In this century, no of hackers and malware they created has been increased day by day. There are some basic security plugins and inbuilt protection available on cPanel, but nowadays they are not aggressive as earlier. Since new malware’s are being created by hackers, we need a new software’s to fight against malware threats and […]
Marvins.php webshell
The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server to upload, create, edit, download or delete files. Today we found this new PHP webshell from one of client server, which we have […]
cPanel Security Hardening
Server Security is something an exception. One day or another, your server will be attacked and the integrity of your data will be at risk, that does not mean you will lose the current and existing customers in the process. cPanel provides easy access to your search and accessibility, user-friendly interface for managing your website. […]
Joomla Security – Top 10 tips to secure your website
You might be familiar with JOOMLA!. It is a free and open-source content management system (CMS) for publishing web content. Behalf of its excellence JOOMLA had secured several awards. It is based on a model–view–controller web application framework that can be used independently of the CMS that allows you to build powerful online applications. The […]
Free SSL a replacement for Paid ssl?
Today I am discussing the free SSL and its difference between the paid ones and is it replacing the paid SSL. SSL ( Secure Socket Layer ) will encrypt the connection between the client ( web browser ) and server ( web server ). Which means the people who sniffing the data traffic between server […]
Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3
This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute […]
Drupal – Remote Code Execution (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2
This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user […]
Disable Theme and Plugin Editors from WordPress
This is a big problem, if customer using very weak password’s with default username’s like admin/administrator and etc. Even if you don’t use default username you can get it very easily. Get WordPress username https://wordpress.site/?author=1 This redirects your correct username author page and you can get easily correct username which is probably admin user. If […]
Security is a false feeling
Server security is a highly concerned nowadays by website owners and server owners. And lots of companies providing hardening services at a high cost. While considering the server security or security of your site, don’t confuse true security with a false sense of security. In this article, I am mentioning some of the misconceptions or […]
Website backdoors with $variable functions
When a website is compromised, attackers frequently leave behind a backdoor – which is PHP code in a new file or injected PHP code to file that already on the server. These backdoors are not designed to attack a website or destroy data. Typically they allow an attacker to re-enter a targeted website with little […]