Category Archives: Security

WordPress Malware Infection

What is WordPress Malware Infection? How do you deal with it?

WordPress is the most popular content management system on the web. Besides the popularity, it has many advantages. But unfortunately, it comes with certain downsides as well. if you go by statistics, more than 70% of WordPress installations are vulnerable to hacker attacks.

In WordPress websites, we generally install third-party plugins/themes for integrating additional features. But most of the time, we are not aware of the inherent security vulnerabilities of these plugins/themes which act as critical loopholes that are targeted by hackers/malware botnets, etc. Some plugins provide regular updates for patching those issues. But if we fail to do them, it leads to the exploitation of the vulnerabilities and severe malware infection.

……………………………………………………………………………………………………
Why secure WordPress websites before enabling SEO?

We know that bots crawl websites. But nowadays, bots make more visits to websites than human traffic. Malware Bots attack by trying a set of tentative URLs on websites. If a website has a vulnerability, and it gets figured out by the malware through this approach,  the website becomes a candidate for exploitation. So, before enabling SEO on a website, we need to make sure that the website is secure; otherwise, you are at the mercy of bad bots which will take advantage of it. In some cases, malware can damage a site’s relationship with leading search engines by injecting malicious contents.

Effects of Malware Infection:
  • WP-admin will not be accessible due to unwanted 302 redirects to third-party malicious websites.
  • .htaccess file content will be changed even though it has proper file permission.
  • Files with extension .php.suspected will be created along with many duplicates of stylewpp.php.
  • Random posts will be created in WP DB.
  • Unknown admin users may have been created.
Steps to prevent Malware Infection :
  1. Take a regular backup of codebase and database.
  2. Restore content of .htaccess file and set proper file permission.
  3. Check crontab for any suspicious entries.
  4. Kill suspicious processes on the server.
  5. Check the access log and find suspicious HTTP calls.
  6. Block suspicious IPs which are making malicious attacks.
  7. Most core WordPress files should never be modified. You need to check for file integrity issues in the wp-admin, wp-includes, and root folders. Remove unknown files & folder with cascade delete [Suspected from access log]
  8. Analyze malicious PHP code which is injected into WP folders. It would be great if you can analyze malicious PHP script and decode their intention which will help you to remove infection easily.
  9. Prevent random article creation. We found “content-main.php” file to be executed by malware botnet from access log. It was injected in path “/wp-content/content-main.php”.
  10. Remove suspicious admin users
  11. Update WordPress to the latest version
  12. Change all credentials of cpanel , FTP and DB.
  13. Stop the brute force attack. Even if you will remove all files, folders, kill all malware processes & change passwords, malware will never sit idle. Because it has already entered your site domain name, IP & malware file locations in its database. So it will try to make continuous HTTP calls to malicious PHP script locations which will return 404 error which is fine. You also cannot block all IPs of malware botnet because it keeps on changing IPs.
    It tries the bruteforce login page with breached admin user names against a global database of pawned passwords.
  14. Block xmlrpc
  15. Prevent bad bots
    Modify the robots.txt file to prevent crawling core directories along with themes/plugin directories. Also, identify bad bots and prevent them from crawling website pages.
  16. Use SFTP instead of FTP
  17. Change default wp-login, wp-admin, wp-content urls. Below are some of the WP plugins which you can use for changing url of wp-login, wp-admin, wp-content, plugin urls.
    WPS Hide Login
    Protect Admin
  18. Install any of blow WP security plugins.
    Securi
    Quttera Web Malware Scanner
    Wordfence
  19. Add proper file & folder permissions.
  20. Check for known vulnerabilities in existing installed plugins.
    https://wpvulndb.com/
……………………………………………………………………………………………………
Conclusion

Nowadays, malwares are getting injected by botnets instead of humans. They crawl for vulnerable urls and exploit them one by one.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. Lakin enjoys sharing his thoughts on computing and technology in his personal blog.
To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Information Security

The most probable thing you & your vendor never discussed

Security of Information. Information Security.

Oops!
Oops!

It is not surprising that during all outsourcing discussions which happen, couple of things are always discussed because those are considered to be the key elements of success – communication, pricing, work hours, deliverable, timeline, holidays, culture and others in decreasing order of priority. Each of these play a vital role in the process. And you feel the emphatic ‘Yeshh!’ feeling when you have weighed in all of them. There is another factor which needs to be factored in as well – Information Security.

I know you must be silently feeling happy and clenching your fists with that Yeshh! feeling if you had touched upon this topic in your discussions. And you must be. After all,  Information Security Services continue to grow– dramatically yet quietly.  It is not just about your data being securely used by the IT Services vendor you employed, it is also about your customers refusing to use your software product if it does not assure them of data security. Think of the financial reminder app you are planning to create for your target market. If the app does not usher faith from the data security signatures, not too many takers would even be saving their account numbers within. This might be a lame example but what I am trying to hint at is – Unless your app keeps my data secure, I ain’t gonna buy it for Free! Period.

The Guardian, UK recently reported that half of the Clearswift survey respondents were concerned that social media channels could pose significant risks to their IT security.  In addition, the UK government has identified information security as a key priority for the current year – 2013.

Information security does not just mean data breach or unidentified and fraudulent access to your confidential and proprietary data. Accidental data loss is perceived to be the biggest information security globally.  In the event of a data leak, the greatest worry is about reputational damage to the organisation (31%), followed by financial consequences (20%), with policy or compliance issues coming in third (18%) as per the survey.

John Oltsik, a Principal Analyst, NetworkWorld recently shared his estimate that about 0.60 to 0.70 cents of every security dollar is spent on either endpoint or network security.  While vendors scramble to establish positions or defend customer bases, users benefit from a much-needed wave of information security innovation and architectural integration.

Yup, there are lots of reasons like this why organizations are consuming more and more security services worldwide.

Solutions?

So what should businesses do when it comes to implementing information security strategies? What should they do when they are dealing with outsourcing partners?

It is clear that information security lapse can be harmful if not disastrous to the reputation of the company and possible financial losses as well. Hence promoting training and awareness within the organisation is clearly one way of dealing with it.

And the next step would be to adhere to a set of globally bench marked policies which help you avoid the risks because of information security. An information security management system (ISMS) is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001. The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk.

The next step would be to hire a custom software development services vendor who is ISO 27001 certified. And if your vendor does not have a Infrastructure Security Management System certification from ISO, you will mostly get evasive answers to your queries on information security. Go ahead and ask your vendor the following questions as suggested by Bill Mathews, Hurricane Labs.

  • What secure development lifecycle (SDL) do you use?
  • What type of regression testing do you employ with bug fixes?
  • What type of security training do you provide to your developers?
  • What sort of logs will this application generate?
  • How will the application handle authentication?
  • How will the web application handle credit card payments?
  • Has an application you’ve written ever been “hacked” or breached?
  • Can you tell me 5 good reasons why this application will never be hacked?

By this time, you would realize that you can not risk your product and your data with someone who is not ISMS certified. Go ahead and talk to someone who is ISO 27001:2005 certified.

What do you think?  Do you agree Information security should be cared for?

Author – Subhendu Pattnaik

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Sidejacking: How to prevent Firesheep from hijacking your session

Sidejacking, a technique of hijacking web sessions of other users in the network, has suddenly gained much attention on the Internet, thanks to a new Firefox extension Firesheep.

In a sidejacking session, the attacker sniffs data packets of the transactions over the network and steals cookie which the attacker can then use to impersonate the victim on the site the user is currently logged in. Even if they have encrypted login pages, unsecured HTTP sites use cookies to identify you during the entire session and this is what the attacker exploits. An attacker with certain tools can steal the cookie during transaction and use it to make the server treat the hijacker as the legitimate user. This vulnerability has existed since a long time but exploiting it was never so easy nor was it as alarming. Continue reading Sidejacking: How to prevent Firesheep from hijacking your session

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •