sql_dump.php – Bot network

malware botnetwork

Today we looked server’s logs and we found very active Bot network that trying use old malware and upload more PHP code files to servers. Malware files If we look access logs, we found many files which tried access, but they not are normal WordPress, Joomla etc. files. /Abbrevsprl.php /administrator/administrator.php /administrator/dbconfig.php /administrator/includes/readmy.php /administrator/webconfig.txt.php /al277.php /authenticating.php … Read more

RCE Attempts Against the Latest WordPress API Vulnerability

We are see remote command execution (RCE) attempts trying to exploit the latest WordPress API Vulnerability. The attackers trying to exploit sites that have plugins like the Insert PHP, Exec-PHP and similar installed plugins. These plugins, allow users to insert PHP code directly into the posts as a way to make customizations easier. Coupled with … Read more

Web Application Firewall

A Web Application Firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of … Read more

ModSecurity Examples – Writing ModSecurity rules

ModSecurity

In this article, we will go over the basics of ModSecurity rule writing and also provide ModSecurity rule examples. In case you are new to ModSecurity, we also have an informative article: What is ModSecurity and why do we need it? ModSecurity Rule Writing The ModSecurity Reference Manual should be consulted in any cases where … Read more

Securing Directadmin Server

ssh If possible, don’t allow user login ssh to the server. Also disable root user login and use sudo to gain root access. Change: Restart ssh server! Note: Make sure you installed sudo and sudoers to your user! Filesystem You can prevent and hide access certain folders and files. php.ini There are certain functions in … Read more

Install ModSecurity to Directadmin with Custombuild 2.x

Prerequisite If you dont have custombuild or version is 1.x, you need first upgrade to custombuild 2.x. Upgrade instruction https://help.directadmin.com/item.php?id=555 Update Custombuild Update custombuild: Configuration Edit options.conf file and change these lines to below: Build ClamAV scanner Optional can use Malware Expert ClamAV Signatures and Linux Malware Detect Build ModSecurity Mod_Security Rules In options.conf possible … Read more

Securing cpanel server

php.ini Securing cpanel php.ini in controlpanel or manually. Login cpanel control panel and goto: Home » Software » MultiPHP INI Editor Find disable_functions: Change “disabled_functions =” to: Or manually change files below: Install ClamAV Scanner To install or uninstall ClamAV Scanner, use WHM’s Manage Plugins interface (Home » cPanel » Manage Plugins). Offical Ducumentation Install … Read more