29
Sep
2014
The Shellshock Aftermath – How Hackers Are Bashing Servers

The Internet is currently abuzz with talk about Shellshock, the new “mega vulnerability” discovered in Bash (a.k.a. the Bourne-Again Shell), the most common command-line shell used in Linux/UNIX systems. This morning we released a quick blog post to let our customers know that we have already modified our WAF to protect against this vulnerability.

Now that the dust has settled, we are following up with some of the details we garnered through analyzing attack attempts against Incapsula-protected websites and servers.

Read more »

25
Sep
2014

Yesterday, a security researcher released the details of a major security vulnerability in Bash, a.k.a. Bourne-Again Shell, a popular software utility.

The vulnerability, known as Shellshock, will be a serious problem for many Linux, Unix, and Mac OS X users.

In order to protect our customers from being affected by Shellshock, Incapsula has proactively updated its WAF rules to block the vulnerability.

Read more »

16
Sep
2014
Breaking down Our New Weekly Report

Today Incapsula is releasing a revamped version of our weekly email report. With it we address two popular requests by our clients:

  • Consolidated view – In the past we would provide a separate email report for each domain running on Incapsula’s service. summary:
    Today, with most of our clients hosting multiple domains under the same account, and with some accounts having grown to hundreds or even thousands of domains, this method has outgrown its usefulness.
  • High-level insights – As the scope of Incapsula-monitored data continued to grow, we received numerous requests for a “Top Stories” report—one that would automatically highlight the most recent and most interesting activities. summary:
    Our new report does exactly this—both by providing aggregated account information, and by introducing a new ”Insight” section, which helps you keep of the most noteworthy traffic and security trends.

Incapsula’s new report also lets you better assess your bandwidth consumption. At the same time it enables you to easily monitor your security postures—from WAF alerts to the effectiveness of your own custom security rules.

Read more »

11
Sep
2014
CMS Security Tips

What do WordPress, Joomla, and Drupal all have in common? They are all among the most common hacking targets on the Internet.

A recent WP White Security study found that a staggering 73% of all WordPress installations had known vulnerabilities that could easily be detected using automated tools.

Cyber criminals have long discovered these security holes, with over 170,000 WordPress sites being hacked last year.

Read more »

03
Sep
2014
Semalt Hijacks Hundreds of Thousands of Computers to Launch a Referrer Spam Campaign

Chances are by now you’ve heard about “Semalt,” a dubious, self-proclaimed SEO tool, its unscrupulous behavior already having caused concern to many website owners. In what appears to be a large-scale, referrer spam campaign, Semalt is most commonly accused of ignoring 'robots.txt' directives and overbearing servers with a slew of suspicious-looking requests.

In this post, we shed light on Semalt’s suspicious activity and explains our rationale in preventing this bot from accessing any Incapsula-protected websites—unless manually permitted to do so by webmasters.

Read more »

27
Aug
2014
Three Tiers of DDoS Protection

DDoS attacks are one of the greatest threats facing your IT infrastructure in the modern business world. Today's DDoS attacks are more sophisticated and diverse than ever before; a simple one-dimensional threat protection platform is no longer enough to provide you with the level of support you need.

This is why Incapsula has introduced two new tiers of protection—infrastructure and DNS—to our existing web application defense offering. These new tiers combine to offer complete protection from all DDoS attacks, no matter where they may be targeted. The following is a quick overview of how the tiers function.

Read more »

20
Aug
2014
38 Days of DDoS — Behemoth’s Graduation Moment

Not one month after Incapsula announced its new DNS and infrastructure protection services, our new ’Behemoth‘ scrubbers were put to the test—mitigating a massive, multi-vector DDoS attack, peaking at 110+ Gbps and 90+ million packets per second.

Like the proud parents we are, we couldn’t help but brag about Behemoth’s success on Facebook and Twitter. One of these tweets caught the attention of Mohit Kumar, founder and editor-in-chief of The Hacker News (THN), who shot us an email with some questions. In responding we told him it appeared the attack “wasn’t going to stop any time soon”.

In retrospect, this turned to be a serious understatement...

Read more »


06
Aug
2014

Several hours ago, security researcher Nir Goldshlager revealed a new crucial vulnerability that allows offenders to launch a very effective Denial of Service attack, through a process that circumvents existing security measures.

The vulnerability exists in all WordPress and Drupal versions, affecting over 250 million websites, roughly 23% of the Internet website population today.

Incapsula’s security team issued an emergency patch, which has been deployed across the entire Incapsula network, preventing this vulnerability from affecting any of our WAF-protected clients.

We strongly urge all other WordPress and Drupal website operators to apply the latest security patch as soon as possible.

Read more »

24
Jul
2014
Dr. Crawlit - A Bot That Cares About the ‘Little Guy’

In the first post of this two-part series, we shared our insights into Googlebot’s activity and behavior patterns.

However, no overview of Googlebot activity would be complete without a mention of Googlebot imposters, who assume Googlebot’s identity to gain privileged access to websites and online information.

Every day millions of these “evil twins” are used for DDoS attacks, hacking, spam, content theft and many other shady activities. The details of these malicious escapades, that paint the event logs of Incapsula’s security services, are what we share with you here today.

Read more »