Never to sit idle and always busy cleaning up after some idiot hacker has exploited someone’s server, I recently documented a few interesting articles for Conetix web hosting.
My latest article on Byte encoded PHP vulnerabilities is the result of exploit attempts I found in some of our hosted WordPress Sites. I noticed a new attack on some of the WordPress sites I manage when PHP files were suddenly altered by a hacker with code added to the front of the file, rather than the usual base64 encoded and then “eval()” being used to reverse the code and run it, this attack uses \xNN byte encoding of keywords and variables making it difficult for scanners to detect the infection. Since the article I also encountered a chr() attack pattern. As per usual the WordPress plugins that people have downloaded are to blame for most of the recent security exploits, while the WordPress code base fro m4.0 now appears very secure otherwise.
This recent article talks about something even I’m guilty of, leaving files on a web server so others can easily get them: https://www.conetix.com.au/blog/directory-traversal-attacks-beware-dirbuster
As many people know. SSL is very broken, so some articles I wrote outlining the issues for my clients:
Finally, the difference between SFTP and FTPS and which you should use if your travelling overseas and about to use “free” Wifi: https://www.conetix.com.au/blog/transferring-files-ftp-sftp-and-ftps