Install ModSecurity with Apache on Ubuntu 16.04 LTS

Tutorial

In this guide we will see how to install ModSecurity Web Application Firewall (WAF) to secure your apache web server. You need an Apache Web Server installed on your Ubuntu 16.04 LTS before you proceed with installation of ModSecurity WAF. Installing Apache To install Apache on your Ubuntu, issue following commands $ sudo apt-get update … Read more

Why choose Malware Expert Commercial ModSecurity Rules ?

ModSecurity

No matter how well a web server is configured, it is useless if it’s not properly secured. It’s a famous saying, ‘a chain is as strong as its weakest link’. As a system admin you have to address all vulnerabilities of your server. Since one single untreated vulnerability will be exploited by an attacker and … Read more

Cryptonight

Malware details

This again new malware which we call cryptonight, what we haven’t seen before. It’s downloads executable Linux program and hides that http daemon in background, which is difficult find process list at first glance. Manual remove process You can search if there running process httpd, which start cryptonight parameter: ps aux | grep cryptonight Then … Read more

How to Securing Web Server

Tutorial

Here in this tutorial we are talking about the basics of the steps required when securing Web server. Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are 8 basic tips to help keep your server safe secure and online. … Read more

Phoenix WebShell

Phoenix WebShell

New web shell (PHOENIX SHELL), which we have not seen before. This is a typical web shell, except there are a lot of extra features: Upload Command Execute Mass Deface cPanel crack CGI Telnet WordPress auto Deface Fake root Etc … In the action Final words Use Malware Expert – Signatures detect this Web shell … Read more

How to Whitelist IP Address with ModSecurity

Tutorial

If your business has a website, you may be familiar with the mod_security module for Apache Web servers. If you are new to ModSecurity, start by reading our comprehensive article: What is ModSecurity. Occasionally, you might need to bypass the module filters to accommodate a testing environment or to allow access for a particular IP … Read more

Processing phases of Modsecurity

Tutorial

ModSecurity works on a powerful language of rules and its API allows monitoring of HTTP(S) that is coming in and out of your web server, to keep your web applications up and running all the time. This article is written to show how ModSecurity protects web applications running on Apache Web Server. The below diagram … Read more

load_all.jar

Malware details

Today we found Java based malware. If attacker found File Upload vulnerability on the server, then it upload manual.php based malware, which trying load load_all.jar to server and running it background. Manual.php $out = shell_exec(“java -version 2>&1”); preg_match(“/version\s+\”1\.(\d+)\./”,$out,$matches); $ver = 0; if($matches)$ver = (int)$matches[1]; This manual.php uses lot off shell_exec function, but if you have … Read more

What is a web shell?

Web Shell

A web shell or backdoor shell is a script written in the supported language of a target web server to be uploaded to enable remote access and administration of the machine. Shells are able to infect servers that may not necessarily be internet-facing, servers for hosting of internal resources are also subject to web shell … Read more

SSL Certificate For free – Let’s Encrypt

Let's Encrypt

Let’s Encrypt is a new Certificate Authority (CA) that offers FREE SSL certificates that are just as secure as current paid certificates. The encryption within HTTPS is intended to provide benefits like confidentiality, integrity and identity. Your information remains confidential from prying eyes because only your browser and the server can decrypt the traffic. Integrity … Read more