Staff, Author at OmniSOS - Elite WordPress Security

What exactly is Malware?

Staff — Tue, 28 Oct 2014 22:22:18 +0000

Malware (Virus) is a very broad term, and there are many different ways that malware can be injected into a website. One common way that malware is inserted is by a File Inclusion vulnerability. With this vulnerability, the hacker will insert a malicious script into the site by editing the PHP. This is normally performed by using methods similar to Code Injections. As a result, creating secure user input validation will also mitigate this vulnerability, along with coding the PHP to eliminate the possibility of Remote File Inclusion (RFI). Malware can also be inserted by gaining login access, so many other security measures must be taken to mitigate this risk. Oftentimes, the hacker’s goal is to insert malware, no matter what vulnerability he/she is using to gain access.

The post What exactly is Malware? appeared first on OmniSOS - Elite WordPress Security.

What are Code Injections?

Staff — Tue, 28 Oct 2014 22:16:48 +0000

Code Injections (such as SQL Injections and command injections) are attacks that inject code into a server or database to unexpectedly execute commands or to insert malware. The most common form of Code Injection a hacker will use is to use special command line characters in a normal user input box to trick the server into executing the following command. This vulnerability is used for a wide range of malicious activity, which makes it particularly dangerous. These commands can be injected through any average text input box. The most effective way to prevent Code Injection is to create secure user input validation (such as a whitelist that allows only “innocent” characters, like letters and numbers), and to implement a secure firewall.

The post What are Code Injections? appeared first on OmniSOS - Elite WordPress Security.

What is a Brute-Force Attack?

Staff — Tue, 28 Oct 2014 22:08:48 +0000

Brute-Force attacks (also called an Exhaustive Key Search) are used with the intention of gaining access to the server or website by guessing the login authentication. Hackers who use this method typically have several computers with very fast hardware which use an algorithm to guess the password. These machines can guess thousands to millions of passwords per minute, and they will typically guess every possible password. This can be a very dangerous attack if security measures are not set up properly. The best way to prevent a successful Brute-Force attack is to prevent access to the login page after a certain amount of failed login attempts (implemented into most firewalls), to have a strong, secure password, and to set up two factor authentication. Two factor authentication uses a password, and also sends a verification code to the user’s cell phone. This makes it virtually impossible for Brute-Force attacks to be successful.

The post What is a Brute-Force Attack? appeared first on OmniSOS - Elite WordPress Security.

DDoS – What does it stand for?

Staff — Tue, 28 Oct 2014 21:56:09 +0000

Distributed Denial of Service (DDoS) attacks stress the server in several ways, with the intention of slowing it down or crashing the server itself. Hackers who use DDoS attacks are not necessarily trying to gain access to the website. Their main goal is to make the website inaccessible to its users. It is often unknown why hackers would use an attack like this. In the past, many DDoS attacks have been targeted at large companies. However, it is now much more common for these attacks to be directed at smaller websites, posing a threat to many normal websites on the internet. Having a secure and advanced firewall is one of the best methods for preventing DDoS attacks.

The post DDoS – What does it stand for? appeared first on OmniSOS - Elite WordPress Security.