Analyzing Popular Layer 7 Application DDoS Attacks

7LayerDDoS_V1r1

Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken down and kept offline because of them. Even over-provisioned servers can be taken offline by the smallest of DDoS attacks; caused by IP addresses being null routed by hosting providers and kept offline for days. Websites behind load balancers and cloud infrastructures are also susceptible, since very few of them are designed to handle DDoS Attacks and the variety of ways they can happen.
Read More

Demystifying File and Folder Permissions

File and Folder Permissions

If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to
Read More

FunWebProducts UserAgent Bloating Traffic

FunWebProducts

Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an
Read More

Wigo Means Bingo for Blackseo Agent

dbstPostv2

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi('-dbst',$_SERVER['REQUEST_URI'])) { error_reporting(0); include ('license.txt'); exit(); } The
Read More

Persistent XSS Vulnerability in WordPress Explained

Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version:  4.2.4 Last week the WordPress team released a patch that fixed 6 security vulnerabilities. Of the six, you'll find one  that we
Read More

Ask Sucuri: How Did My WordPress Website Get Hacked? – A Tutorial

AskSucuri_R1

With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today's websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly
Read More

WP-CLI Guide: Install WordPress via SSH

wpcli-install

This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database.
Read More

BIND9 – Denial of Service Exploit in the Wild

Bind9_Blog_Image

BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most DNS providers. A week ago, the Internet Systems Consortium (ISC) team released a patch
Read More

Prestige Conference Means Business

prestige

A great career in business could be likened to a well penned novel. It will be wrought with twists, sharp turns and will feature dull plateaus as well as the occasional apex. Woven among the exposition, rising action, climax, falling action and
Read More

WP-CLI Guide: Secure Plugin & Theme Management

wpcli-plugin

Welcome to our third post on WP-CLI for secure WordPress management over an SSH command line interface. In our previous two articles, we discussed how to connect to WordPress over SSH, and then how to back up & update WordPress securely. Like
Read More