Joomla! Releases Security Update in Version 3.8.6

On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component.  The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code.  It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.

In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:

  • Session management improvements
  • Hide configuration and system information from non-super users
  • Delete existing passwords when user passwords are changed
  • PHP 7.2 compatibility fixes

In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.

If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.

SiteLock Website Security Video

Welcome to the SiteLock Experience [Video]

Hello from SiteLock, your website security experts. We keep websites like yours safe and secure from cybercriminals.

We understand that when a website attack occurs, it can feel confusing, overwhelming, and sometimes catastrophic. Don’t worry, we’re here to help! SiteLock partners with hundreds of web hosts and will fix your website fast and make sure it’s protected from future cyberattacks.

Let us walk you through the SiteLock experience and show you why over 12 million websites trust SiteLock.

Read More

digital spring cleaning

Decoding Security 114: Spring Cleaning

Gearing up for another annual spring cleaning? Add a digital deep clean to your to-do list! Our hosts, Jessica Ortega and Ramuel Gall, share easy and valuable tips for conducting a digital spring clean of your website and everyday devices. With their help, you’ll be able to spring into the rest of the year with updated and more secure devices!

Read More


SiteLock Wins Big in the Info Security Products Guide 2018 Global Excellence Awards!

We’re excited to announce that SiteLock earned Gold, Silver, and Bronze recognition in the Info Security Products Guide 2018 Global Excellence Awards with its inaugural entry.

SiteLock® INFINITY took home Gold in the Security Monitoring category, further reinforcing its reputation and performance as an industry-leading malware and vulnerability detection and remediation solution. INFINITY combines deep website scanning, automatic malware removal and core content management system (CMS) security patching with unrivaled accuracy and frequency, delivering the highest level of protection against security threats and vulnerabilities in today’s ever evolving cyber world.

Read More

SiteLock Threat Intercept

Threat Intercept: Fake IonCube Malware Found in the Wild



Medium Threat
Learn More   

Category:PHP Eval Request

First Identifiable Data: 02/01/2018


Trend Name: Value

Vector: Multiple

The threat rating was determined using the following metrics:


Brief explanation Lorem ipsum dolor sit amet.

Confidentiality Impact:

Brief explanation

Integrity Impact:

Brief explanation

While reviewing an infected site, the SiteLock Research team found a number of suspiciously named, obfuscated files that appear almost identical to legitimate ionCube-encoded files. We determined the suspicious ionCube files were malicious, and found that hundreds of sites and thousands of files were affected. We will discuss the defining features of the malware, its purpose, and discuss mitigation for infected sites.

Read More


Drupal Releases Critical Security Updates

Last week Drupal released version 8.4.5, which addressed several critical security vulnerabilities.  The Drupal development team is urging all Drupal sites to upgrade immediately to avoid possible exploitation of these vulnerabilities in the core application.

Read More

what is malware

What Happens When A Host Suspends Your Website

Your website is offline and in its place is a message that says “Please contact your hosting provider for details.” Panic sets in, what does this mean? Why is this happening? How do I get the website back online? These questions and more begin to race through your mind.

Let’s start with what this means.  Your website has been suspended, which means the hosting provider has temporarily taken it offline. Website hosts often suspend websites for a myriad of reasons ranging from malware to spam.  They suspend websites when needed  to protect their servers that host tons of other websites, so they don’t get infected too.

Why is it happening?  Unfortunately, thousands and thousands of websites are infected every day and yours was one of them.  In fact, websites experience an average of 59 attacks per day, which is more than 21,500 per year.

Read More

Ask the Expert SiteLock Blog

Ask the Expert: Q&A with Morten Rand-Hendriksen

Brought to you by SiteLock, Ask the Expert is our new Q&A series where we learn from industry innovators, thought leaders, and entrepreneurs about how they’re influencing their field. Throughout this series, you’ll find our interviewees share one commonality: they’re passionate about open-source content management systems (CMS), like WordPress, Joomla! and Drupal. Join us as we dive into a variety of subjects, including social media, blogging and website security.

We are excited to kick-off Ask the Expert with Morten Rand-Hendriksen, web developer, author, educator, and WordPress mover and shaker!

Read More

Decoding Security data incident response plan

Decoding Security 113: What A Disaster

The 2018 Winter Olympics got off to a shaky start this year thanks to a cyberattack. The attack took down the official Olympics website, preventing access to tickets, thus preventing many ticket holders from attending the opening ceremonies. This kind of cyberattack could happen to any size organization at any time. In fact, it could happen to any person at any time. Cybercriminals often hack into individuals’ personal computers, allowing them access to private online assets, like family photos. No matter who you are, it’s important to put together an incident response plan (IRP) to protect your information should a crisis occur. In this week’s episode, our hosts share a few simple steps that anyone can take to create a response plan.


Read More

Tales of A Cybercriminal’s Treasure: A Guide to Website Security [Infographic]

What does a pirate attack on a celebrity yacht and a website compromise have in common? Read our infographic to learn the unprecedented parallels between how stealthy pirates stole from a yacht during a high-profile party, and how cybercriminals are increasingly sneaking their way into websites for self-serving purposes, like to steal email addresses and credit card info they can resell on the black market.

Read More

Page 1 of 31

Powered by WordPress & Theme by Anders Norén