Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3

This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute … Read more

Drupal – Remote Code Execution (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2

Security

This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user … Read more

Disable Theme and Plugin Editors from WordPress

Security

This is a big problem, if customer using very weak password’s with default username’s like admin/administrator and etc. Even if you don’t use default username you can get it very easily. Get WordPress username https://wordpress.site/?author=1 This redirects your correct username author page and you can get easily correct username which is probably admin user. If … Read more

Website backdoors with $variable functions

Tutorial

When a website is compromised, attackers frequently leave behind a backdoor – which is PHP code in a new file or injected PHP code to file that already on the server. These backdoors are not designed to attack a website or destroy data. Typically they allow an attacker to re-enter a targeted website with little … Read more

cPGuard Security Suite for cPanel Servers – Now Offers Automatic Virus cleanup [ Beta ]

cpguard cleanup

New version of cPGuard provides an exciting option to clean the file injections automatically and to restore the original file after removing the injection. Advantages of the particular option are 1. Prevent abusing the exploit further 2. Prevent website down due to the injected code 3. Reduce admin efforts to restore website after removing file … Read more

PHP File upload vulnerabilities

ModSecurity

Why PHP File Upload vulnerabilities is a Major Security problem ? There are lots of Web sites, which using some kind Content Management Systems (CMS), like WordPress, Joomla and etc., where an ability upload content like text, images and so on. There is no nothing bad for this, but there are also a lot of … Read more

Decode signatures with Sigtool

Tutorial

When you are scanning malware example ClamAV or Maldet from files in server and get positive hit, you may difficult find where has injected code in the file. For decoding signature you can use ClamAV sigtool command line tool. This will help you find the right position from infected file and remove malware code. Positive … Read more

scan FTP uploaded files on cPanel Servers with ClamAV

Tutorial

First we need install ClamAV, it has been now been included in cPanel/WHM. ClamAV is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. You can also install it from your … Read more

Whitelist rule with LocationMatch

Tutorial

Sometimes you need disable ModSecurity rules in specific url or program, because it causes false positives. This tutorial we show how you can whitelist rule or rules with apache LocationMatch directive. LocationMatch examples WordPress admin <locationmatch “/wp-(admin|login)/”> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch> phpmyadmin <locationmatch “/phpmyadmin/”> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch> Depend your server configuration, like … Read more