We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean … Read more
Bash Vulnerability is a family of security bugs in the widely used Unix Bash shell. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer … Read more
We found lot off new activies again somekind bot network: If we look this line number 19: wp-load.php from auditlog and found there cookie ID & CODE payload (php eval): Our commerical ModSecurity rules detect these and block them!
PHP backdoors are server-side malicious scripts. The typical example of such backdoors are various File Managers, Web Shells, Command Shells, tools for bypassing admin login or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP based, thus intended for server-side use and the payload is … Read more
To extra protect your SSH server with an two-factor authentication, you can use the Google Authenticator PAM module. Every time you login ssh to server you have to enter extra the code from your smartphone. note: If you activate the google-authenticator for a normal user but not for root you can’t login with the root … Read more
Securing your Linux server is important to protect your and customers data, intellectual property, and time, from the hands of crackers/hackers. The system administrator is responsible for security Linux Server. 1. Use only Encrypt Data Communication Because all data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or … Read more
The HTTPOXY vulnerability which has been found recently is a vulnerability that affects applications that run in cgi or cgi-like environments. This means that the issue affects almost all web servers including Apache and Nginx and also most PHP applications. Even the mod_php mode on apache is affected. There is a common system environment variable … Read more