That's a good approach, but not novel and not the first host doing that.
Many hosts automatically scan and fix their clients sites and have been doing that for a while. Specially when you are talking about popular CMSs like WorPress, Joomla and drupal.
I'm sorry, I think due to our lacking description of how the technology exactly works you're confusing it with existing technologies. What we announced today is not comparable with something like Installatron, they do just version updates. Those automatic updates usually breaks plugins. We only patch the vulnerabilities, without modifying any functionality.
Nope, we work with hosts that do exactly that. Patch and update if it is outdated, fix if it is broken and even remove any malware if it is infected.
Again, what you guys are doing is great, and I don't want to take that way. My only point is that you were not the first and some have been doing that for a while.
I don't know if this is the same thing, but I know Dreamhost auto-updates my abandoned Wordpress sites (is that triggered through Wordpress itself, even on independent WP installations?)
Another issue we identified is that you can find those "hidden" admin panel or URLs that shouldn't be known to the outside, by just refreshing the page a few times and checking all requests.
It is not a best practice, but some companies do and it makes easier for those to be found.
"
Sucuri is looking for a Senior PHP Developer with JavaScript & AJAX chops to join our team, and help us continue building the most polished and reliable website malware scanning and cleanup engine in the world.
This developer would be responsible for creating new enhancements as well as improving existing functionality within a high-load, high-availability, distributed environment. "
-Direct engagement with the research team to expand our engine
-Queue wrangler, engaging with Junior staff and streamlining processes
As you might imagine, its not all unicorns and rainbows we’re looking for a technical type and specifically someone with the following traits:
-Advanced Linux experience – CLI
-Server hardening and security experience (using firewalls, NIDs, HIDs, etc)
-Experience with log analysis, malware analysis or forensics a big plus
-System administration experience with WordPress, Joomla, ,etc osCommerce or other CMSs
-Shell scripting required
-PHP and C coding experience useful, but not required.
-Open source and community participation and contributions a plus
*We love to see active community engagement. If you’re already assisting on forums (WordPress.org, open source project, github, stackoverflow, stopbadware) please include your account name as a reference
IP addresses aren't reliable, especially when considering spammers will know IP address geolocation will be used. It may be safe to assume a vast majority of US IP addresses will actually be proxies.
