whitelist Archives - OmniSOS - Elite WordPress Security

What exactly is Malware?

Staff — Tue, 28 Oct 2014 22:22:18 +0000

Malware (Virus) is a very broad term, and there are many different ways that malware can be injected into a website. One common way that malware is inserted is by a File Inclusion vulnerability. With this vulnerability, the hacker will insert a malicious script into the site by editing the PHP. This is normally performed by using methods similar to Code Injections. As a result, creating secure user input validation will also mitigate this vulnerability, along with coding the PHP to eliminate the possibility of Remote File Inclusion (RFI). Malware can also be inserted by gaining login access, so many other security measures must be taken to mitigate this risk. Oftentimes, the hacker’s goal is to insert malware, no matter what vulnerability he/she is using to gain access.

The post What exactly is Malware? appeared first on OmniSOS - Elite WordPress Security.

What are Code Injections?

Staff — Tue, 28 Oct 2014 22:16:48 +0000

Code Injections (such as SQL Injections and command injections) are attacks that inject code into a server or database to unexpectedly execute commands or to insert malware. The most common form of Code Injection a hacker will use is to use special command line characters in a normal user input box to trick the server into executing the following command. This vulnerability is used for a wide range of malicious activity, which makes it particularly dangerous. These commands can be injected through any average text input box. The most effective way to prevent Code Injection is to create secure user input validation (such as a whitelist that allows only “innocent” characters, like letters and numbers), and to implement a secure firewall.

The post What are Code Injections? appeared first on OmniSOS - Elite WordPress Security.