cPGuard licenses has reached 500+ servers

OpsShield announces the growth of cPGuard licenses has reached 500+ servers last week. After publically releasing the product in 2017 last quarter, cPGuard is making progressive growth every month. Several major hosting companies now trust cPGuard to secure their servers and user accounts. Since the initial release, cPGuard is adding more features into the product … Read more

How to pick a secure WordPress theme

How to pick a secure WordPress theme

When it comes to choosing a WordPress theme, most website creators look for two things in particular: looks and functionality. However, another arguably more important factor that most people overlook is security. Picking a secure WordPress theme is one of the best ways to protect your website from hackers. There are, of course, many ways … Read more

What makes a safe password generator and how to get started with one

What makes a safe password generator and how to get started with one

Countless password generators exist in the market, and they all promise to deliver unique, secure and random passwords. However, according to an Andrea Rock study, consumers should be cautious and examine a password generator more closely before using it. That is because some password generators are less secure compared to others. To fully understand this, … Read more

Remote File Inclusion (RFI)

Remote File Inclusion (RFI)

Remote File Inclusion (also known as RFI) is the process of including remote files through the exploiting of vulnerable inclusion procedures implemented in the application. This vulnerability occurs, for example, when a page receives, as input, the path to the file that has to be included and this input is not properly sanitized, allowing external … Read more

Malware plugin’s to WordPress (woocomerce & aksimet)

Malware Signature Updates

When WordPress website user account compromised, there is possibility upload plugins. We have seen new malware plugins for WordPress which are named with woocomerce and aksimet. These plugins not have anything doing with real plugins, which are woocommerce and akismet. Both of these plugins use WordPress add_action(‘init’,”) function to activate itself and ready take commands … Read more

Technology & Development partnership with OpsShield (cPGuard)

cPGuard

Malware.Expert a leading provider well-known for Commercial WAF rules, ClamAV Signatures for PHP and for many other projects under their hood announcing its technology/development partnership with OpsShield, an Indian based development and server management company offering security suite for cPanel servers and other security/management solutions for Linux servers. “We are very excited to join cPGuard … Read more

WordPress GDPR Compliance Plug-in exploited (Privilege Escalation Flaw)

Vulnerability

On the 6th of November 2018, a popular WordPress plugin known as WP GDPR Compliance plugin, which is created to help website owners with GDPR compliance, was found to contain harmful vulnerabilities for privilege escalation that could allow for arbitrary code execution. Hackers have exploited this vulnerability to attack a number of websites. The vulnerability … Read more

Install cPanel and cPGuard to CentOS 7.x

cPGuard

This tutorial we installing cPanel server with cPGuard plugin. First need fresh minimal install of CentOS. Installation Requirements Minimum of 1 GB RAM (but 2 GB recommended). At least 20GB of free disk space (but 40 GB recommended). A valid cPanel license. Standard hostname (FQDN or Fully Qualified Domain Name) Perl Please note: Once you … Read more

Rootkits

rootkits

As malware go, rootkits are one of the more nasty ones. They are difficult to detect and are capable of causing more serious damage to any system they are installed in. What is a rootkit? Essentially, a rootkit is a software application designed to provide privileged access (hence the “root” in the name) to a … Read more

wp-crawl.php

Malware details

WordPress Duplicator version below <1.2.42 have Remote Code Execution (RCE) vulnerability, which allow modify wp-config.php file and inject malicious PHP code in there. Vulnerable code in this case isn’t present within the Duplicator plugin directory itself. The flaw becomes exposed when using Duplicator to migrate or restore a backed-up copy of a WordPress site. Reminder … Read more