G O D A D D Y S E C U R I T Y | S U C U R I

An analysis of the latest trends in malware and hacked websites at Sucuri.

This report is based on data collected and analyzed by

the GoDaddy Security / Sucuri team, which includes the

Incident Response Team (IRT) and the Malware Research

Team (MRT). It analyzes over 33,592 cleanup requests

and shares statistics associated with:

• Affected open-source CMS applications

• Outdated CMS

• Blacklist analysis

• Malware families and their effects

2 2 0 1 8 W E B S I T E H A C K T R E N D R E P O R T

Table of Contents

I N T R O D U C T I O N 3

C M S S E C U R I T Y A N A L Y S I S 4

O U T D A T E D C M S R I S K A S S E S S M E N T 6

B L A C K L I S T A N A L Y S I S 9

M A L W A R E F A M I L I E S 11

C O N C L U S I O N 18

3

The Website Hack Trend Report is a report produced

by GoDaddy Security / Sucuri. It summarizes the

latest trends by bad actors and identifies the latest

tactics, techniques, and procedures (TTPs) seen by the

Remediation Group (RG). This report builds on the data

from the previous year and includes updated data from

January to December 2018. It is focused on the Sucuri

brand only.

As seen in previous reports, issues pertaining to

vulnerabilities in extensible components and overall

security posture among website administrators are a

constant factor.

This report identifies trends and risk assessments for

Content Management Systems (CMS) applications most

affected by website compromises via our customers,

the type of malware families being employed, and

updates on the state of website blacklisting. It does not

consider data related to WordPress or other CMS plugin

or theme configurations.

The data is only a representative sample of the total

number of websites the team performed services for in

2018. A total of 25,466 infected websites and 4,426,795

cleaned files are analyzed in this report.

Note: This analysis does not look to measure the effectiveness of existing security controls, such

as hardening or web application firewalls. Compromises occur for a myriad of reasons, including

abuse of poorly configured environments for cross-site contamination, exploitation of access

control mechanisms with weak passwords or configurations, and other similar attack vectors.

Introduction

The Website Hack Trend Report is intended to identify trends and risks to website owners. Use this report as a guide to audit your website security environment.

I N T R O D U C T I O N

4

• WordPress infections rose from

83% in 2017 to 90% in 2018.

• Magento infection rates

dropped from 6.5% in 2017 to

4.6% in 2018.

• Joomla! infection rates dropped

from 13.1% in 2017 to 4.3% in

2018.

• Drupal infections rose from

1.6% in 2017 to 3.7% in 2018.

However, this does not imply these platforms are more or less secure than others. This data represents the

most common platforms seen in our environment and reflects the overall popularity of CMS’.

There were three leading CMS platforms in 2018: WordPress, Magento, and Joomla!

CMS Security Analysis

W O R D P R E S S

90%M A G E N T O

4.6%J O O M L A !

4.3%D R U P A L

3.7%M O D X

0.9%O T H E R S

0.7%P R E S T A S H O P

0.6%O P E N C A R T

0.4%

Note: The data in this graph exceeds 100% due to the fact that some websites may have multiple

CMS installations. For example, it’s common to see both WordPress and Joomla! installed on the

same server account.

The chart below provides a comparison of the platform distribution for the top four CMS applications

monitored from 2017 to 2018. The 2018 telemetry indicates a shift in CMS infections:

W O R D P R E S S83%

90%

M A G E N T O6.5%

4.6%

J O O M L A !13.1%

4.3%

D R U P A L1.6%

3.7%

+7%

-1.9%

-8.8%

+2.1%2 0 1 7 2 0 1 8

C M S S E C U R I T Y A N A L Y S I S

5

The team is unable to attribute this new distribution to a specific event outside of each platform’s global

adoption, though it’s important to highlight that this is primarily representative of our client distribution.

There were no specific events (e.g., mass infections) that would have contributed to the increases or

decreases in any specific platform.

The most notorious threats to CMS’ stem from vulnerabilities introduced by add-on modules, plugins,

themes, and extensions.

Vulnerabilities Researched:

Severe Vulnerabilities Detected:

Common Issues and Themes

in CMS Vulnerabilities:

• Improper deployment

• Security configuration issues

• A lack of security knowledge

or resources

• Overall site maintenance by

webmasters

• Broken authentication and

session management

O F V U L N E R A B I L I T I E S W E R E B L O C K E D B Y E X I S T E N T R U L E S

94.9%

116

T O T A L V U L N E R A B I L I T I E S R E S E A R C H E D :196

W O R D P R E S S

D R U P A L43

J O O M L A !37

20

T O T A L S E V E R E V U L N E R A B I L I T I E S :38

W O R D P R E S S

J O O M L A !18

C M S S E C U R I T Y A N A L Y S I S

6

While the leading cause of

infections stemmed from

component vulnerabilities, it’s

also important to analyze and

understand the state of the CMS’

we worked on. We reviewed

the ticket data for updated and

outdated CMS’ to identify infection

distribution trends.

We considered a CMS out of

date if the environment was not

patched with the most recent

recommended security version at

the time the service was performed

(a.k.a., point of infection).

Updating your software continues to be one of the most important aspects of website security.

Platform Distribution of Infected Websites

Outdated CMS Risk Assessment

44%of infected

websites were outdated

WordPress experienced a decline in the number of

outdated vulnerable versions of WordPress at the point of

infection. In 2017, 39.3% of hacked WordPress sites recorded

outdated installations. In 2018, this had dropped slightly — a

total of 36.7% of clean up requests for WordPress had an

outdated version.

W O R D P R E S S36.7%

M O D X50%

D R U P A L63.1%

P H P B B72.6%

M A G E N T O83.1%

J O O M L A !87.5%

O P E N C A R T91.3%

P R E S T A S H O P97.2%

O U T D A T E D C M S R I S K A S S E S S M E N T

7

This data demonstrates that the work WordPress continues

to do with auto-updates has a material impact. The one

area that requires considerable attention, however, are the

extensible components of the platform (e.g., plugins). These

extensible components are the real attack vectors affecting

tens of thousands of sites a year. The primary attack vector

abused when infecting WordPress are plugins with known and

unknown vulnerabilities. This makes the role of third-party

components more significant for this CMS.

Drupal had a 2.2% decrease in out-of-date versions from

the previous year.

Joomla! rose sharply from 69.8% in 2017 to 87.5% in 2018,

a 17.7% change. Since Joomla! does not currently possess

functionality for automatic updates, this contributes to a larger

window for attackers to target known vulnerabilities. This may

be related to the version release speed or client profiles seen

during the calendar year.

Magento websites (83.1%) were mostly out of date and

vulnerable at the point of infection, up 2.8% from 2017.

We also noticed high percentages of other outdated open-

source ecommerce platforms including OpenCart (91.3%) and

PrestaShop (97.2%).

This trend in outdated versions supports the idea that

ecommerce sites are notorious for straggling behind on

updates to avoid breaking functionality and losing money.

Unfortunately, these are also critical systems that are the

backbone of online commerce (ecommerce). These are also

sites run by organizations that have an obligation to be in

compliance with the standards set forth by the Payment Card

Industry Data Security Standards (PCI DSS).

W O R D P R E S S

M A G E N T O

J O O M L A !

D R U P A L

Platform Distribution of Sucuri Agency Customers

34%

4.4%

5.8%

3.7%

Attackers have a high interest in targeting ecommerce websites with valuable customer data (i.e., credit card and user information).

O U T D A T E D C M S R I S K A S S E S S M E N T

8

Attackers have a high interest in targeting ecommerce websites with valuable customer data (i.e., credit card

and user information). It’s imperative these website owners update their software to ensure their sites have

the latest security enhancements and vulnerability patches.

Websites are compromised daily due to outdated and insecure software, stolen credentials, and poorly

configured environments. We believe this stems from a variety of reasons:

• Issues with backwards compatibility

• Reuse of leaked passwords

• Cross-site contamination

• Highly customized deployments

• Pirated software with backdoors and other malware

• Neglected sites or a lack of resources to migrate to newer CMS versions

These areas tend to foster upgrading and patching issues for the organizations that leverage popular CMSs

for their websites, resulting in potential incompatibility issues and impact to site availability.

O U T D A T E D C M S R I S K A S S E S S M E N T

9

In 2018, we continued our analysis of blacklists. Website blacklists can significantly impact website owners

with devastating results.

Blacklisting can affect how visitors access your website and how it ranks in Search Engine Result Pages

(SERPs). Websites that have been scanned and found to possess harmful behavior or content are flagged by

a blacklist authority (like Google), which then removes the site from their index.

Websites lose about 95% of their traffic when blacklisted by Google, so it’s important to understand how

to prevent and remove blacklist warnings.

The data highlights the importance of continuous monitoring of web properties to detect security issues.

Blacklist Analysis

11%of infected

websites were blacklisted

Approximately 11% of the infected websites were blacklisted

by a prominent blacklist authority (a 6% decrease from 17% in

2017). The majority of blacklisting occurs due to spam, phishing,

and other malicious content that harms website visitors.

What these blacklists do poorly is detect infections that aren’t

manifested externally to the site (e.g., backdoors). Backdoors

maintain control of an environment or perform attacks on other

sites, however, they don’t trigger most blacklists because they

are not easily detected by automatic scans.

This data highlights the importance of continuous monitoring of web properties to detect security issues.

While helpful and an important part of your security portfolio, website owners can’t depend solely on

blacklist authorities to identify if a site has been compromised.

Our scans leverage a number of different blacklists. In 2018, the two most prominent blacklist authorities

were Norton Safe Web and McAfee SiteAdvisor; both of these groups accounted for over 40% of

blacklisted websites.

B L A C K L I S T A N A L Y S I S

10

Google Safe Browsing captured only 10.4% of the blacklists,

a 2.5% decline from 2017. Other authorities flagged 8.5% of

websites including PhishTank, Spamhaus, and several other

smaller groups.

This year, antivirus companies took the lead in blacklisting. This

may be due to the fact that they look at more than what the

website is doing. Antivirus companies analyze factors like IP

reputation and negative impacts to a users’ device when visiting

a compromised website. The goal of an antivirus company is to

protect users from cyberthreats, including malicious websites.

They are likely using various means to achieve this. Search

engines try to deter users from visiting hacked sites and often

detect malware and spam by remotely scanning the websites

using bots and crawlers.

It’s important to note that blacklist authorities do not operate

the same and will not necessarily share information with each

other. If your site is blacklisted (or removed from blacklisting)

by one authority, you may not see this reflected with other

blacklists. It’s recommended that you register with each

organization independently.

Note: An overlap seen in reported percentages is due to more

than one blacklisting authority flagging a single website.

Percentage of Reported Blacklisted Sites

Impact on Agencies After a Hacked Client Website

N O R T O N46.1%

M C A F E E40.9%

Y A N D E X15.3%

G O O G L E10.4%

O T H E R8.5%

L O S S O F T I M E39.3%

N O D I S R U P T I O N I N B U S I N E S S16.6%

L O S T C L I E N T C O N F I D E N C E14.2%

L O S S O F R E V E N U E12.1%

L O S S O F B R A N D R E P U T A T I O N9.7%

L O S S O F C L I E N T P R O J E C T S6.9%

B L A C K L I S T A N A L Y S I S

11

Our analysis helps shed light on an attacker’s tactics, techniques, and procedures to mitigate future threats.

Malware Families

Our 2018 research included infection trend analysis and how it correlates to malware families.

Malware families allow our team to assess an attacker’s tactics, techniques, and procedures (TTP). This

information inevitably leads us to their intentions and helps us understand and mitigate future threats.

A Quick Glossary of Terms

M A L W A R E F A M I L Y D E S C R I P T I O N

Backdoor

Malware

Mailer

Spam SEO

Defaced

HackTool

Phishing

Files used to reinfect and retain access.

Generic term used for browser-side code to create drive-by downloads.

Spam generating tools designed to abuse server resources.

Compromise that targets a website’s SEO.

Hacks that leave a website’s homepage unusable and promote an

unrelated subject (i.e., Hacktivism).

Exploit, or DDOS tools, used to attack other sites.

Used in phishing lures in which attackers attempt to trick users into sharing

sensitive information (i.e., login information, credit card data, etc.)

M A L W A R E F A M I L I E S

12

Malware Family Distribution

*Note: The suspicious category includes all signatures that could not be

classified in a known family.

Note: A hacked website may have multiple files modified with different

malware families, which explains why totals exceed 100%.

B A C K D O O R68%

M A L W A R E56.4%

S E O S P A M51.3%

S U S P I C I O U S *44.4%

H A C K T O O L18.9%

M A I L E R12.5%

D E F A C E D10.1%

P H I S H I N G8.9%

P H I S H I N G4.4%

In 2018, 68% of all cleanup requests revealed at

least one PHP-based backdoor hidden within the

site; this percentage dropped 3% from 2017. A drop

of 3% does not negate the relevance or importance of

doing deep scans. It is still the No.1 leading infection

out of all cleanup requests analyzed by the team.

Backdoors function as the point of entry into a

website’s environment after a successful compromise

and are one of the first things an attacker will deploy to

ensure continued access. These tools allow an attacker

to retain unauthorized access to an environment long

after they have successfully infected a website.

In many instances, we see attackers scanning sites for

known backdoors in target hosts, looking to potentially

abuse another attacker’s backdoor. Backdoors

give attackers the opportunity to bypass existing

access controls to web server environments and

are particularly effective at eluding modern website

scanning technologies. This makes them one of the

most commonly missed payloads and a leading cause

of reinfections.

The primary intent is within the attack itself — found

in the form of malicious redirects, SEO spam, drive-by-

download infections, and other forms of malware.

We discovered a sharp increase in the general

malware family distribution – from 47% in 2017

to 56.4% in 2018. Attacks within this category are

primarily related to the usage of PHP functions with

undetermined payloads that don’t meet the criteria for

other families.

M A L W A R E F A M I L I E S

13

Mailer script infections decreased from 19% to 12.5%.

Mailers abuse server resources and allow bad actors to send

unwanted emails from a domain. These forms of malware can

wreak havoc by distributing malware or phishing campaigns

and stealing sensitive information.

51.3% of all infection cases in 2018 were related to SEO

spam campaigns; up 7.3% from the previous year. This is one

of the fastest growing families over the previous years. They

are difficult to detect and have a strong economic engine driven

by impression-based affiliate marketing. Most frequently, the

result of Search Engine Poisoning (SEP) attacks, where attackers

attempt to abuse site rankings to monetize on affiliate

marketing or other blackhat tactics, SEO spam typically occurs

via PHP, database injections, or .htaccess redirects.

Websites impacted by SEO attacks often become infected

with spam content or redirect visitors to spam-specific

pages. Unwanted content is regularly found in the form

of pharmaceutical ad placements but may also include

injected content for other popular industries like fashion

or entertainment (i.e. pornographic material, essay writing,

fashion brands, loans, and online gambling).

YoY Comparison of Malware Families

SEO Spam is one of the fastest growing families over the previous years.

M A L W A R E47%

56.4%

M A I L E R S C R I P T19%

12.5%

S E O S P A M51.3%

44%

2 0 1 7 2 0 1 8

M A L W A R E F A M I L I E S

14

According to the annual trends shown (below) for the top three threats, we see an overall downward trend

for Malware and SEO spam after Q2-2018.

In general, the Malware family represents a more generic family of attacks including payment information

stealers, malicious trackers and ad networks, injections from paste sites and URL shorteners, cryptominers,

and exploits. The SEO Spam family is comprised of attacks that specifically target the manipulation of search

engine optimization.

Annual Trends for Top 3 Malware Families

Files Cleaned Per Compromised Site

We cleaned approximately 292 files during each malware

removal request, a 73.8% increase from 2017.

This data indicates an increase in the depth of files being

affected during a website compromise. It also demonstrates

why cleaning the symptom from one file is often not enough

to completely remove an infection.

Our analysis also identified the top files modified after a

successful compromise.

34.5% 13.5% 10.6%

I N D E X . P H P F U N C T I O N S . P H P W P - C O N F I G . P H P

S E O S P A M M A L W A R E B A C K D O O R S

50%

60%

70%

Q 1Q 4 - 1 7 Q 2 Q 3 Q 4

2 0 1 8292

2 0 1 7168

2 0 1 692

+73.8%

M A L W A R E F A M I L I E S

15

34.5% of sites had their index.php files modified after a compromise, indicating that this file is an

important asset that should be included in file integrity monitoring systems. Index files are found on nearly

every PHP site and are guaranteed to be loaded during web page generation. This makes them prime

infection targets for bad actors. These files are modified by attackers for a variety of reasons including

malware distribution, server scripts, phishing attacks, blackhat SEO, conditional redirects, and defacements.

We also identified that 13.5% of sites had modified functions.php files after a successful attack. These

files are often used to deploy SEO spam and other malicious payloads, including backdoors and injections.

The third most common file modified after a compromise was wp-config.php (10.6%), a reflection of

the number of cleanup requests seen for WordPress sites in the past year. This file contains sensitive

information about the database, including name, host, username, and password. It is also used to define

advanced settings, security keys, and developer options.

There are a number of reasons why the index.php, functions.php and wp-config.php files make for

popular targets among attackers:

• They are loaded on every site access.

• They belong to a group of core files not overwritten during WordPress updates.

• They are often ignored by integrity monitoring systems, as the value often changes frequently.

During our analysis, our researchers identified that the following signatures were most commonly

associated with these modified files:

Top 5 Signatures Targeting index.php

Twenty-four percent of index.php files were associated with the

malware signature php.malware.include.043. This signature

detects an obfuscation method responsible for hiding a file

inclusion (calls to PHP functions like include and include_once)

by replacing the file path characters with their correspondence

in Hexadecimal and mixing up with alphabetic characters -

example below.

Malicious Code Example:

@include “\057h\157m\145/\162b\157a\171d\057p\165b\

154i\143_\150t\155l\057t\155p\057p\150p\057u\160d\1

41t\145-\143a\143h\145-\064c\1444\0644\142b\057.\071-

5\1458\1446\0613\056i\143o”;

P H P . M A L W A R E . I N C L U D E . 0 4 324%

R E X - I N C L U D E _ A B S _ P A T H . 0 0 415.8%

R E X - . M A L W A R E . G E N E R I C . 0 2 26.8%

P H P . M A L W A R E . G L O B A L S . 0 0 76.2%

P H P . M A L W A R E . G E N E R I C . 0 5 05.1%

M A L W A R E F A M I L I E S

16

The second most common malware signature for index.php (15.8%) was rex.include_abs_path.004.

This signature looks for files called by PHP scripts using absolute paths and obfuscated characters within

seemingly innocent files.

The remaining top malware signatures associated with index.php are for generic malware signatures and

PHP malware.

Over 38% of functions.php files were associated with the

malware signature php.spam-seo.injector.221. This signature

detects malware that loads random content from a third-

party URL and injects it on the affected site. One of its most

interesting functions is the ability to update the configurations

through a remote command. It doesn’t explicitly act as a

backdoor, but it can use the function to load any kind of code

– including a backdoor. We usually find it on nulled or pirated

themes and plugins

The second most common malware signature associated with

functions.php files was php.malware.generic.050, impacting

8.3% of files. This is one of our favorite heuristic signatures that

relies on multiple triggers to clear a malicious eval call.

7.3% of functions.php files were associated with the malware

signature php.malware.anuna.001.02. Named after the

condition commonly required to run malicious content, the

malicious payloads vary from spam injection, backdoors,

creation of rogue admin users, and a variety of other

objectionable activities.

The signature php.spam-seo.wp_cd.001 (2.8%) is related to

malware that loads injected content and can be found on

nulled themes. Signature php.malware.GLOBALS.007 (2.8%) is

generic and relies on a number of different triggers to identify

the malicious usage of PHP GLOBALS variables.

Top 5 Signatures Targeting functions.php

Check if your website files are infected with malicous malware.

S U C U R I S I T E C H E C K

Scan your website >>

P H P . S P A M - S E O . I N J E C T O R . 2 2 138.2%

P H P . M A L W A R E . G E N E R I C . 0 5 08.3%

P H P . M A L W A R E . A N U N A . 0 0 1 . 0 27.3%

P H P . S P A M - S E O . W P _ C D . 0 0 12.8%

P H P . M A L W A R E . G L O B A L S . 0 0 72.8%

M A L W A R E F A M I L I E S

17

Also commonly seen with index.php files as described above,

11.3% of wp-config.php files were associated with the malware

signature php.malware.include.043.

9.1% of wp-config.php files were associated with the malware

signature rex.include_abs_path.004. This signature looks for

files called by PHP scripts using absolute paths and obfuscated

characters within seemingly innocent file types.

The fifth most common signature seen targeting wp-config.

php was php.backdoor.uploader.096 (1.1%), which looks for

backdoors that can download code from a remote origin and

upload it as a file on a compromised server.

We also identified the top three malware signatures of 2018:

Top 5 Signatures Targeting wp-config.php

Annual Trends for Top 3 Malware Signatures

The malware signature image.php_code.001 looks for

backdoors that have been hidden as an image extension or

appended to an existing image and loaded from another

different loader component.

Our Knowledge Base offers extensive details and information

about specific malware signatures.

P H P . B A C K D O O R . E V A L _ P O S T . 0 9 3

I M A G E . P H P _ C O D E . 0 0 1 P H P . M A L W A R E . G L O B A L S . 0 0 7

5%

10%

15%

20%

Q 1 Q 2 Q 3 Q 4

P H P . M A L W A R E . I N C L U D E . 0 4 311.3%

R E X . I N C L U D E _ A B S _ P A T H . 0 0 49.1%

P H P . M A L W A R E . G E N E R I C . 0 5 02.3%

P H P . M A L W A R E . A N U N A . 0 0 1 . 0 21.4%

P H P . B A C K D O O R . U P L O A D E R . 0 9 61.1%

M A L W A R E F A M I L I E S

18

The threat landscape has not dramatically changed the past few years. The leading cause of the infections,

anecdotally, came from poorly configured plugins, modules, and extensions inside some of the more

common CMSs; abused access control credentials; poorly configured applications and servers; and a lack

of knowledge around security best practices. These issues continue to be the leading causes of today’s

website hacks.

For organizations looking for additional environment hardening resources to those provided by GoDaddy

Security / Sucuri, we recommend the Open Web Application Security Project (OWASP).

OWASP Is a non-profit organization committed to improving the security of the web by helping

organizations of all sizes think through and implement appropriate web security controls. A specific

resource includes the 2017 OWASP Top 10 List.

Takeaways from this report include:

• WordPress continues to be the leading infected website CMS (90% of all websites cleaned by

Sucuri in 2018).

• There was a notable decrease in the number of updated Joomla! installations at the point of

infection. Magento also decreased in the percentage of updated vulnerable installations, while

WordPress and Drupal had a marginal increase from the previous year.

• The blacklist telemetry showed a 6% reduction in sites being blacklisted. Blacklist authorities

detected only 11% of infected sites in 2018. This speaks to the importance of augmenting your

scanning and detection controls.

• The malware families analysis showed that SEO spam has increased to 51.3% (up from 44% in

2017). It also showed a decrease in mailer scripts, from 19% to 12.5% and a sharp increase in

general malware distribution, from 47% in 2017, up to 56.4% in 2018.

New and existing technologies continue to develop and we expect to see evolutions in attack vectors shift

alongside them.

Poorly configured environments, outdated software, and a lack of knowledge around security is a prevalent issue.

Conclusion

C O N C L U S I O N

19

While there is no 100% complete solution capable of protecting any environment, you can employ a number

of different solutions to provide an effective defense in depth strategy. Layering defensive controls will

allow you to identify and mitigate attacks against your website.

Thank you for taking the time to read our report — we hope you found it engaging and informative. If there

is any additional information you think we should be tracking or reporting on, we want to hear from you.

20

Did you find this report helpful? Here are a few other free resources to help protect your website.

Additional Resources

How to Add Security to Your Customers’ Websites - Agency Email Course

Your clients depend on you as a knowledgeable

professional. If a hack brings your customer’s website

down, what is your plan?

How to Clean a Hacked WordPress Site - Guide

WordPress is the most popular CMS on the web, making it

a target for hackers and spammers. We have put together

this guide to help website owners walk through the process

of identifying and cleaning a WordPress hack.

Ecommerce Security - PCI DSS Compliance Requirements Guide & Checklist

Customers of your online store depend on you to protect

their data. This guide will explain the goals and requirements

of PCI compliance, best practices for securing ecommerce

websites, and tactics to combat threats against online stores. Free Firewall Trial

A firewall can block most website

hack attempts and mitigate DDoS

attacks. Try it free for 30 days.

Sign Up >>

Professional hack cleanup

Repair and restore hacked

websites before it damages your

reputation.

Fix My Website >>

With Sucuri, you get a highly technical team of

security professionals distributed around the

world, each trained in identifying and fixing any

issues you might face.

Real People.Real Security.

© 2019 Sucuri. All Rights Reserved.

Sucuri is a website security provider for demanding organizations that want to ensure the integrity and availability of their websites. Unlike other website

security systems, Sucuri is a SaaS cloud-based solution built on state of the art technology, excellent customer service, and a deep passion for research.

1–888-873-0817 sales@sucuri.net www.sucuri.net