Mod Security is an open-source web-based firewall application (or WAF) supported by different web servers: Apache, Nginx and IIS. Mod Security’s Open Source availability has resulted in it becoming one of the world’s most popular Web application firewalls and this application layer firewall is developed by Trustwave’s SpiderLabs and released under Apache License 2.0. Mod […]
Modx Revolution <=2.6.4 (Remote Code Execution)
Description Last week published two critical vulnerabilities affecting MODX Revolution <=2.6.4 which include remote script execution and file/directory removal. Hackers thereby able to compromise the website or spoil or delete files or directories. In the MODX Revolution Version <= 2.6.4, filtering users have an incorrect access control capability in the parameters, which becomes the phpthumb class that causes the […]
Importance of configuring firewall
A firewall is a security tool used in networks for preventing attacks from hackers, viruses, worms, malware etc. If we didn’t configure it correctly, it will not give the correct use. So configuring firewall is important. It can be either hardware or software based. It is like a physical gate in our house, it blocks […]
All in one Security Plugins for cPanel Servers
In this century, no of hackers and malware they created has been increased day by day. There are some basic security plugins and inbuilt protection available on cPanel, but nowadays they are not aggressive as earlier. Since new malware’s are being created by hackers, we need a new software’s to fight against malware threats and […]
Marvins.php webshell
The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server to upload, create, edit, download or delete files. Today we found this new PHP webshell from one of client server, which we have […]
cPanel Security Hardening
Server Security is something an exception. One day or another, your server will be attacked and the integrity of your data will be at risk, that does not mean you will lose the current and existing customers in the process. cPanel provides easy access to your search and accessibility, user-friendly interface for managing your website. […]
Joomla Security – Top 10 tips to secure your website
You might be familiar with JOOMLA!. It is a free and open-source content management system (CMS) for publishing web content. Behalf of its excellence JOOMLA had secured several awards. It is based on a model–view–controller web application framework that can be used independently of the CMS that allows you to build powerful online applications. The […]
Free SSL a replacement for Paid ssl?
Today I am discussing the free SSL and its difference between the paid ones and is it replacing the paid SSL. SSL ( Secure Socket Layer ) will encrypt the connection between the client ( web browser ) and server ( web server ). Which means the people who sniffing the data traffic between server […]
Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3
This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute […]
Drupal – Remote Code Execution (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2
This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user […]