07 Apr

WP Super Cache Security Risk – Plugin WordPress

WP Super Cache Security Risk - Plugin Wordpress

IMPORTANT ! - SECURITY RISK

All those using the popular WordPress Plugin Wp Super Cache cache, must immediately update to version 1.4.4.

An exploit allows injection of data in files, allowing a hacker to create additional administrators and use the wordpress tools to create malicious files.

This is a very popular plugin that can reach more than 1 million users worldwide.

 

Serious and Verified Risk.

 

UPDATE YOUR PLUGIN NOW!

wp super cache security risk

http://arstechnica.com/security/2015/04/as-many-as-1-million-sites-imperiled-by-dangerous-bug-in-wordpress-plugin/

All those using the popular WordPress Plugin Wp Super Cache cache, must immediately update to version 1.4.4.

An exploit allows injection of data in files, allowing a hacker to create additional administrators and use the wordpress tools to create malicious files.

This is a very popular plugin that can reach more than 1 million users worldwide.

All those using the popular WordPress Plugin Wp Super Cache cache, must immediately update to version 1.4.4.

An exploit allows injection of data in files, allowing a hacker to create additional administrators and use the wordpress tools to create malicious files.

This is a very popular plugin that can reach more than 1 million users worldwide.

All those using the popular WordPress Plugin Wp Super Cache cache, must immediately update to version 1.4.4.

An exploit allows injection of data in files, allowing a hacker to create additional administrators and use the wordpress tools to create malicious files.

This is a very popular plugin that can reach more than 1 million users worldwide.

wp super cache security risk

wp super cache security risk

wp super cache security risk

Share this
05 Apr

Block Tor IP Addresses on your website

Block Tor IP Addresses on your website

The Tor network allows anonymous Internet browsing. Although this project is in its nature logical when we need to protect our identity, the fact remains that it is a risk for piracy.

Many people are using the deep web (Darknet) to conduct illegal activities or by making transactions with stolen credit cards, DDOS attacks or send SPAM on a small or large scale.

There’s no simple solutions to protect ourselves from users of the Tor network because the IP addresses change relatively frequently. Some users and some hosts allow internet traffic via their network.

 

Potential risks of a Tor user on your site

The Tor user can anonymously:

– Make awkward comments about your brand, your blog;

– Send SPAM to your address or to your web forms;

– Proceed with fraudulent orders on your online store;

– Extract information from your site, submit it to BRUTE FORCE attacks;

– Drive a DDOS attack;

– Use the Tor network to perform automated queries on your website.

 

Block Tor IP addresses

Internet Cloud Canada giving you a solution that will be an extra “layer of protection”. We recently explained how to protect from DDOS attacks with a good .htaccess file and by using the right equipment (cisco router, firewall etc.). This solution, will strengthen this protection.

Obviously, we will give you a slightly more practical solution though “manual” for the owner of a personal web site.

 

Solution in 4 easy steps

 

Step 1. Collection of current addresses of Tor

Go to the Tor Bulk Exit List exporting tool and click on the link “exit addresses”. Copy the result to a .txt file to your desktop.

 

Step 2. Collect only the IP addresses of the file

It is necessary to extract the IP addresses of the .txt file, so go to the Toolsvoid website. Copy-paste and press “submit”. The website will return the full list of IP addresses extracted. Copy this list on your desktop in another text file.

 

Step 3. Create an exclusion list for your .htaccess file

It would be tedious to manually write the .htaccess file for all these IP addresses. This is why you need to visit Tom’s Tools website that will generate it for you. Copy and paste the list and press the button “generate code”.

 

Step 4. Copy the code in the .htaccess file obtained

Copy and paste the code obtained in step 3 in your actual .htaccess file. Your website is now protected ftom Tor users!

 

Updates

Obviously, there is some ways to “automate” this procedure with a routine at the base of the web server. Your hosting provider may or may not offer this service. Internet Cloud Canada offers this service as an extra, if needed.

If you use our manual method, remember to repeat these steps regularly because now you know that the Tor IP addresses change relatively frequently. An interval of once each month seems quite appropriate to perform your updates.

If you have problems with anonymous users or want to act with prevention facing this problem, our 100% FREE 4-steps / 5 minutes solution worth it !

Enjoy!

Share this
30 Mar

GitHub under DDOS Attack since 4 days…

github under ddos attack since 4 days

GitHub, the web platform for teamwork on software development (sharing of source code for GPL or private rights, review and collaboration), has managed to keep its website accessible despite a DDOS attack that continues to fall on their servers since last Friday.

This seems to be Chinese hackers who have set their sights on the platform in order to show their dissatisfaction with the current development  of projects.

A DDOS attack is a denial of service attack, by sending thousands of requests to a server in order to render it inoperative in its ability to distribute the content. DDOS attacks are incredibly more complex and now requires a thorough approach to prepare for and manage the crisis when it happens.

 

How a DDOS attack take place?

A hacker or a group of hackers through several techniques take ownership of computers that have been infected by code (viruses). They divert the joint force of all these computers to a specific point and execute an attack. Like a crowd would take control of a traffic artery, heavy traffic slows the ability to run on it.

 

How to prevent DDOS attacks?

I do not think you can “avoid” a DDOS attack. This is something that may or may not happen to a business. These attacks are planned and designed a target for a reason more or less obvious. Let’s compare the DDOS attack as a terrorist attack, a way to be seen and heard of the mass by an unlawful act in order to harm, to cause damage and fear.

 

The tools available

Fortunately there is some tools available to better prepare for a DDOS attack. These tools must be combined with  some talent of the network managers and be part of an effective action plain against hackers.

The goal is to “filter” the data to determine between good and bad requests and to separate them. The management of these “data packets” is then now possible. We need several layers of protection, to sucessfully filter the data packets.

 

The material

At the hardware level, there are routers such as CISCO, which are able to accurately identify the traffic in the network and assign them some rules. Management is facilitated  for simple attacks by this equipment, but DDOS attacks are rarely simple as they were several years ago.

The use valid protocols  makes detection more difficult to identify. As a first line of defense, these kind of routers do a good job anyway.

Firewalls play a vital role in the security of a company but not in the prevention of a DDOS attack. They will play their role by closing a specific access but are not able to handle and filter the data packets one by one.

 

The strategy

DDOS attacks are not easy to handle and some gaps in the layers of protection must be filled by another layer of protection. This is why a simple equipment will not effectively help you.

The Internet provider is expected to play its role and provide some protection and act as the first layer of protection. Next comes your router, firewall, the internal configuration of your server, the web application management (load balancer), memory management and cache, filtering protection on the root of the website etc.

 

Website Root Protection

Good management of the base of your website is often a step that you are able to do. Be sure to read our first article on the .htaccess file if your server operates under Apache. We defined in this article several important points for the safety of your website set up. There are others, and a specialist like our employees at the technical support, will help you with this.

If your site is under “WordPress”, make sure it will not be hijacked by a gap in its code, by adding to your .htaccess file the following bit of extra code:


# XML RPC BLOCKING
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
# /XML RPC BLOCKING

 

Otherwise, your web designer and web hosting company should provide you the layers of protection needed or the protection options to deal with such threats.

Share this

© 2018-2023 Internet Cloud Canada.Tous droits réservés. (Sitemap).