Top

Archive | August, 2016

Install ClamAV cPanel Servers

Installing ClamAV cPanel server via WHM grahpical Login to WHM (Control Panel) as the root user Navigate to: Home » cPanel » Manage Plugins Select ClamAV tick the Install and keep updated box Click on Save Installing ClamAV via Command Line (SSH) This command tells the system that we want ClamAV to be listed as […]

Continue Reading

Securing cpanel server

php.ini Securing cpanel php.ini in controlpanel or manually. Login cpanel control panel and goto: Home » Software » MultiPHP INI Editor Find disable_functions: Change “disabled_functions =” to: Or manually change files below: Install ClamAV Scanner To install or uninstall ClamAV Scanner, use WHM’s Manage Plugins interface (Home » cPanel » Manage Plugins). Offical Ducumentation Install […]

Continue Reading

How To Set Up a Firewall Using Iptables

Setting up a good firewall is an essential step to take in securing any modern operating system. Most Linux distributions ship with a few different firewall tools that we can use to configure our firewalls. In this guide, we’ll be covering the iptables firewall. A good starting point is check the current rules that are […]

Continue Reading

PHP_SESSION_PHP

We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean […]

Continue Reading

Bash Vulnerability

Bash Vulnerability is a family of security bugs in the widely used Unix Bash shell. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer […]

Continue Reading

PHP Cookie Injection

We found lot off new activies again somekind bot network: If we look this line number 19: wp-load.php from auditlog and found there cookie ID & CODE payload (php eval): Our commerical ModSecurity rules detect these and block them!

Continue Reading

FilesMan

PHP backdoors are server-side malicious scripts. The typical example of such backdoors are various File Managers, Web Shells, Command Shells, tools for bypassing admin login or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP based, thus intended for server-side use and the payload is […]

Continue Reading

Protect SSH With Two-Factor Authentication

To extra protect your SSH server with an two-factor authentication, you can use the Google Authenticator PAM module. Every time you login ssh to server you have to enter extra the code from your smartphone. note: If you activate the google-authenticator for a normal user but not for root you can’t login with the root […]

Continue Reading