Top

How to Install Nginx with ModSecurity v3.0

Mod Security is an open-source web-based firewall application (or WAF) supported by different web servers: Apache, Nginx and IIS. Mod Security’s Open Source availability has resulted in it becoming one of the world’s most popular Web application firewalls and this application layer firewall is developed by Trustwave’s SpiderLabs and released under Apache License 2.0. Mod […]

Continue Reading

Modx Revolution <=2.6.4 (Remote Code Execution)

Description Last week published two critical vulnerabilities affecting MODX Revolution <=2.6.4 which include remote script execution and file/directory removal. Hackers thereby able to compromise the website or spoil or delete files or directories. In the MODX Revolution Version <= 2.6.4, filtering users have an incorrect access control capability in the parameters, which becomes the phpthumb class that causes the […]

Continue Reading

Importance of configuring firewall

A firewall is a security tool used in networks for preventing attacks from hackers, viruses, worms, malware etc. If we didn’t configure it correctly, it will not give the correct use. So configuring firewall is important. It can be either hardware or software based. It is like a physical gate in our house, it blocks […]

Continue Reading

All in one Security Plugins for cPanel Servers

In this century, no of hackers and malware they created has been increased day by day. There are some basic security plugins and inbuilt protection available on cPanel, but nowadays they are not aggressive as earlier. Since new malware’s are being created by hackers, we need a new software’s to fight against malware threats and […]

Continue Reading

Marvins.php webshell

The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server to upload, create, edit, download or delete files. Today we found this new PHP webshell from one of client server, which we have […]

Continue Reading

cPanel Security Hardening

Server Security is something an exception. One day or another, your server will be attacked and the integrity of your data will be at risk, that does not mean you will lose the current and existing customers in the process. cPanel provides easy access to your search and accessibility, user-friendly interface for managing your website. […]

Continue Reading

Joomla Security – Top 10 tips to secure your website

You might be familiar with JOOMLA!. It is a free and open-source content management system (CMS) for publishing web content. Behalf of its excellence JOOMLA had secured several awards. It is based on a model–view–controller web application framework that can be used independently of the CMS that allows you to build powerful online applications. The […]

Continue Reading

Free SSL a replacement for Paid ssl?

Today I am discussing the free SSL and its difference between the paid ones and is it replacing the paid SSL. SSL ( Secure Socket Layer ) will encrypt the connection between the client ( web browser ) and server ( web server ). Which means the people who sniffing the data traffic between server […]

Continue Reading

Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3

This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute […]

Continue Reading

Drupal – Remote Code Execution (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2

This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user […]

Continue Reading