb7" data-element_type="widget" data-widget_type="spacer.default"> <div class="elementor-spacer"> <div class="elementor-spacer-inner"></div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-63f8f1b4 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="63f8f1b4" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c5f8619" data-id="c5f8619" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-6fceeb8d elementor-widget elementor-widget-hero_section" data-id="6fceeb8d" data-element_type="widget" data-widget_type="hero_section.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-hero-section parent"> <div class="wrapper right layout-1"> <div class="div1"> <div class="title"> <h1></br>SiteCheck Website Malware Trends: </br> Mid-Year 2023 Report</h1> </div> <div class="content content-spacing"> </div> <div class="buttons"> <a target="_blank" data-gatrack="" href="https://sucuri.net/wp-content/uploads/2023/08/SiteCheck-2023-Mid-Year-Report.pdf" class="button2 auto-track"> Download Report PDF </a> </div> </div> <div class="div2"> <div class="image"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/2023/08/OG-SiteCheck-Mid-Year-Report-2023-2400x1261-1.jpg" alt="OG - SiteCheck Mid-Year Report 2023-2400x1261"> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-2e88476e elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="2e88476e" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7abb3616" data-id="7abb3616" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-37583eb3 elementor-widget elementor-widget-nav_content_section" data-id="37583eb3" data-element_type="widget" data-widget_type="nav_content_section.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-nav-content parent"> <ul> <li><a class="title" href="#summary">Summary</a></li> <li><a class="title" href="#website-malware">Website Malware Infections</a></li> <li><a class="title" href="#blocklisting">Blocklisting</a></li> <li><a class="title" href="#hardening">Hardening Recommendations</a></li> <li><a class="title" href="#tl-dr">TL;DR</a></li> <li><a class="title" href="#credits">Credits</a></li> </ul> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-4a227870 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="4a227870" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6eadb47a" data-id="6eadb47a" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-6f775e8a elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="6f775e8a" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-5848e369" data-id="5848e369" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3639d531 elementor-widget elementor-widget-menu-anchor" data-id="3639d531" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-menu-anchor" id="summary"></div> </div> <div class="elementor-element elementor-element-440868f8 elementor-widget elementor-widget-heading" data-id="440868f8" data-element_type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Summary</h2> </div> <div class="elementor-element elementor-element-7e3b2e49 elementor-widget elementor-widget-text-editor" data-id="7e3b2e49" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues.</span></p><p><span style="font-weight: 400;">While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications.</span></p><p><span style="font-weight: 400;">Our free SiteCheck </span><strong><a href="https://sitecheck.sucuri.net/">remote website scanner</a></strong><span style="font-weight: 400;"> provides immediate insights about malware infections, blocklisting, website anomalies, and errors for millions of webmasters every month.</span></p><p><span style="font-weight: 400;">In this report, we’ll be analyzing data from the first half of the year to identify the most common malware infections found by SiteCheck. We’ll also provide examples to help webmasters understand how to identify malware in their own environments.</span></p> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-5e27fae3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="5e27fae3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-75c1243e" data-id="75c1243e" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-2557c26a elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="2557c26a" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-15a165a9" data-id="15a165a9" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-46a970e2 elementor-widget elementor-widget-menu-anchor" data-id="46a970e2" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-menu-anchor" id="website-malware"></div> </div> <div class="elementor-element elementor-element-20ccda0c elementor-widget elementor-widget-heading" data-id="20ccda0c" data-element_type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Website Malware Infections</h2> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-a0ae7e4 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="a0ae7e4" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fd2e082" data-id="fd2e082" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-16e204c1 elementor-widget elementor-widget-text-editor" data-id="16e204c1" data-element_type="widget" data-widget_type="text-editor.default"> <p>In the first half of 2023, SiteCheck scanned a total of <strong>54,743,804</strong> websites. From this number we detected <strong>628,085</strong> infected sites, while another <strong>851,164</strong> sites were found to contain<strong> <a href="#blocklisting">blocklisted resources</a></strong><span style="font-weight: 400;">. </span></p><p><span style="font-weight: 400;">Website infections can occur for a multitude of reasons. But most often, they’re the result of an attacker exploiting a vulnerable website for its valuable resources — credit card information, traffic, SEO, or even server resources. </span></p><p><span style="font-weight: 400;">We analyzed the most common signatures to pinpoint which types of malware were frequently detected on compromised systems. Injected malware and redirects were the most common infection in our remote scan data, followed by SEO Spam. </span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-df48c52 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="df48c52" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e87a235" data-id="e87a235" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-6f3230b elementor-widget elementor-widget-image" data-id="6f3230b" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/01-Malware-Family-Distribution1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="01 - Malware Family Distribution1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMTQsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDEtTWFsd2FyZS1GYW1pbHktRGlzdHJpYnV0aW9uMS41LmpwZyJ9"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/01-Malware-Family-Distribution1.5-qamq4erdt4a383evkdzn8889nh9bscsf94arn6zi0w.jpg" title="01 – Malware Family Distribution1.5" alt="SiteCheck Mid-Year Malware Family Distribution" loading="lazy" /> </a> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-df510b3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="df510b3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8e9e361" data-id="8e9e361" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-8090c95 elementor-widget elementor-widget-text-editor" data-id="8090c95" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">An overlap in distribution percentages exist, as hacked websites are often infected with more than one type of malware. </span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-d43f779 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="d43f779" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9a3b459" data-id="9a3b459" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-335f28b elementor-widget elementor-widget-heading" data-id="335f28b" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Malware & Redirects</h3> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-650d8ca elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="650d8ca" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-388d223" data-id="388d223" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-2da2560 elementor-widget elementor-widget-text-editor" data-id="2da2560" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">A total of </span><b>388,388 </b><span style="font-weight: 400;">sites were detected with injected malware and redirects, accounting for </span><b>61.84%</b><span style="font-weight: 400;"> of website infections detected by SiteCheck in the first half of 2023.</span></p><p><span style="font-weight: 400;">Malware injections are defined as malicious external script injections, iframes, inline scripts – and exclude any detections already flagged as SEO spam. They are typically found injected into JavaScript files or nestled within a site’s HTML code. </span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-51f6358 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="51f6358" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-13bec72" data-id="13bec72" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a6c65f1 elementor-widget elementor-widget-heading" data-id="a6c65f1" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">SocGholish</h4> </div> <div class="elementor-element elementor-element-5d07dd5 elementor-widget elementor-widget-text-editor" data-id="5d07dd5" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">One malware injection of significant note was </span><a href="https://blog.sucuri.net/2022/08/socgholish-5-years-of-massive-website-infections.html"><span style="font-weight: 400;"><strong>SocGholish</strong></span></a><span style="font-weight: 400;">, which accounted for over </span><b>17.66%</b><span style="font-weight: 400;"> of injections in the first half of 2023. In addition to script injections, a total of </span><b>15,172</b><span style="font-weight: 400;"> websites were found to contain external script tags pointing to known SocGholish domains.</span></p> <p>This malware is responsible for redirecting site visitors to malicious pages designed to trick victims into installing fake browser updates. JavaScript is used to display notices in the victim’s web browser and initiate a download for remote access trojans, allowing the attacker to gain full access and remotely control the victim’s computer including mouse and keyboard, file access, and network resources. SocGholish is also known to be the first stage in ransomware attacks against large corporations. </p> <p>In 2023, several distinct website malware campaigns were known to serve SocGholish malware:</p> </div> <div class="elementor-element elementor-element-7167a4e elementor-widget elementor-widget-image" data-id="7167a4e" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/04-SocGholish-Variants1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="04 - SocGholish Variants1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMTUsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDQtU29jR2hvbGlzaC1WYXJpYW50czEuNS5qcGcifQ%3D%3D"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/04-SocGholish-Variants1.5-qamq6yvkevs6tvp2mht30kzfv8naqoy49s8cob6x0c.jpg" title="04 – SocGholish Variants1.5" alt="SiteCheck Mid-Year SocGholish Variant Distribution Graph" loading="lazy" /> </a> </div> <div class="elementor-element elementor-element-de498d0 elementor-widget elementor-widget-text-editor" data-id="de498d0" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">In some cases, our remote scanner found more than one type of SocGholish infection on the same site.</span></p> </div> <div class="elementor-element elementor-element-03cc5d6 elementor-widget elementor-widget-heading" data-id="03cc5d6" data-element_type="widget" data-widget_type="heading.default"> <h5 class="elementor-heading-title elementor-size-default">NDSW Malware</h5> </div> <div class="elementor-element elementor-element-a9b091c elementor-widget elementor-widget-text-editor" data-id="a9b091c" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The </span><a href="https://blog.sucuri.net/2022/06/analysis-massive-ndsw-ndsx-malware-campaign.html"><span style="font-weight: 400;"><strong>ongoing NDSW/NDSX malware campaign</strong></span></a><span style="font-weight: 400;"> — the most prevalent variant of SocGolish — accounted for </span><b>54,185</b><span style="font-weight: 400;"> detections in the first half of 2023.</span></p><p><span style="font-weight: 400;">What differentiates NDSW from so-called “vanilla” SocGholish code is that the malware references an NDSW (or NDSJ) variable and contains a custom wrapper used to dynamically serve the malicious injection through a PHP proxy. </span></p> </div> <div class="elementor-element elementor-element-5b0a7bb elementor-widget elementor-widget-image" data-id="5b0a7bb" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/reports_code_1.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="reports_code_1" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNTEsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0c19jb2RlXzEucG5nIn0%3D"> <img fetchpriority="high" decoding="async" width="640" height="495" src="https://sucuri.net/wp-content/uploads/2023/07/reports_code_1-768x594.png" class="attachment-medium_large size-medium_large wp-image-10251" alt="vanilla socgholish uses custom wrapper used to dynamically serve the malicious injection through a PHP proxy" srcset="https://sucuri.net/wp-content/uploads/2023/07/reports_code_1-768x594.png 768w, https://sucuri.net/wp-content/uploads/2023/07/reports_code_1-300x232.png 300w, https://sucuri.net/wp-content/uploads/2023/07/reports_code_1.png 1228w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-9b67285 elementor-widget elementor-widget-text-editor" data-id="9b67285" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Our remediation team often finds large numbers of impacted files for this infection, as attackers are known to inject the malware into every</span><b> .js</b><span style="font-weight: 400;"> file on the hacked website. </span></p><p><span style="font-weight: 400;">The malware operates in two parts. Firstly, a malicious JavaScript injection (NDSW or NDSJ) is typically found injected within HTML at the end of an inline script or appended to the bottom of every .js file in the compromised environment. The second layer with the NDSX payload (responsible for SocGholish fake browser update pages) is served by a malicious PHP proxy script, which is typically located in a random directory on the same infected domain. </span></p> </div> <div class="elementor-element elementor-element-9e01cf5 elementor-widget elementor-widget-heading" data-id="9e01cf5" data-element_type="widget" data-widget_type="heading.default"> <h5 class="elementor-heading-title elementor-size-default">Vanilla SocGholish</h5> </div> <div class="elementor-element elementor-element-fae2a18 elementor-widget elementor-widget-text-editor" data-id="fae2a18" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">We call this type of injection “vanilla” SocGholish because, unlike other campaigns, attackers inject JavaScript code or HTML script tags that point directly to known SocGholish domains.</span></p><p><span style="font-weight: 400;">In 2023, such injections are mainly found appended to legitimate </span><b>.js</b><span style="font-weight: 400;"> files like this:</span></p> </div> <div class="elementor-element elementor-element-92417bb elementor-widget elementor-widget-image" data-id="92417bb" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/trademark-iglesiaelarca.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="trademark-iglesiaelarca" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMzAsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvdHJhZGVtYXJrLWlnbGVzaWFlbGFyY2EucG5nIn0%3D"> <img decoding="async" width="640" height="60" src="https://sucuri.net/wp-content/uploads/2023/08/trademark-iglesiaelarca-768x72.png" class="attachment-medium_large size-medium_large wp-image-10330" alt="socgholish malware injection appended to js files" srcset="https://sucuri.net/wp-content/uploads/2023/08/trademark-iglesiaelarca-768x72.png 768w, https://sucuri.net/wp-content/uploads/2023/08/trademark-iglesiaelarca-300x28.png 300w, https://sucuri.net/wp-content/uploads/2023/08/trademark-iglesiaelarca.png 1452w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-541ff16 elementor-widget elementor-widget-text-editor" data-id="541ff16" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Or injected as html script tags, as seen in this example.</span></p> </div> <div class="elementor-element elementor-element-8039b6f elementor-widget elementor-widget-image" data-id="8039b6f" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_3.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_3" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNTMsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfMy5wbmcifQ%3D%3D"> <img decoding="async" width="640" height="43" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_3-768x51.png" class="attachment-medium_large size-medium_large wp-image-10253" alt="injected html tags" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_3-768x51.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_3-300x20.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_3.png 1148w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-bb9857e elementor-widget elementor-widget-heading" data-id="bb9857e" data-element_type="widget" data-widget_type="heading.default"> <h5 class="elementor-heading-title elementor-size-default">Khutmhpx</h5> </div> <div class="elementor-element elementor-element-b538d7d elementor-widget elementor-widget-text-editor" data-id="b538d7d" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The so-called </span><b>khutmhpx</b><span style="font-weight: 400;"> variant is known to inject the following malware at the top of HTML code of infected websites in an attempt to hijack traffic and </span><strong><a href="https://blog.sucuri.net/2022/12/fake-jquery-domain-redirects-site-visitors-scam.html">redirect site visitors to scam pages</a>.</strong><span style="font-weight: 400;"><br /></span></p> </div> <div class="elementor-element elementor-element-92db30f elementor-widget elementor-widget-image" data-id="92db30f" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_4.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_4" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNTQsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfNC5wbmcifQ%3D%3D"> <img loading="lazy" decoding="async" width="640" height="126" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_4-768x151.png" class="attachment-medium_large size-medium_large wp-image-10254" alt="khutmhpx socgholish variant redirects website traffic" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_4-768x151.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_4-300x59.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_4.png 974w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-e885f27 elementor-widget elementor-widget-text-editor" data-id="e885f27" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The scripts for </span><b>khutmhpx</b><span style="font-weight: 400;"> frequently change the domains that they load malware from. In the first half of 2023, this variant leveraged over 30 different domain names and was detected on</span><b> 10,094</b><span style="font-weight: 400;"> infected websites.</span></p> </div> <div class="elementor-element elementor-element-89c6c19 elementor-widget elementor-widget-heading" data-id="89c6c19" data-element_type="widget" data-widget_type="heading.default"> <h5 class="elementor-heading-title elementor-size-default">Xjquery</h5> </div> <div class="elementor-element elementor-element-ac00742 elementor-widget elementor-widget-text-editor" data-id="ac00742" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">During March, 2023, we started noticing a new variation of SocGholish malware that used an </span><strong><a href="https://blog.sucuri.net/2023/05/xjquery-wave-of-wordpress-socgholish-injections.html">intermediary xjquery[.]com domain</a></strong><span style="font-weight: 400;"><strong>.</strong> This variation was detected </span><b>1,543</b><span style="font-weight: 400;"> times.</span></p> </div> <div class="elementor-element elementor-element-730c4b8 elementor-widget elementor-widget-heading" data-id="730c4b8" data-element_type="widget" data-widget_type="heading.default"> <h5 class="elementor-heading-title elementor-size-default">sczriptzzbn</h5> </div> <div class="elementor-element elementor-element-5840ea0 elementor-widget elementor-widget-text-editor" data-id="5840ea0" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The sczriptzzbn malware initially pushed malware pretending to be a CloudFlare DDoS Captcha. However, by the end of 2022 it started consistently serving SocGholish fake updates.</span></p><p><span style="font-weight: 400;">In 2023, we mostly detected this malware injected at the top of legitimate </span><b>.js</b><span style="font-weight: 400;"> files:</span></p> </div> <div class="elementor-element elementor-element-a713370 elementor-widget elementor-widget-image" data-id="a713370" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_6.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_6" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNTUsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfNi5wbmcifQ%3D%3D"> <img loading="lazy" decoding="async" width="640" height="83" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_6-768x100.png" class="attachment-medium_large size-medium_large wp-image-10255" alt="sczriptzzbn malware serves fake socgholish malware updates" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_6-768x100.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_6-300x39.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_6.png 956w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-060b633 elementor-widget elementor-widget-heading" data-id="060b633" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Balada Injector</h4> </div> <div class="elementor-element elementor-element-1d55d8b elementor-widget elementor-widget-text-editor" data-id="1d55d8b" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">SiteCheck detected </span><b>60,697</b><span style="font-weight: 400;"> sites injected with obfuscated scripts for the ongoing massive malware campaign known as </span><strong><a href="https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html">Balada Injector</a></strong><span style="font-weight: 400;"><strong>,</strong> accounting for </span><b>15.63%</b><span style="font-weight: 400;"> of malware injections in the first half of 2023. Furthermore, external script tags pointing to </span><b>43</b><span style="font-weight: 400;"> known Balada domains were detected on </span><b>84,787</b><span style="font-weight: 400;"> sites. Some sites were found to contain both obfuscated scripts and external script injections at the same time. </span></p><p><span style="font-weight: 400;">The Balada malware campaign was among the top infections that Sucuri’s remediation team cleaned so far in 2023, and is known to redirect site visitors to scams, ads and other malicious resources. One of the biggest contributors to these numbers was the May wave exploiting the vulnerability in the </span><strong><a href="https://blog.sucuri.net/2023/05/vulnerability-in-essential-addons-for-elementor-leads-to-mass-infection.html">Essential Addons for Elementor</a>.</strong></p><p><span style="font-weight: 400;">The JavaScript injections for this campaign are typically either appended to one or several legitimate </span><b>.js</b><span style="font-weight: 400;"> files or injected into a header and/or footer of the page so that they fire on every page load and redirect traffic to the attacker’s final destination. </span></p><p><span style="font-weight: 400;">Character code obfuscation (decoded using </span><b>String.fromCharCode</b><span style="font-weight: 400;">) is a tell tale sign of Balada injections, as seen in this example that was found at the top of </span><b>wp-includes/js/jquery/jquery.min.js</b> <span style="font-weight: 400;">that injects a malicious script from </span><b>hxxps://cdn.clickandanalytics[.]com/track</b><span style="font-weight: 400;">. </span></p> </div> <div class="elementor-element elementor-element-e8b6968 elementor-widget elementor-widget-image" data-id="e8b6968" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_7.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_7" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNTYsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfNy5wbmcifQ%3D%3D"> <img loading="lazy" decoding="async" width="640" height="187" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_7-768x224.png" class="attachment-medium_large size-medium_large wp-image-10256" alt="Character code obfuscation (decoded using String.fromCharCode) is a tell tale sign of Balada injection" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_7-768x224.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_7-300x87.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_7.png 1270w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-13ed737 elementor-widget elementor-widget-text-editor" data-id="13ed737" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">This is not a full picture of the scope of the campaign, however. When the scripts are injected as a link directly to a malicious third party website, they are detected as a </span><strong><a href="#blocklisting">blocklisted resource</a></strong><span style="font-weight: 400;"> instead of a malware injection. </span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-befb58a elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="befb58a" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-12022c2" data-id="12022c2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-35ed20d elementor-widget elementor-widget-heading" data-id="35ed20d" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Top Infected JavaScript Files</h4> </div> <div class="elementor-element elementor-element-58b67b6 elementor-widget elementor-widget-text-editor" data-id="58b67b6" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The following</span><b> .js</b><span style="font-weight: 400;"> files were most commonly found to contain malicious injections during a remote SiteCheck scan. </span></p> </div> <div class="elementor-element elementor-element-637f9bf elementor-widget elementor-widget-image" data-id="637f9bf" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/02-Top-Infected-JavaScript-Files1.51.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="02 - Top Infected JavaScript Files_SiteCheck" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMzEsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDItVG9wLUluZmVjdGVkLUphdmFTY3JpcHQtRmlsZXMxLjUxLmpwZyJ9"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/02-Top-Infected-JavaScript-Files1.51-qao2f7hed2ka7vpn7hrn6y5xigy1rmp2ndb656upwg.jpg" title="02 – Top Infected JavaScript Files_SiteCheck" alt="Top infected javascript files detected by SiteCheck include jquery.min.js, iquery-migrate.min.js, quciktag.js, jquery.js, and hello-frontend.min.js" loading="lazy" /> </a> </div> <div class="elementor-element elementor-element-4c27ee4 elementor-widget elementor-widget-text-editor" data-id="4c27ee4" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Injections can be found appended under the current script or under the head of a page, leading them to fire on every page load. </span></p><p><span style="font-weight: 400;">Attackers typically leverage obfuscation techniques to evade detection, which can make manual searches for malicious JavaScript a challenge. But since these infections target traffic and are found at the client level, remote website scanners like SiteCheck can locate and identify the malware. </span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-36cc803 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="36cc803" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d0996f2" data-id="d0996f2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-ede4e34 elementor-widget elementor-widget-image" data-id="ede4e34" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/03-Baner-Porcentaje1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="03 - Baner Porcentaje1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMjksInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDMtQmFuZXItUG9yY2VudGFqZTEuNS5qcGcifQ%3D%3D"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/03-Baner-Porcentaje1.5-qao0huy253mpnkg05imj8g5nr2r5vjdzs4lji9obxg.jpg" title="03 – Baner Porcentaje1.5" alt="61.84% of website infections were found to contain external scripts, malicious iframes, or inline script injections" loading="lazy" /> </a> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-cf14c81 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="cf14c81" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-68deccc" data-id="68deccc" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-0a6199f elementor-widget elementor-widget-heading" data-id="0a6199f" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">SEO Spam</h3> </div> <div class="elementor-element elementor-element-57e1e10 elementor-widget elementor-widget-text-editor" data-id="57e1e10" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">A total of </span><b>267,416</b><span style="font-weight: 400;"> websites were detected with SEO spam by SiteCheck in the first half of 2023, accounting for </span><b>42.58% </b><span style="font-weight: 400;">of all infected site detections.</span><span style="font-weight: 400;"><br /></span></p><p><span style="font-weight: 400;">SEO spam often results in unwanted keywords, spam content, advertisements, or malicious redirects to the attacker’s site. It also happens to be one of the </span><a href="https://sucuri.net/reports/2021-hacked-website-report/"><span style="font-weight: 400;"><strong>most common types of malware</strong></span></a><span style="font-weight: 400;"> found during remediation cleanup — and is known to inject thousands of pages in the compromised environment. </span></p><p><span style="font-weight: 400;">Since an SEO spam infection typically allows an attacker to piggyback off the victim website’s hard earned rankings, they can be exceptionally valuable for the attacker — at the expense of the webmaster’s hard work and effort. </span></p> </div> <div class="elementor-element elementor-element-1005f96 elementor-widget elementor-widget-image" data-id="1005f96" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/05-Baner-Porcentaje-copia1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="05 - Baner Porcentaje copia1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMTksInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDUtQmFuZXItUG9yY2VudGFqZS1jb3BpYTEuNS5qcGcifQ%3D%3D"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/05-Baner-Porcentaje-copia1.5-qanz8fevtdfsi2fpfvnopwvm4mohu711j9gogt1cwq.jpg" title="05 – Baner Porcentaje copia1.5" alt="SEO Spam was detected on 267,416 websites by Sitecheck in the first half of 2023, accounting for 42.58% of all infections." loading="lazy" /> </a> </div> <div class="elementor-element elementor-element-1217297 elementor-widget elementor-widget-text-editor" data-id="1217297" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Attacks are known to leverage link injections, spam comments, or even create new posts or pages on the hacked site. Furthermore, these attacks can impact websites on any CMS, including WordPress, Joomla, Drupal, or Magento. </span></p> </div> <div class="elementor-element elementor-element-15cf23a elementor-widget elementor-widget-text-editor" data-id="15cf23a" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Our team regularly encounters three main techniques used to inject spam onto websites:</span></p><ul><li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Fake spam posts injected into the CMS database</span></li><li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">HTML code injections into plugin or theme files containing concealed elements</span></li><li style="font-weight: 400;" aria-level="1"><span style="font-weight: 400;">Dynamic spam doorway pages that generate content on demand</span></li></ul><p><span style="font-weight: 400;">If left untreated, an SEO spam infection can lead to </span><strong><a href="https://sucuri.net/guides/how-to-remove-google-blocklist-warning/">blocklisting by Google</a></strong><span style="font-weight: 400;"> and other major search authorities — which can significantly damage website rankings, reduce organic traffic, and negatively impact reputation. If you operate an ecommerce store, an infection can result in lost revenue and even impact your PCI DSS compliance if data is breached. </span></p><p><span style="font-weight: 400;">Let’s take a look at some of the most common SEO spam categories from the first half of 2023.</span></p> </div> <div class="elementor-element elementor-element-4c5de86 elementor-widget elementor-widget-image" data-id="4c5de86" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/06-SEO-Spam-Distribution1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="06 - SEO Spam Distribution1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMjAsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDYtU0VPLVNwYW0tRGlzdHJpYnV0aW9uMS41LmpwZyJ9"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/06-SEO-Spam-Distribution1.5-qanza2mprxouti1ou396kzxnjwkmb4k4rek9p8lkow.jpg" title="06 – SEO Spam Distribution1.5" alt="SEO Spam malware distribution seen on infected websites by SiteCheck in the first half of 2023" loading="lazy" /> </a> </div> <div class="elementor-element elementor-element-5c66624 elementor-widget elementor-widget-heading" data-id="5c66624" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Japanese Spam</h4> </div> <div class="elementor-element elementor-element-10919d4 elementor-widget elementor-widget-text-editor" data-id="10919d4" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Japanese spam infections was the most common category found on infected sites, with a total of </span><b>88,581</b><span style="font-weight: 400;"> sites accounting for </span><b>33.12%</b><span style="font-weight: 400;"> of SiteCheck’s SEO spam detections. </span></p><p><span style="font-weight: 400;">These spam campaigns pollute a site’s search results with Japanese keywords and spam content for knock-off designer brands. Infections are known to include thousands of web pages with Japanese content that attackers have added to the compromised domain.</span></p><p><span style="font-weight: 400;">As a result of these infections search results may be polluted with Japanese keyword spam, as seen in these recent examples below:</span></p> </div> <div class="elementor-element elementor-element-975d785 elementor-widget elementor-widget-image" data-id="975d785" data-element_type="widget" data-widget_type="image.default"> <img loading="lazy" decoding="async" width="640" height="481" src="https://sucuri.net/wp-content/uploads/2023/07/report_image_1-768x577.png" class="attachment-medium_large size-medium_large wp-image-10257" alt="example of japanese keyword spam" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_image_1-768x577.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_image_1-300x225.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_image_1.png 1252w" sizes="(max-width: 640px) 100vw, 640px" /> </div> <div class="elementor-element elementor-element-82c237c elementor-widget elementor-widget-text-editor" data-id="82c237c" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">In many cases, infected websites also contain cloaked content for Japanese spam. </span></p> </div> <div class="elementor-element elementor-element-52f7abf elementor-widget elementor-widget-image" data-id="52f7abf" data-element_type="widget" data-widget_type="image.default"> <img loading="lazy" decoding="async" width="640" height="331" src="https://sucuri.net/wp-content/uploads/2023/07/report_image_2-768x397.png" class="attachment-medium_large size-medium_large wp-image-10258" alt="example of cloaked japanese spam infection" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_image_2-768x397.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_image_2-300x155.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_image_2.png 1362w" sizes="(max-width: 640px) 100vw, 640px" /> </div> <div class="elementor-element elementor-element-798c633 elementor-widget elementor-widget-heading" data-id="798c633" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Hidden Content</h4> </div> <div class="elementor-element elementor-element-9b03b00 elementor-widget elementor-widget-text-editor" data-id="9b03b00" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The hidden content category accounted for </span><b>26.68%</b><span style="font-weight: 400;"> of all SEO spam detections and was detected on </span><b>71,340</b><span style="font-weight: 400;"> infected sites. </span></p><p><span style="font-weight: 400;">Hidden content is a common black hat SEO technique used to conceal spam content within legitimate web pages. Attackers use these tricks to leverage a website’s rankings without drawing attention to the infection. </span></p><p><span style="font-weight: 400;">The most common technique used to hide content on a compromised website was concealing links within </span><b><div></b><span style="font-weight: 400;"> tags with the</span><b> “overflow:hidden;height:1px;”</b><span style="font-weight: 400;"> style. This practice was detected on </span><b>13,519</b><span style="font-weight: 400;"> websites. </span></p> </div> <div class="elementor-element elementor-element-3a607cb elementor-widget elementor-widget-image" data-id="3a607cb" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_8.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_8" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNTksInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfOC5wbmcifQ%3D%3D"> <img loading="lazy" decoding="async" width="640" height="152" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_8-768x182.png" class="attachment-medium_large size-medium_large wp-image-10259" alt="links hidden with div tags on overflow of 1 px" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_8-768x182.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_8-300x71.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_8.png 1316w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-f5f3476 elementor-widget elementor-widget-text-editor" data-id="f5f3476" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Attackers create a </span><b><div></b><span style="font-weight: 400;"> one pixel high then inject their spam links into the miniscule tag. The links are not visible to ordinary site visitors unless they happen to be examining the code — but injected links </span><i><span style="font-weight: 400;">are</span></i><span style="font-weight: 400;"> visible to search engines. </span></p><p><span style="font-weight: 400;">Another common trick was placing spam in a div shifted to the left off the screen by using a ridiculously large random negative number in the “left” parameter of the div’s style, accounting for </span><b>10,464</b><span style="font-weight: 400;"> SiteCheck SEO spam detections. </span></p> </div> <div class="elementor-element elementor-element-c764ecf elementor-widget elementor-widget-image" data-id="c764ecf" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_9.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_9" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNjAsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfOS5wbmcifQ%3D%3D"> <img loading="lazy" decoding="async" width="640" height="123" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_9-768x147.png" class="attachment-medium_large size-medium_large wp-image-10260" alt="spam hidden in a shifted div tag" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_9-768x147.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_9-300x57.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_9.png 1318w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-f30b437 elementor-widget elementor-widget-heading" data-id="f30b437" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Keyword Spam</h4> </div> <div class="elementor-element elementor-element-7a69684 elementor-widget elementor-widget-text-editor" data-id="7a69684" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The keyword spam category accounted for </span><b>25.28%</b><span style="font-weight: 400;"> of all SEO spam detections and was found on </span><b>67,606 </b><span style="font-weight: 400;">infected sites. </span></p><p><span style="font-weight: 400;">This category primarily includes spam for pharmaceutical drugs, essay services, dating services, and replica knock-off products. SiteCheck’s signatures also detect these infections as hidden link injections or “cloaking” injections. </span></p><p><span style="font-weight: 400;">Attackers use cloaking techniques to show content or URLs to search engines that are entirely different from results displayed to website visitors, essentially manipulating search engine rankings for terms that are irrelevant to the website’s original content. </span></p><p><span style="font-weight: 400;">As an illustration, attackers may inject scripts that serve up a completely different page filled with spam content to Google, while showing an unmodified webpage to website visitors is one . Alternatively, the attacker’s scripts might only insert keywords or spam content into a webpage when the user agent belongs to a search engine — not a site visitor.</span></p><p><span style="font-weight: 400;">For example, let’s analyze an infected website that is based in America and completely unrelated to any pharmaceutical products. Website visitors who open the website directly find unmodified content as expected, with no indication that the website has an infection. However, search engine crawlers will find cloaked spam content and keywords, as seen on this snippet:</span></p> </div> <div class="elementor-element elementor-element-9f2b7a0 elementor-widget elementor-widget-image" data-id="9f2b7a0" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_10.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_10" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNjEsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfMTAucG5nIn0%3D"> <img loading="lazy" decoding="async" width="640" height="137" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_10-768x164.png" class="attachment-medium_large size-medium_large wp-image-10261" alt="keyword spam for pharmaceutical products" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_10-768x164.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_10-300x64.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_10.png 1445w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-fe4e2a6 elementor-widget elementor-widget-text-editor" data-id="fe4e2a6" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The cloaked spam results in polluted search results, which can seriously impact rankings. And while Google still links to legitimate website pages, if a visitor clicks on one of these search results then the malware automatically redirects them to the attacker’s counterfeit drug store site.</span></p> </div> <div class="elementor-element elementor-element-2d92c73 elementor-widget elementor-widget-image" data-id="2d92c73" data-element_type="widget" data-widget_type="image.default"> <img loading="lazy" decoding="async" width="640" height="639" src="https://sucuri.net/wp-content/uploads/2023/07/report_image_3-768x767.png" class="attachment-medium_large size-medium_large wp-image-10262" alt="search results show seo spam" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_image_3-768x767.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_image_3-300x300.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_image_3-150x150.png 150w, https://sucuri.net/wp-content/uploads/2023/07/report_image_3.png 1372w" sizes="(max-width: 640px) 100vw, 640px" /> </div> <div class="elementor-element elementor-element-56965d2 elementor-widget elementor-widget-text-editor" data-id="56965d2" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Furthermore, web searchers are displayed information on buying prescription drugs in various countries such as Mexico, UK (United Kingdom), and Canada — instead of the site’s real content which targets US visitors. </span></p><p><span style="font-weight: 400;">This example clearly highlights the impact of pharmaspam infections and demonstrates the importance of protecting against infection to protect your website, search rankings and visitors.</span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-6909954 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="6909954" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-685cb53" data-id="685cb53" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-6fe1b92 elementor-widget elementor-widget-image" data-id="6fe1b92" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/07-Baner-Porcentaje-copia1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="07 - Baner Porcentaje copia1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMjEsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDctQmFuZXItUG9yY2VudGFqZS1jb3BpYTEuNS5qcGcifQ%3D%3D"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/07-Baner-Porcentaje-copia1.5-qanzbl5csbrhivuhzqtjlm6e093wpkkkawefjacpr8.jpg" title="07 – Baner Porcentaje copia1.5" alt="25.28% of websites infected with SEO spam contained keywords for essay services, pharmaceuticals, adult services, or knock-off replica merchandise" loading="lazy" /> </a> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-efbfac3 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="efbfac3" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6f662b9" data-id="6f662b9" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-e27661d elementor-widget elementor-widget-heading" data-id="e27661d" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Gambling Spam</h4> </div> <div class="elementor-element elementor-element-0519b92 elementor-widget elementor-widget-text-editor" data-id="0519b92" data-element_type="widget" data-widget_type="text-editor.default"> <p><b>27,467</b><span style="font-weight: 400;"> scanned sites were detected with gambling and casino-related spam in the first half of 2023, accounting for </span><b>10.27%</b><span style="font-weight: 400;"> of all SEO spam detections. Many detections contained injections for Indonesian spam, however in 2023 the trend for gambling spam targeting more non-English speaking countries continued. </span></p><p><span style="font-weight: 400;">Indonesian gambling spam campaigns are known to reuse expired domains with names and TLDs that are completely unrelated to gambling or Indonesia. These domains work as doorways for gambling sites that operate off dozens of different domains and IP addresses.</span></p> </div> <div class="elementor-element elementor-element-43d7d8f elementor-widget elementor-widget-heading" data-id="43d7d8f" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Credit Card Stealers</h3> </div> <div class="elementor-element elementor-element-6f0913f elementor-widget elementor-widget-text-editor" data-id="6f0913f" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Also known as </span><a href="https://sucuri.net/guides/what-is-magecart/"><span style="font-weight: 400;"><strong>MageCart</strong></span></a><span style="font-weight: 400;">, credit card skimming malware was detected on </span><b>4,614</b><span style="font-weight: 400;"> websites by SiteCheck in the first half of 2023. </span></p><p><span style="font-weight: 400;">These detections were spread across </span><b>87</b><span style="font-weight: 400;"> distinct skimmer variants and impacted popular CMS’ like WordPress, Magento and OpenCart. </span></p><p><span style="font-weight: 400;">Another </span><b>502 </b><span style="font-weight: 400;">websites were found to contain external malicious JavaScript which loaded credit card skimming malware from blocklisted domains.</span></p> </div> <div class="elementor-element elementor-element-3164e4a elementor-widget elementor-widget-heading" data-id="3164e4a" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">GoogleAnalyticsObjects</h4> </div> <div class="elementor-element elementor-element-79e370f elementor-widget elementor-widget-text-editor" data-id="79e370f" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The most common credit card skimmer variant — detected on </span><b>1,260</b><span style="font-weight: 400;"> WordPress sites in the first half of 2023 — contained the following script, with slight variations for obfuscated domains. </span></p> </div> <div class="elementor-element elementor-element-226f019 elementor-widget elementor-widget-image" data-id="226f019" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_11.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_11" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNjMsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfMTEucG5nIn0%3D"> <img loading="lazy" decoding="async" width="640" height="115" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_11-768x138.png" class="attachment-medium_large size-medium_large wp-image-10263" alt="malicious JavaScript pretends to be Google Analytics and features variations of GoogleAnalyticsObjects keyword" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_11-768x138.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_11-300x54.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_11.png 1234w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-de8a5c6 elementor-widget elementor-widget-text-editor" data-id="de8a5c6" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">This malicious JavaScript pretends to be Google Analytics (it features variations of “</span><b>GoogleAnalyticsObjects</b><span style="font-weight: 400;">” keyword instead of “</span><b>GoogleAnalyticsObject</b><span style="font-weight: 400;">” in a real Google script). The malware uses the atob function to decode the encoded strings, loading the credit card skimming malware from third party domains and executing in the victim’s browser during the checkout process, for example:</span></p><p><b>//jqbs-get[.]store/www.google-analytics.com/plugins/ua/linkid.js</b></p><p><span style="font-weight: 400;">It then pilfers any information entered into the checkout field of the website and sends it to an exfiltration destination controlled by the attackers.</span></p><p><span style="font-weight: 400;">WordPress continues to be the most common CMS platform affected by credit card skimming MageCart malware. This data only tells part of the story, however. MageCart infections on WordPress websites commonly load through malicious </span><a href="https://blog.sucuri.net/2022/06/smilodon-credit-card-skimming-malware-shifts-to-wordpress.html"><span style="font-weight: 400;"><strong>plugins</strong></span></a><span style="font-weight: 400;"> and are invisible to external scanners such as SiteCheck. PHP and other backend MageCart malware also affect other platforms such as Magento and OpenCart.</span></p> </div> <div class="elementor-element elementor-element-4cb1b98 elementor-widget elementor-widget-image" data-id="4cb1b98" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/08-Baner-Porcentaje-copia-21.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="08 - Baner Porcentaje copia 21.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMjIsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDgtQmFuZXItUG9yY2VudGFqZS1jb3BpYS0yMS41LmpwZyJ9"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/08-Baner-Porcentaje-copia-21.5-qanzda8v4k34hjdr2z8alorcmaqrlwb47aszq9u4is.jpg" title="08 – Baner Porcentaje copia 21.5" alt="Credit card skimming malware was detected on 4,614 websites by SiteCheck in the first half of 2023" loading="lazy" /> </a> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-b26a0d1 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="b26a0d1" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3bbfaad" data-id="3bbfaad" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-882c198 elementor-widget elementor-widget-heading" data-id="882c198" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Unwanted Ads </h3> </div> <div class="elementor-element elementor-element-49686e1 elementor-widget elementor-widget-text-editor" data-id="49686e1" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">A total of </span><b>11,487</b><span style="font-weight: 400;"> infected websites contained unwanted ads, amounting to</span><b> 1.83%</b><span style="font-weight: 400;"> of detected infections.This category includes malware that pushes unwelcome advertisements, website pop-ups, and malvertisements — and is typically used to monetize access to the compromised environment, since ad networks will pay out to the hacker’s affiliate account instead of the website owner’s. </span></p><p><span style="font-weight: 400;">Unwanted ads can have serious implications for both site visitors and website owners. Bad actors can use this malware to track user behavior, create malicious redirects to other websites, generate commissions or serve malicious downloads. </span></p><p><span style="font-weight: 400;">The most common unwanted ad script from </span><b>cjvdfw[.]com</b><span style="font-weight: 400;"> was found injected on</span><b> 2,912</b><span style="font-weight: 400;"> sites.</span></p> </div> <div class="elementor-element elementor-element-42e2a4c elementor-widget elementor-widget-image" data-id="42e2a4c" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_12.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_12" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNjQsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfMTIucG5nIn0%3D"> <img loading="lazy" decoding="async" width="640" height="73" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_12-768x88.png" class="attachment-medium_large size-medium_large wp-image-10264" alt="script pushes unwanted ads on hacked websites" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_12-768x88.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_12-300x34.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_12.png 1228w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-e04d36f elementor-widget elementor-widget-heading" data-id="e04d36f" data-element_type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Base64 Ad Scripts</h4> </div> <div class="elementor-element elementor-element-e57d8f1 elementor-widget elementor-widget-text-editor" data-id="e57d8f1" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Yet another common variant of unwanted ads responsible for </span><b>1,262</b><span style="font-weight: 400;"> SiteCheck detections belonged to these scripts, which are typically injected in Base64 format as </span><b><script src=”data:text/javascript;base64,…></b></p> </div> <div class="elementor-element elementor-element-926b1c9 elementor-widget elementor-widget-image" data-id="926b1c9" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/07/report_code_13.png" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="report_code_13" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAyNjUsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wN1wvcmVwb3J0X2NvZGVfMTMucG5nIn0%3D"> <img loading="lazy" decoding="async" width="640" height="231" src="https://sucuri.net/wp-content/uploads/2023/07/report_code_13-768x277.png" class="attachment-medium_large size-medium_large wp-image-10265" alt="example of malicious base64 encoded ad scripts" srcset="https://sucuri.net/wp-content/uploads/2023/07/report_code_13-768x277.png 768w, https://sucuri.net/wp-content/uploads/2023/07/report_code_13-300x108.png 300w, https://sucuri.net/wp-content/uploads/2023/07/report_code_13.png 1448w" sizes="(max-width: 640px) 100vw, 640px" /> </a> </div> <div class="elementor-element elementor-element-230456a elementor-widget elementor-widget-text-editor" data-id="230456a" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">The malware injects unwanted ads from domains like </span><b>serialhd2019[.]ru</b><span style="font-weight: 400;">, </span><b>advertising-cdn[.]com</b><span style="font-weight: 400;">, </span><b>new-adversting[.]com</b><span style="font-weight: 400;">.</span></p> </div> <div class="elementor-element elementor-element-a831bbd elementor-widget elementor-widget-heading" data-id="a831bbd" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Defacements</h3> </div> <div class="elementor-element elementor-element-d72f9ee elementor-widget elementor-widget-text-editor" data-id="d72f9ee" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">A total of </span><b>5,316</b><span style="font-weight: 400;"> infected websites were found containing defacements in the first two quarters of 2023, accounting for </span><b>0.08%</b><span style="font-weight: 400;"> of detected infections.</span></p><p><span style="font-weight: 400;">Defacements are defined as attacks that lead to visual changes of a website’s page similar to graffiti or vandalism. For example, this image was found replacing the contents of a web page on a compromised environment during February, 2023. </span></p> </div> <div class="elementor-element elementor-element-3c3ecb8 elementor-widget elementor-widget-image" data-id="3c3ecb8" data-element_type="widget" data-widget_type="image.default"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/unnamed-qa1tk8tbmc1w4j0tgsp4pg9xuu1m2atnm4bbzv04b0.png" title="unnamed" alt="example of a website defacement on a hacked site" loading="lazy" /> </div> <div class="elementor-element elementor-element-41483fb elementor-widget elementor-widget-text-editor" data-id="41483fb" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Attackers might be motivated to deface a website like this to make a political or religious statement — or simply be destructive and wreak havoc in the name of hooliganism.</span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-385ddc3d elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="385ddc3d" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2eaf71c3" data-id="2eaf71c3" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-19f5e4ba elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="19f5e4ba" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-48cb4489" data-id="48cb4489" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-afb7cb6 elementor-widget elementor-widget-menu-anchor" data-id="afb7cb6" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-menu-anchor" id="blocklisting"></div> </div> <div class="elementor-element elementor-element-d028f28 elementor-widget elementor-widget-heading" data-id="d028f28" data-element_type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Blocklisting</h2> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-9e34519 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="9e34519" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-286868d" data-id="286868d" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-55c22a20 elementor-widget elementor-widget-text-editor" data-id="55c22a20" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Blocklisted resources were detected on a total of </span><b>113,679 </b><span style="font-weight: 400;">websites in the first half of 2023 — meaning that </span><b>18.10%</b><span style="font-weight: 400;"> of infected websites were found to include external scripts or iframes referencing blocklisted domains. </span></p><p><span style="font-weight: 400;">We analyzed our datasets to identify some of the most common blocklisted domains and found three distinct categories.</span></p> </div> <div class="elementor-element elementor-element-4a09efd elementor-widget elementor-widget-heading" data-id="4a09efd" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Balada Injector</h3> </div> <div class="elementor-element elementor-element-eb3a46d elementor-widget elementor-widget-text-editor" data-id="eb3a46d" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">A large number of blocklisted resources were dominated by domains used by the </span><strong><a href="https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html">Balada Injector</a></strong><span style="font-weight: 400;"> campaign.</span></p> </div> <div class="elementor-element elementor-element-caafbb6 elementor-widget elementor-widget-image" data-id="caafbb6" data-element_type="widget" data-widget_type="image.default"> <a href="https://sucuri.net/wp-content/uploads/2023/08/09-Blocklisting-Top-5-Balada-Injector-Domains1.5.jpg" data-elementor-open-lightbox="yes" data-elementor-lightbox-title="09 - Blocklisting - Top 5 Balada Injector Domains1.5" data-e-action-hash="#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTAzMjMsInVybCI6Imh0dHBzOlwvXC9zdWN1cmkubmV0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wOFwvMDktQmxvY2tsaXN0aW5nLVRvcC01LUJhbGFkYS1JbmplY3Rvci1Eb21haW5zMS41LmpwZyJ9"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/09-Blocklisting-Top-5-Balada-Injector-Domains1.5-qanzem6mt3wqxng4b1y9munuwy6higlfdw2r7dv30o.jpg" title="09 – Blocklisting – Top 5 Balada Injector Domains1.5" alt="Top 5 Balada Injector blocklisted domains include scriptsplatform, clickandanalytics, firstblackphase, descriptionscripts, and violetlovelines" loading="lazy" /> </a> </div> <div class="elementor-element elementor-element-e83227b elementor-widget elementor-widget-text-editor" data-id="e83227b" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">SiteCheck flagged a total of </span><b>84,787 </b><span style="font-weight: 400;">sites with scripts and blocklisted resources for </span><b>43</b><span style="font-weight: 400;"> different </span><strong><a href="https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html">Balada Injector</a></strong><span style="font-weight: 400;"> domains during remote scans in the first half of 2023. </span></p> </div> <div class="elementor-element elementor-element-56330dd elementor-widget elementor-widget-heading" data-id="56330dd" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">SocGholish</h3> </div> <div class="elementor-element elementor-element-bd6d8fb elementor-widget elementor-widget-text-editor" data-id="bd6d8fb" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Another distinct category of blocklisted resources were related to the SocGholish malware campaign, with </span><b>44 </b><span style="font-weight: 400;">distinct domains detected on </span><b>15,172</b><span style="font-weight: 400;"> sites. </span></p> </div> <div class="elementor-element elementor-element-ac760c0 elementor-widget elementor-widget-image" data-id="ac760c0" data-element_type="widget" data-widget_type="image.default"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/10-Blocklisting-Top-5-SocGholish-Domains1.5-qanztlpzs0fc1toesj64e2ifw4b68q3cs2jgo7n3t4.jpg" title="10 – Blocklisting – Top 5 SocGholish Domains1.5" alt="Top 5 SocGholish blocklisted domains include people.fl2wealth, taxes.rpacx, kinematics.starmidwest, xjquery, and accountability.thefenceanddeckguys" loading="lazy" /> </div> <div class="elementor-element elementor-element-b23e46e elementor-widget elementor-widget-text-editor" data-id="b23e46e" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">In late 2022, some SocGholish campaigns switched from injecting obfuscated JavaScript to injection of external script tags which are detected as blocklisted resources in SiteCheck . </span></p> </div> <div class="elementor-element elementor-element-af25259 elementor-widget elementor-widget-heading" data-id="af25259" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Bogus Short URLs</h3> </div> <div class="elementor-element elementor-element-3fdb6f0 elementor-widget elementor-widget-text-editor" data-id="3fdb6f0" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Another </span><b>6,105</b><span style="font-weight: 400;"> websites were flagged with blocklisted resources from </span><b>93</b><span style="font-weight: 400;"> distinct domains associated with the </span><strong><a href="https://blog.sucuri.net/2023/02/bogus-url-shorteners-redirect-thousands-of-hacked-sites-in-adsense-fraud-campaign.html">bogus URL shortener AdSense fraud campaign</a></strong><span style="font-weight: 400;">.</span></p><p><span style="font-weight: 400;">At some point, the attack temporarily switched from obfuscated JavaScript to external script tags using a large number of various bogus URL shortener domains.</span></p> </div> <div class="elementor-element elementor-element-b228a79 elementor-widget elementor-widget-image" data-id="b228a79" data-element_type="widget" data-widget_type="image.default"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/11-Blocklisting-Top-5-Bogus-Short-URLs-Domains1.5-qao03hytq7z0a1ay0b5q52m515jaa0dmh1shk2ywaw.jpg" title="11 – Blocklisting – Top 5 Bogus Short URLs Domains1.5" alt="Top 5 bogus short URL domains found directing websites to malicious locations" loading="lazy" /> </div> <div class="elementor-element elementor-element-6963161 elementor-widget elementor-widget-image" data-id="6963161" data-element_type="widget" data-widget_type="image.default"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/12-Baner-Porcentaje-copia-31.5-qao07hs4rvfvmdi1ojbn8kbnx3ufzp8k0tlrzf1mjo.jpg" title="12 – Baner Porcentaje copia 31.5" alt="Blocklisted resources were detected on a total of 113,679 websites in the first half of 2023, meaning that 18.10% of infected websites were found to include externals scripts or iframes referencing blocklisted domains" loading="lazy" /> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-7bba50d0 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="7bba50d0" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4c7efda2" data-id="4c7efda2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-584001de elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="584001de" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-7137f82b" data-id="7137f82b" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-59cc4e32 elementor-widget elementor-widget-menu-anchor" data-id="59cc4e32" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-menu-anchor" id="hardening"></div> </div> <div class="elementor-element elementor-element-76f7f018 elementor-widget elementor-widget-heading" data-id="76f7f018" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Hardening Recommendations</h3> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-44bbf4d elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="44bbf4d" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bb5d662" data-id="bb5d662" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-9a20b02 elementor-widget elementor-widget-text-editor" data-id="9a20b02" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">SiteCheck doesn’t only provide detections for blocklisting and malware — it’s scans also help to identify common security problems and recommend improvements. </span></p><p><span style="font-weight: 400;">We analyzed the data and identified the top five most common hardening recommendations detected during a remote scan. </span></p> </div> <div class="elementor-element elementor-element-50e339d elementor-widget elementor-widget-image" data-id="50e339d" data-element_type="widget" data-widget_type="image.default"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/elementor/thumbs/13-Hardening-Recommendations1.5-qao098rbhru388ykgsjndmfjpx81bf6klhbb4yg9zg.jpg" title="13 – Hardening Recommendations1.5" alt="SiteCheck hardening recommendations include CSP, X-Frame-Options, WAF, Strict Transport Security, and no redirects to HTTPS" loading="lazy" /> </div> <div class="elementor-element elementor-element-8792d78 elementor-widget elementor-widget-heading" data-id="8792d78" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">No CSP</h3> </div> <div class="elementor-element elementor-element-3c29617 elementor-widget elementor-widget-text-editor" data-id="3c29617" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Missing content security policy directives were found during </span><b>81.55% </b><span style="font-weight: 400;">of the remote scans performed in the first half of 2023. </span></p><p><span style="font-weight: 400;">A </span><strong><a href="https://blog.sucuri.net/2018/04/content-security-policy.html">content security policy</a></strong><span style="font-weight: 400;"> (CSP) provides protection against </span><strong><a href="https://sucuri.net/guides/what-is-cross-site-scripting/">cross-site scripting (XSS)</a></strong><span style="font-weight: 400;"> and various other injection attacks by limiting the source of the content such as images and scripts to known origins, which ensures that no data comes from or leaves to a malicious server. </span></p> </div> <div class="elementor-element elementor-element-d33f895 elementor-widget elementor-widget-heading" data-id="d33f895" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">X-Frame-Options</h3> </div> <div class="elementor-element elementor-element-2c2c7bd elementor-widget elementor-widget-text-editor" data-id="2c2c7bd" data-element_type="widget" data-widget_type="text-editor.default"> <p><b>81.13%</b><span style="font-weight: 400;"> of websites were found missing X-Frame-Options during a remote scan. </span><span style="font-weight: 400;"><br /></span><span style="font-weight: 400;"><br /></span><span style="font-weight: 400;">The </span><strong><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options">X-Frame-Options</a></strong><span style="font-weight: 400;"> security header helps improve a website’s security against </span><strong><a href="https://blog.sucuri.net/2022/09/what-is-clickjacking-and-how-do-i-prevent-it.html">clickjacking</a></strong><span style="font-weight: 400;"> by preventing attackers from embedding the website via an iframe onto another. </span></p> </div> <div class="elementor-element elementor-element-f490f2d elementor-widget elementor-widget-heading" data-id="f490f2d" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Missing WAF</h3> </div> <div class="elementor-element elementor-element-e8022ce elementor-widget elementor-widget-text-editor" data-id="e8022ce" data-element_type="widget" data-widget_type="text-editor.default"> <p><b>79.87%</b><span style="font-weight: 400;"> of websites were detected not using a website application firewall (WAF) during a remote SiteCheck scan. </span></p><p><span style="font-weight: 400;">Cloud-based WAFs (Web Application Firewalls) like the </span><strong><a href="https://sucuri.net/website-firewall">Sucuri Firewall</a></strong><span style="font-weight: 400;"> can help filter malicious packets from reaching the website, virtually patch known vulnerabilities, prevent bad bots and comment spam, and mitigate DDoS. </span></p> </div> <div class="elementor-element elementor-element-6ac3c87 elementor-widget elementor-widget-heading" data-id="6ac3c87" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Strict Transport Security</h3> </div> <div class="elementor-element elementor-element-b0373a4 elementor-widget elementor-widget-text-editor" data-id="b0373a4" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Missing </span><strong><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security">Strict-Transport-Security</a></strong><span style="font-weight: 400;"> headers were detected on </span><b>72.33%</b><span style="font-weight: 400;"> of scanned websites. </span></p><p><span style="font-weight: 400;">This header ensures that a client will always connect to the HTTPS version of your website for further connections, even if the navigator tries connecting to its HTTP version. </span></p><p><span style="font-weight: 400;">If a website accepts a connection through HTTP before redirecting to HTTPS and does not employ the Strict Transport Security header, the redirect can be exploited to send traffic to malicious websites, resulting in man-in-the-middle attacks.</span></p> </div> <div class="elementor-element elementor-element-ae68d76 elementor-widget elementor-widget-heading" data-id="ae68d76" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">No Redirect to HTTPS</h3> </div> <div class="elementor-element elementor-element-1938ec4 elementor-widget elementor-widget-text-editor" data-id="1938ec4" data-element_type="widget" data-widget_type="text-editor.default"> <p><b>17.35%</b><span style="font-weight: 400;"> of scanned websites did not contain a redirect from HTTP to HTTPS.</span></p><p><span style="font-weight: 400;">The HTTPS protocol securely transfers information from point A to point B and is crucial for websites that handle sensitive information like personally identifiable information (PII) on login or contact forms, as well as credit card data on checkout pages. It also ensures that attackers cannot inject malicious scripts and modify the contents of the page via man-in-the-middle attacks or steal session cookies. </span></p><p><span style="font-weight: 400;">Leveraging an </span><strong><a href="https://sucuri.net/guides/how-to-install-ssl-certificate/">SSL (Secure Socket Layer) certificate</a></strong><span style="font-weight: 400;"> ensures that a website is encrypting connections for safety, accessibility and PCI compliance reasons — and also has the added benefit of ranking better in SERPs (Search Engine Results Page). </span></p><p><span style="font-weight: 400;">Ideally, website owners should force all visitors to see the HTTPS version of the website to ensure that all data in transit is protected.</span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-2d567cf elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="2d567cf" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c13cf53" data-id="c13cf53" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-198e3323 elementor-widget elementor-widget-menu-anchor" data-id="198e3323" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-menu-anchor" id="tl-dr"></div> </div> <div class="elementor-element elementor-element-58dcfd82 elementor-widget elementor-widget-heading" data-id="58dcfd82" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">TL;DR</h3> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-71d3d95 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="71d3d95" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-593aa64" data-id="593aa64" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-87be7f5 elementor-widget elementor-widget-text-editor" data-id="87be7f5" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">This report revealed a number of insights from the first half of 2023 for our remote website scanner:</span></p><ul><li style="font-weight: 400;" aria-level="1"><b>267,416</b><span style="font-weight: 400;"> scanned sites were detected with SEO spam, accounting for</span><b> 42.58%</b><span style="font-weight: 400;"> of website infections.</span></li><li style="font-weight: 400;" aria-level="1"><b>25.28%</b><span style="font-weight: 400;"> of websites infected with SEO spam contained keywords for essay services, pharmaceuticals, pornography, or knock-off replica merchandise. </span></li><li style="font-weight: 400;" aria-level="1"><b>25.93% </b><span style="font-weight: 400;">of infections were found to contain external scripts, malicious iframes, or inline script injections.</span></li><li style="font-weight: 400;" aria-level="1"><b>60,697</b><span style="font-weight: 400;"> obfuscated script injections plus </span><b>84,787 </b><span style="font-weight: 400;">external script tags were detected for Balada Injector, the ongoing massive malware campaign targeting vulnerabilities in WordPress plugins and themes, were detected in the first half of 2023.</span></li><li style="font-weight: 400;" aria-level="1"><b>7.17% </b><span style="font-weight: 400;">of infected websites were found to include external scripts or iframes referencing blocklisted domains.</span></li></ul><p><span style="font-weight: 400;">While no security solution is 100% guaranteed to protect your website’s environment, there are a number of different solutions that you can utilize for an effective defense-in-depth strategy. </span></p><p><span style="font-weight: 400;">Always keep website software updated with the latest security patches to mitigate risk from software vulnerabilities — including plugins, themes, and core CMS. Consider employing </span><strong><a href="https://sucuri.net/wordpress-security-plugin/">file integrity monitoring</a></strong><span style="font-weight: 400;"> or comprehensive </span><strong><a href="https://sucuri.net/malware-detection-scanning/">website monitoring</a></strong><span style="font-weight: 400;"> services to detect indicators of compromise and anomalies. Enforce strong, unique passwords for all user accounts. You can </span><span style="font-weight: 400;">leverage a </span><strong><a href="https://sucuri.net/website-firewall/">web application firewall</a></strong><span style="font-weight: 400;"> to help filter out malicious traffic, block bad bots, virtually patch known vulnerabilities, and </span><strong><a href="https://sucuri.net/ddos-protection/">mitigate DDoS</a></strong><span style="font-weight: 400;">. </span></p><p><span style="font-weight: 400;"><i>Do you have comments or suggestions for this report? We’d love to hear from you! Share your feedback on </i><strong><a href="https://twitter.com/sucurisecurity"><i>Twitter</i></a></strong> <i>or email us </i><strong><a href="mailto:marketing@sucuri.net"><i>labs@sucuri.net</i></a><i>.</i></strong> </span></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-62d0925 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="62d0925" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d4d3b3f" data-id="d4d3b3f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3656ff35 elementor-widget elementor-widget-menu-anchor" data-id="3656ff35" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-menu-anchor" id="credits"></div> </div> <div class="elementor-element elementor-element-3c9b8cc4 elementor-widget elementor-widget-heading" data-id="3c9b8cc4" data-element_type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Credits</h3> </div> <div class="elementor-element elementor-element-1d40318 elementor-widget elementor-widget-spacer" data-id="1d40318" data-element_type="widget" data-widget_type="spacer.default"> <div class="elementor-spacer"> <div class="elementor-spacer-inner"></div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-3ea29c2 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="3ea29c2" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a8d5a44" data-id="a8d5a44" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-4d3601a elementor-widget elementor-widget-text-editor" data-id="4d3601a" data-element_type="widget" data-widget_type="text-editor.default"> <p><span style="font-weight: 400;">Denis Sinegubko – Senior Malware Researcher | </span><strong><a href="https://twitter.com/unmaskparasites">@unmaskparasites</a></strong></p><p><span style="font-weight: 400;">Rodrigo Escobar </span><span style="font-weight: 400;">–</span><span style="font-weight: 400;"> Malware Research Manager | </span><strong><a href="https://twitter.com/ipaxdc">@ipaxdc</a></strong></p><p><span style="font-weight: 400;">Rianna MacLeod – Technical Writer | </span><strong><a href="https://twitter.com/riannamacleod">@RiannaMacLeod</a></strong></p> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-328449f6 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="328449f6" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6fcd68b2" data-id="6fcd68b2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-7c55b065 elementor-widget elementor-widget-resources_section" data-id="7c55b065" data-element_type="widget" data-widget_type="resources_section.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-resources"> <div class="resourcesHeading"> <h2>Additional Resources</h2> <p></p> </div> <div class="resourcesContainer"> <a data-gatrack="" href="https://sucuri.net/guides/" class="resourcesContainer__single three"> <div class="resourcesContainer__single__imageContainer"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-security-guides.png" alt="22-sucuri-resource-security-guides"> <div class="arrow"> <img decoding="async" class="arrow" src="/wp-content/plugins/custom-functionalities-sucuri/widgets/resources_section/assets/images/arrow-right-solid.svg" alt=""> </div> </div> <div class="resourcesContainer__single__contentContainer"> <h3>Guides</h3> <p>Follow our helpful guides and tutorials to learn how to clean and secure your website.</p> </div> </a> <a data-gatrack="" href="https://sucuri.net/email-courses/" class="resourcesContainer__single three"> <div class="resourcesContainer__single__imageContainer"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/2023/02/22-sucuri-resource-email-courses-1.png" alt="22-sucuri-resource-email-courses (1)"> <div class="arrow"> <img decoding="async" class="arrow" src="/wp-content/plugins/custom-functionalities-sucuri/widgets/resources_section/assets/images/arrow-right-solid.svg" alt=""> </div> </div> <div class="resourcesContainer__single__contentContainer"> <h3>Email Courses</h3> <p>Join our email series as we offer actionable steps and basic security techniques for WordPress site owners.</p> </div> </a> <a data-gatrack="" href="https://blog.sucuri.net/" class="resourcesContainer__single three"> <div class="resourcesContainer__single__imageContainer"> <img decoding="async" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-blog.png" alt="22-sucuri-resource-blog"> <div class="arrow"> <img decoding="async" class="arrow" src="/wp-content/plugins/custom-functionalities-sucuri/widgets/resources_section/assets/images/arrow-right-solid.svg" alt=""> </div> </div> <div class="resourcesContainer__single__contentContainer"> <h3>Sucuri Blog</h3> <p>Read our technical articles on emerging trends in the web security landscape.</p> </div> </a> </div> </div> </div> </div> </div> </div> </div> </section> </div> </main> </div> <div data-elementor-type="footer" data-elementor-id="10539" class="elementor elementor-10539 elementor-location-footer" data-elementor-post-type="elementor_library"> <section class="elementor-section elementor-top-section elementor-element elementor-element-861d687 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="861d687" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fc1f30f" data-id="fc1f30f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a32286d elementor-widget elementor-widget-footer_section" data-id="a32286d" data-element_type="widget" data-widget_type="footer_section.default"> <div class="elementor-widget-container"> <div class="sucuri-footer-revamp parent"> <div class="footer-menu-logo-container"> <div class="footer-menu-logo-internal"> <div class="image-container"> <img src="https://sucuri.net/wp-content/uploads/2022/12/sucuri_logo_dark.svg" alt="Sucuri Logo"> </div> <div class="social-media-container"> <p>Let’s Connect</p> <div class="social-media-wrapper"> <a aria-label="Visit our Twitter profile" href="https://twitter.com/sucurisecurity/"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="21" viewBox="0 0 23 21" fill="none"><path d="M18.1138 0.210449H21.6407L13.9356 8.92748L23 20.7894H15.9016L10.3427 13.5952L3.98206 20.7894H0.453113L8.69443 11.4656L0 0.210449H7.27646L12.3012 6.78621L18.1117 0.210449H18.1138ZM16.876 18.6998H18.8303L6.21564 2.19025H4.11853L16.876 18.6998Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Facebook profile" href="https://www.facebook.com/SucuriSecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M21.7287 0H1.27126C0.567177 0 0 0.567177 0 1.27126V21.7287C0 22.4328 0.567177 23 1.27126 23H12.2823V14.1012H9.28996V10.6395H12.2823V8.07738C12.2823 5.10459 14.1012 3.48129 16.7415 3.48129C18.0128 3.48129 19.108 3.57908 19.4209 3.6182V6.72789H17.5825C16.1352 6.72789 15.8614 7.41241 15.8614 8.40986V10.6199H19.3036L18.8537 14.0816H15.8614V22.9804H21.7287C22.4328 22.9804 23 22.4133 23 21.7092V1.27126C23 0.567177 22.4328 0 21.7287 0Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Instagram profile" href="https://www.instagram.com/sucurisecurity/"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M22.9218 6.76701C22.8631 5.55442 22.6675 4.71344 22.3937 3.97024C22.1003 3.20748 21.7092 2.58163 21.0638 1.93622C20.4184 1.29082 19.7925 0.89966 19.0298 0.606292C18.3061 0.312925 17.4651 0.136905 16.233 0.0782313C15.0008 0.0195578 14.6097 0 11.5 0C8.3903 0 7.97959 0 6.767 0.0782313C5.53486 0.136905 4.71343 0.332483 3.97024 0.606292C3.20748 0.89966 2.58163 1.29082 1.93622 1.93622C1.29081 2.58163 0.899655 3.20748 0.606288 3.97024C0.31292 4.69388 0.117341 5.53486 0.0782256 6.76701C0.0195522 7.99915 0 8.39031 0 11.5C0 14.6097 -5.6684e-06 15.0204 0.0782256 16.233C0.136899 17.4456 0.332478 18.2866 0.606288 19.0298C0.899655 19.7925 1.29081 20.4184 1.93622 21.0638C2.58163 21.7092 3.20748 22.1003 3.97024 22.3937C4.69388 22.6675 5.53486 22.8631 6.767 22.9218C7.99915 22.9804 8.3903 23 11.5 23C14.6097 23 15.0008 23 16.233 22.9218C17.4456 22.8631 18.2866 22.6675 19.0298 22.3937C19.7925 22.1003 20.4184 21.7092 21.0638 21.0638C21.7092 20.4184 22.1003 19.7925 22.3937 19.0298C22.6871 18.3061 22.8631 17.4651 22.9218 16.233C22.9804 15.0009 23 14.6097 23 11.5C23 8.39031 23 7.99915 22.9218 6.76701ZM20.8486 16.1548C20.79 17.2696 20.6139 17.8759 20.4575 18.2866C20.2423 18.8146 20.0077 19.2058 19.5969 19.6165C19.1862 20.0272 18.8146 20.2619 18.267 20.477C17.8563 20.6335 17.25 20.8291 16.1352 20.8682C14.9226 20.9269 14.551 20.9269 11.5 20.9269C8.44897 20.9269 8.05782 20.9269 6.86479 20.8682C5.75 20.8095 5.1437 20.6335 4.73299 20.477C4.20493 20.2619 3.81377 20.0272 3.40306 19.6165C2.99234 19.2058 2.75765 18.8342 2.54252 18.2866C2.38605 17.8759 2.19047 17.2696 2.15136 16.1548C2.09268 14.9422 2.09269 14.5901 2.09269 11.5196C2.09269 8.44898 2.09268 8.09694 2.15136 6.88435C2.21003 5.76956 2.38605 5.16327 2.54252 4.75255C2.75765 4.22449 2.99234 3.83333 3.40306 3.44218C3.81377 3.03146 4.18537 2.79677 4.73299 2.58163C5.1437 2.42517 5.75 2.22959 6.86479 2.19048C8.07738 2.1318 8.44897 2.1318 11.5 2.1318C14.551 2.1318 14.9226 2.1318 16.1352 2.19048C17.25 2.24915 17.8563 2.42517 18.267 2.58163C18.7951 2.79677 19.1862 3.03146 19.5969 3.44218C20.0077 3.85289 20.2423 4.22449 20.4575 4.75255C20.6139 5.16327 20.8095 5.76956 20.8486 6.88435C20.9073 8.09694 20.9073 8.46854 20.9073 11.5196C20.9073 14.5706 20.9073 14.9422 20.8486 16.1548Z" fill="#00FFCE"></path><path d="M11.5002 5.59375C8.23405 5.59375 5.59375 8.23406 5.59375 11.5002C5.59375 14.7664 8.23405 17.4067 11.5002 17.4067C14.7664 17.4067 17.4067 14.7664 17.4067 11.5002C17.4067 8.23406 14.7664 5.59375 11.5002 5.59375ZM11.5002 15.314C9.38796 15.314 7.66687 13.5929 7.66687 11.4807C7.66687 9.36841 9.38796 7.64732 11.5002 7.64732C13.6125 7.64732 15.3335 9.36841 15.3335 11.4807C15.3335 13.5929 13.6125 15.314 11.5002 15.314Z" fill="#00FFCE"></path><path d="M17.6406 3.98975C16.8778 3.98975 16.252 4.6156 16.252 5.37835C16.252 6.14111 16.8778 6.7474 17.6406 6.7474C18.4033 6.7474 19.0096 6.12155 19.0096 5.37835C19.0096 4.63515 18.3838 3.98975 17.6406 3.98975Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our LinkedIn profile" href="https://www.linkedin.com/company/sucuri-security"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M0.445161 23H4.89677V7.04375H0.445161V23ZM2.67097 0C1.1871 0 0 1.15 0 2.5875C0 4.025 1.1871 5.175 2.67097 5.175C4.15484 5.175 5.34194 4.025 5.34194 2.5875C5.34194 1.15 4.15484 0 2.67097 0ZM12.4645 9.4875V7.04375H8.0129V23H12.4645V14.8063C12.4645 10.2063 18.5484 9.91875 18.5484 14.8063V23H23V13.225C23 5.4625 14.5419 5.75 12.4645 9.4875Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our YouTube profile" href="https://www.youtube.com/SucuriSecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="30" height="21" viewBox="0 0 30 21" fill="none"><path d="M28.5264 3.64516C28.2012 2.42561 27.2041 1.45838 25.9469 1.12195C23.6708 0.533203 14.5667 0.533203 14.5667 0.533203C14.5667 0.533203 5.4625 0.533203 3.18646 1.12195C1.92922 1.43735 0.953767 2.40458 0.606942 3.64516C-2.64865e-06 5.85296 0 10.4999 0 10.4999C0 10.4999 -2.64865e-06 15.1257 0.606942 17.3546C0.932091 18.5741 1.92922 19.5414 3.18646 19.8778C5.4625 20.4665 14.5667 20.4665 14.5667 20.4665C14.5667 20.4665 23.6708 20.4665 25.9469 19.8778C27.2041 19.5414 28.1796 18.5952 28.5264 17.3546C29.1333 15.1257 29.1333 10.4999 29.1333 10.4999C29.1333 10.4999 29.1333 5.87399 28.5264 3.64516ZM11.597 14.6842V6.2735L19.2054 10.4788L11.597 14.6842Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Threads profile" href="https://www.threads.net/@sucurisecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="21" height="23" viewBox="0 0 21 23" fill="none"><path d="M10.6248 23H10.618C7.11116 22.977 4.4152 21.8452 2.60353 19.6372C0.99262 17.6717 0.160232 14.9366 0.132812 11.5096V11.4933C0.162191 8.06342 0.993599 5.33121 2.60549 3.36471C4.4152 1.15479 7.11312 0.023 10.6189 0H10.6326C13.3217 0.0191667 15.5712 0.694792 17.3172 2.01058C18.9595 3.24683 20.116 5.01017 20.7535 7.24979L18.7558 7.79508C17.6746 4.00008 14.9385 2.06042 10.6238 2.03071C7.77413 2.05179 5.61972 2.92771 4.21935 4.6345C2.90907 6.233 2.23239 8.54258 2.20595 11.5C2.23239 14.4574 2.90907 16.767 4.22033 18.3655C5.6207 20.0742 7.77609 20.9511 10.6248 20.9693C13.1935 20.9501 14.8925 20.3646 16.3046 19.0095C17.9175 17.4637 17.8891 15.5662 17.372 14.4114C17.0685 13.731 16.5171 13.1656 15.7719 12.7343C15.5839 14.03 15.1628 15.0784 14.5145 15.87C13.6469 16.9261 12.4189 17.503 10.8618 17.5854C9.68471 17.6477 8.54972 17.3765 7.67033 16.8178C6.62935 16.1575 6.02024 15.1503 5.95463 13.9773C5.89098 12.8369 6.35418 11.7875 7.25707 11.0237C8.11884 10.2954 9.33216 9.867 10.7658 9.7865C11.7538 9.72614 12.7455 9.77177 13.7233 9.92258C13.5999 9.2115 13.356 8.64608 12.9888 8.23879C12.4864 7.67721 11.7079 7.39258 10.6787 7.38587H10.6503C9.82376 7.38587 8.69955 7.60821 7.98566 8.65088L6.26506 7.52004C7.22476 6.12663 8.77985 5.35804 10.6503 5.35804H10.6934C13.8212 5.37721 15.6848 7.25075 15.8708 10.5215C15.9766 10.5656 16.0823 10.6116 16.1852 10.6576C17.6443 11.3285 18.7117 12.3453 19.2738 13.5997C20.0543 15.3439 20.1268 18.1901 17.7579 20.4595C15.9462 22.194 13.7487 22.978 10.6317 22.999L10.6248 23ZM11.607 11.7971C11.37 11.7971 11.1301 11.8038 10.8833 11.8172C9.08539 11.9159 7.96509 12.7238 8.02776 13.8709C8.09338 15.0746 9.44968 15.6333 10.7541 15.5643C11.9527 15.502 13.5137 15.0439 13.7761 12.0089C13.0628 11.8633 12.3357 11.7923 11.607 11.7971Z" fill="#00FFCE"></path></svg> </a> </div> </div> </div> </div> <div class="sucuri-footer-revamp child"> <div class="footer-menu-revamp-container"> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/website-security/"> Products </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/website-firewall/"> Website Firewall </a> <a class="link-child" href="https://sucuri.net/website-security-platform/"> Website Security Platform </a> <a class="link-child" href="https://sucuri.net/wordpress-security/"> WordPress Security </a> <a class="link-child" href="https://sucuri.net/website-backups/"> Website Backups </a> <a class="link-child" href="https://sucuri.net/website-security-platform/help-now/"> Hack Assistance </a> <a class="link-child" href="https://sucuri.net/website-security-platform/signup"> Pricing </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/ddos-protection/"> Solutions </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/ddos-protection/"> DDoS Protection </a> <a class="link-child" href="https://sucuri.net/malware-detection-scanning/"> Malware Detection </a> <a class="link-child" href="https://sucuri.net/website-malware-removal/"> Malware Removal </a> <a class="link-child" href="https://sucuri.net/intrusion-detection-system/"> Malware Prevention </a> <a class="link-child" href="https://sucuri.net/website-security-platform/blocklist-removal-and-repair/"> Blacklist Removal </a> <a class="link-child" href="https://sucuri.net/seo-spam-removal/"> SEO Spam Removal </a> <a class="link-child" href="https://sucuri.net/wordpress-security-plugin/"> Wordpress Security Plugin </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="#"> USE CASES </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/developers/"> Developers </a> <a class="link-child" href="https://sucuri.net/ecommerce-website-security/"> Ecommerce </a> <a class="link-child" href="https://sucuri.net/custom/agency/"> Agency Plans </a> <a class="link-child" href="https://sucuri.net/custom/agency/"> Enterprise Services </a> <a class="link-child" href="https://sucuri.net/http-2-rapid-reset/"> HTTPS/2 </a> <a class="link-child" href="https://sucuri.net/virtual-patching/"> Virtual Patching </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://docs.sucuri.net/"> Support </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://docs.sucuri.net/"> Knowledge Base </a> <a class="link-child" href="https://sitecheck.sucuri.net/"> SiteCheck </a> <a class="link-child" href="https://sucuri.net/guides/"> Guides </a> <a class="link-child" href="https://labs.sucuri.net/"> Research Labs </a> <a class="link-child" href="https://abuse.sucuri.net/"> Report Abuse </a> <a class="link-child" href="https://status.sucuri.net/"> Status Report </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/company/"> Company </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/company/"> About Sucuri </a> <a class="link-child" href="https://sucuri.net/company/contact-us/"> Contact </a> <a class="link-child" href="https://blog.sucuri.net/"> Blog </a> <a class="link-child" href="https://sucuri.net/referral/"> Referral </a> <a class="link-child" href="https://sucuri.net/partners/"> Partners </a> <a class="link-child" href="https://sucuri.net/customers/"> Testimonials </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="#"> Definitions </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/definitions/"> Firewall </a> <a class="link-child" href="https://sucuri.net/definitions/"> Bots </a> <a class="link-child" href="https://sucuri.net/definitions/"> Security </a> </div> </div> </div> </div> <div class="policy-container"> <div class="flex-menu"> <a href="https://sucuri.net/terms/">Terms of Use</a> <a href="https://sucuri.net/privacy/">Privacy Policy</a> <a href="https://sucuri.net/cookies/">Do Not Sell My Personal Information</a> <a href="https://sucuri.net/faq/">Frequently Asked Questions</a> </div> </div> <p class="copyright">© 2025 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.</p> <div class="back-to-top-mobile"> <a title="Going Top" href="#top"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 42 42" fill="none"> <circle cx="21" cy="21" r="20.5" fill="#02141B" stroke="white"/> <path d="M21 17.3202L29.0133 24.7468C29.0779 24.8079 29.1546 24.8562 29.2389 24.889C29.3232 24.9217 29.4135 24.9382 29.5046 24.9375C29.5956 24.9368 29.6856 24.9188 29.7694 24.8848C29.8531 24.8507 29.9289 24.8012 29.9924 24.739C30.0559 24.6769 30.1058 24.6033 30.1393 24.5227C30.1728 24.442 30.1891 24.3558 30.1874 24.2691C30.1856 24.1824 30.1659 24.0969 30.1292 24.0175C30.0925 23.9381 30.0397 23.8664 29.9738 23.8066L21.4802 15.9358C21.3517 15.8167 21.1794 15.75 21 15.75C20.8206 15.75 20.6483 15.8167 20.5198 15.9358L12.0262 23.8066C11.9603 23.8664 11.9075 23.9381 11.8708 24.0175C11.8341 24.0969 11.8144 24.1824 11.8126 24.2691C11.8109 24.3558 11.8272 24.442 11.8607 24.5227C11.8942 24.6033 11.9441 24.6768 12.0076 24.739C12.0711 24.8012 12.1469 24.8507 12.2306 24.8848C12.3144 24.9188 12.4044 24.9368 12.4954 24.9375C12.5865 24.9382 12.6768 24.9217 12.7611 24.889C12.8454 24.8562 12.9221 24.8079 12.9867 24.7468L21 17.3202Z" fill="#13EAC0"/> </svg> </a> </div> <div class="back-to-top"> <div class="circle"> <a class="circle-flex" title="Going Top" href="#top"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 42 42" fill="none"> <circle cx="21" cy="21" r="20.5" fill="#02141B" stroke="white"/> <path d="M21 17.3202L29.0133 24.7468C29.0779 24.8079 29.1546 24.8562 29.2389 24.889C29.3232 24.9217 29.4135 24.9382 29.5046 24.9375C29.5956 24.9368 29.6856 24.9188 29.7694 24.8848C29.8531 24.8507 29.9289 24.8012 29.9924 24.739C30.0559 24.6769 30.1058 24.6033 30.1393 24.5227C30.1728 24.442 30.1891 24.3558 30.1874 24.2691C30.1856 24.1824 30.1659 24.0969 30.1292 24.0175C30.0925 23.9381 30.0397 23.8664 29.9738 23.8066L21.4802 15.9358C21.3517 15.8167 21.1794 15.75 21 15.75C20.8206 15.75 20.6483 15.8167 20.5198 15.9358L12.0262 23.8066C11.9603 23.8664 11.9075 23.9381 11.8708 24.0175C11.8341 24.0969 11.8144 24.1824 11.8126 24.2691C11.8109 24.3558 11.8272 24.442 11.8607 24.5227C11.8942 24.6033 11.9441 24.6768 12.0076 24.739C12.0711 24.8012 12.1469 24.8507 12.2306 24.8848C12.3144 24.9188 12.4044 24.9368 12.4954 24.9375C12.5865 24.9382 12.6768 24.9217 12.7611 24.889C12.8454 24.8562 12.9221 24.8079 12.9867 24.7468L21 17.3202Z" fill="#13EAC0"/> </svg> <span> <p style="margin-top:0px !important; margin-bottom:0px !important;">back to top <svg xmlns="http://www.w3.org/2000/svg" width="20" height="10" viewBox="0 0 20 10" fill="none"> <path d="M10 1.57018L18.0133 8.99675C18.0779 9.0579 18.1546 9.10624 18.2389 9.13898C18.3232 9.17171 18.4135 9.1882 18.5046 9.18748C18.5956 9.18676 18.6856 9.16885 18.7694 9.13478C18.8531 9.10071 18.9289 9.05117 18.9924 8.98901C19.0559 8.92685 19.1058 8.85332 19.1393 8.77266C19.1728 8.692 19.1891 8.60582 19.1874 8.51911C19.1856 8.4324 19.1659 8.34688 19.1292 8.26749C19.0925 8.18811 19.0397 8.11644 18.9738 8.05663L10.4802 0.185786C10.3517 0.066655 10.1794 -3.93758e-07 10 -4.01598e-07C9.82063 -4.09439e-07 9.64833 0.0666549 9.51977 0.185786L1.02623 8.05663C0.960287 8.11644 0.907457 8.18811 0.870792 8.26749C0.834127 8.34688 0.814355 8.4324 0.812622 8.51911C0.810888 8.60582 0.827226 8.692 0.860693 8.77266C0.894159 8.85332 0.944088 8.92685 1.00759 8.98901C1.07109 9.05117 1.14691 9.10071 1.23065 9.13478C1.31438 9.16885 1.40439 9.18676 1.49544 9.18748C1.5865 9.1882 1.6768 9.17171 1.76112 9.13898C1.84544 9.10624 1.92211 9.0579 1.98669 8.99675L10 1.57018Z" fill="#13EAC0"/> </svg> </p> </span> </a> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div> <script src="https://www.google.com/recaptcha/api.js?onload=onRecaptchaLoad&render=explicit" async defer></script> <script type='text/javascript'> // Define a function to be called when reCAPTCHA script is loaded function onRecaptchaLoad() { // Your code that uses grecaptcha var recaptchaElement = document.getElementsByClassName('g-recaptcha')[0]; if (recaptchaElement) { grecaptcha.render(recaptchaElement, { sitekey: '6LetGjkUAAAAAJZdUKrKJtingLJw5x0mY-O2VGf_', }); } else { console.error('reCAPTCHA element not found'); } } </script> <script> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <script type="text/javascript" defer="defer" src="https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js" id="slick-js-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/themes/sucuriwp/js/navigation.js?ver=1628779856" id="sucuriwp-navigation-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/themes/sucuriwp/js/skip-link-focus-fix.js?ver=1628779856" id="sucuriwp-skip-link-focus-fix-js"></script> <script type="text/javascript" defer="defer" src="https://sucuri.net/wp-content/themes/sucuriwp/js/script.min.js" id="sucuriwp-js-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.2.1" id="smartmenus-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.27.2" id="e-sticky-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.27.3" id="elementor-webpack-runtime-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.27.3" id="elementor-frontend-modules-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3" id="jquery-ui-core-js"></script> <script type="text/javascript" id="elementor-frontend-js-before"> /* <![CDATA[ */ var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":false,"isScriptDebug":false},"i18n":{"shareOnFacebook":"Share on Facebook","shareOnTwitter":"Share on Twitter","pinIt":"Pin it","download":"Download","downloadImage":"Download image","fullscreen":"Fullscreen","zoom":"Zoom","share":"Share","playVideo":"Play Video","previous":"Previous","next":"Next","close":"Close","a11yCarouselPrevSlideMessage":"Previous slide","a11yCarouselNextSlideMessage":"Next slide","a11yCarouselFirstSlideMessage":"This is the first slide","a11yCarouselLastSlideMessage":"This is the last slide","a11yCarouselPaginationBulletMessage":"Go to slide"},"is_rtl":false,"breakpoints":{"xs":0,"sm":480,"md":768,"lg":1025,"xl":1440,"xxl":1600},"responsive":{"breakpoints":{"mobile":{"label":"Mobile Portrait","value":767,"default_value":767,"direction":"max","is_enabled":true},"mobile_extra":{"label":"Mobile Landscape","value":880,"default_value":880,"direction":"max","is_enabled":false},"tablet":{"label":"Tablet Portrait","value":1024,"default_value":1024,"direction":"max","is_enabled":true},"tablet_extra":{"label":"Tablet Landscape","value":1200,"default_value":1200,"direction":"max","is_enabled":true},"laptop":{"label":"Laptop","value":1366,"default_value":1366,"direction":"max","is_enabled":false},"widescreen":{"label":"Widescreen","value":2400,"default_value":2400,"direction":"min","is_enabled":false}},"hasCustomBreakpoints":true},"version":"3.27.3","is_static":false,"experimentalFeatures":{"e_font_icon_svg":true,"additional_custom_breakpoints":true,"e_swiper_latest":true,"e_optimized_markup":true,"e_onboarding":true,"e_local_google_fonts":true,"theme_builder_v2":true,"home_screen":true,"landing-pages":true,"link-in-bio":true,"floating-buttons":true},"urls":{"assets":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor\/assets\/","ajaxurl":"https:\/\/sucuri.net\/wp-admin\/admin-ajax.php","uploadUrl":"https:\/\/sucuri.net\/wp-content\/uploads"},"nonces":{"floatingButtonsClickTracking":"2c61b1a879"},"swiperClass":"swiper","settings":{"page":[],"editorPreferences":[]},"kit":{"active_breakpoints":["viewport_mobile","viewport_tablet","viewport_tablet_extra"],"global_image_lightbox":"yes","lightbox_enable_counter":"yes","lightbox_enable_fullscreen":"yes","lightbox_enable_zoom":"yes","lightbox_enable_share":"yes","lightbox_title_src":"title","lightbox_description_src":"description"},"post":{"id":10250,"title":"SiteCheck%20Remote%20Website%20Scanner%3A%20Mid-Year%202023%20Report%20%7C%20Sucuri","excerpt":"The latest trends in website malware with Sucuri\u2019s SiteCheck 2023 Mid-Year Report. We summarize the most common malware detected on infected websites in the first half of the year...","featuredImage":"https:\/\/sucuri.net\/wp-content\/uploads\/2023\/08\/OG-SiteCheck-Mid-Year-Report-2023-2400x1261-1.jpg"}}; /* ]]> */ </script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.27.3" id="elementor-frontend-js"></script> <script type="text/javascript" defer="defer" src="https://sucuri.net/wp-content/plugins/custom-functionalities-sucuri/assets/js/utilities/fslightbox.js?ver=1.0.0" id="sucuri-custom-functionalities-utilities-fslightbox-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.27.2" id="elementor-pro-webpack-runtime-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6" id="wp-hooks-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" id="elementor-pro-frontend-js-before"> /* <![CDATA[ */ var ElementorProFrontendConfig = {"ajaxurl":"https:\/\/sucuri.net\/wp-admin\/admin-ajax.php","nonce":"1a8b90ebce","urls":{"assets":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor-pro\/assets\/","rest":"https:\/\/sucuri.net\/wp-json\/"},"settings":{"lazy_load_background_images":true},"popup":{"hasPopUps":false},"shareButtonsNetworks":{"facebook":{"title":"Facebook","has_counter":true},"twitter":{"title":"Twitter"},"linkedin":{"title":"LinkedIn","has_counter":true},"pinterest":{"title":"Pinterest","has_counter":true},"reddit":{"title":"Reddit","has_counter":true},"vk":{"title":"VK","has_counter":true},"odnoklassniki":{"title":"OK","has_counter":true},"tumblr":{"title":"Tumblr"},"digg":{"title":"Digg"},"skype":{"title":"Skype"},"stumbleupon":{"title":"StumbleUpon","has_counter":true},"mix":{"title":"Mix"},"telegram":{"title":"Telegram"},"pocket":{"title":"Pocket","has_counter":true},"xing":{"title":"XING","has_counter":true},"whatsapp":{"title":"WhatsApp"},"email":{"title":"Email"},"print":{"title":"Print"},"x-twitter":{"title":"X"},"threads":{"title":"Threads"}},"facebook_sdk":{"lang":"en_US","app_id":""},"lottie":{"defaultAnimationUrl":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor-pro\/modules\/lottie\/assets\/animations\/default.json"}}; /* ]]> */ </script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.27.2" id="elementor-pro-frontend-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.27.2" id="pro-elements-handlers-js"></script> <script> // Define the container ID const containerId = 'firewall-container'; // Get the container element const container = document.getElementById(containerId); // Function to toggle the state function toggleRadioButtonsInContainer() { if (container) { // Check if the radio buttons are inside the container const firewallInput = container.querySelector('#firewall'); const platformInput = container.querySelector('#platform'); if (firewallInput && platformInput) { // Make the 'firewall' radio button checked and set aria-checked to true firewallInput.checked = true; firewallInput.setAttribute('aria-checked', 'true'); // Make the 'platform' radio button unchecked and set aria-checked to false platformInput.checked = false; platformInput.setAttribute('aria-checked', 'false'); } else { console.warn('Radio buttons not found inside the container.'); } } else { console.warn(`Container with ID '${containerId}' not found.`); } } // Call the function to toggle the state toggleRadioButtonsInContainer(); </script> </body> </html>

CINXE.COM

SiteCheck Remote Website Scanner: Mid-Year 2023 Report | Sucuri