We found lot off new activies again somekind bot network: If we look this line number 19: wp-load.php from auditlog and found there cookie ID & CODE payload (php eval): Our commerical ModSecurity rules detect these and block them!
PHP backdoors are server-side malicious scripts. The typical examples of such backdoors are various File Managers, Web Shells, Command Shells, tools for bypassing admin login, or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP-based, thus intended for server-side use and the payload is executed … Read more
To extra protect your SSH server with an two-factor authentication, you can use the Google Authenticator PAM module. Every time you login ssh to server you have to enter extra the code from your smartphone. note: If you activate the google-authenticator for a normal user but not for root you can’t login with the root … Read more
Securing your Linux server is important to protect your and customers data, intellectual property, and time, from the hands of crackers/hackers. The system administrator is responsible for security Linux Server. 1. Use only Encrypt Data Communication Because all data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or … Read more
The HTTPOXY vulnerability which has been found recently is a vulnerability that affects applications that run in cgi or cgi-like environments. This means that the issue affects almost all web servers including Apache and Nginx and also most PHP applications. Even the mod_php mode on apache is affected. There is a common system environment variable … Read more