What better way to celebrate Thanksgiving than to share an interesting case that involves two of the most popular CMS applications out there – vBulletin and WordPress.
Here is a real case that we just worked on this week, involving an attacker dead set on stealing credit card information. Enjoy!
The client runs a fairly successful e-commerce website. They run two main applications within their architecture – vBulletin and WordPress.
vBulletin is used for their support and collaboration forums, while WordPress for their main website and e-commerce. This appears to be a pretty standard configuration across most larger web application environments these days.
Everything is sitting on a LAMP (Linux / Apache / MySQL / PHP) stack, so nothing too special there. For the most part, things are up to date, they might be a version or two behind, but none of it earth shattering or something worth writing home about.
In regards to security, they are running CloudFlare.
All in all, it probably sounds a lot like your environment[s].