Here at Sucuri Labs, our Malware Research team works diligently to stay ahead of the website security threat landscape.
Our investigations and analysis are a key component in the development of our cleanup rules and signatures. These pieces of code provide our tools with the information required to identify and mitigate a variety of known threats, including hidden backdoors, website defacements, and website software vulnerabilities.
To provide more guidance on our signature names, affected environments, cleanup instructions, and related code samples, we’ve broken down the list into three different categories.
SiteCheck Signatures
Signatures in this category include any items detected on SiteCheck, our remote malware scanner. The majority of these signatures include a brief description and a reference sample of the detected threat.
Malware Signatures
This category includes malware signatures that are detected and cleaned during our Incident Response process. Brief descriptions of the issue are provided, along with malware samples when available.
WAF Rules
These signatures provide additional information on our Web Application Firewall rules, which are triggered whenever page access is blocked due to a probable attack or customization.
-
WAF Signatures
- EXP036 - DB exploit attempt
- EXPVP16 - Exploit Blocked by Virtual Patching
- xss020 - An attempted XSS (Cross site scripting) was detected and blocked.
- 2FA1 - Request blocked, missing 2 factor authentication
- PBI009 - Blacklisted IP
- EXP034 - Exploit attempt denied
- 2FA3 - Request blocked, missing 2 factor authentication
- xss030 - An attempted XSS (Cross site scripting) was detected and blocked.
- sqli27 - SQL injection was detected and blocked.
- BNP006 - Request blocked, aggressive bot filter