Hi,
I am looking for some assistance, tips and guidance on the Website Malware.
Recently i have seen many of my friends who had a website were infected by
some malware which got illegal content on the site.
Most of them were either Wordpress or Joomla.
I see this in two ways :
Possibly their admin credentials for ftp, sftp, or admin to these
applications were compromised. This is possibly due to some malware or
stuff on the system they use to mange these sites
Second possibility is that there were knows/unknown security bugs in the
web that were exploited.
I want to understand what are the other possibilities and what are the
general rules that one should follow for securing the sites after
infection. Any pointers from your own blog, paper or tips from your own
experience would be helpful.
--
Regards,
Gautam
Gautam,
I have quoted two sentences from your e-mail:
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Most of them were either Wordpress or Joomla.
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Are you seeking the CVE(s) of the injection vulnerabilities within
Joomla and Wordpress?
--
Regards,
Christian Heinrich
Hi,
StopBadware has a comprehensive guide to help webmasters with badware in their websites:
https://www.stopbadware.org/common-hacks
https://www.stopbadware.org/webmaster-help/
And resources to help find badware and avoid it in the future:
https://www.stopbadware.org/hacked-sites-resources
Regards
Emilio
De: Christian Heinrich christian.heinrich@cmlh.id.au
Para: Gautam gautam.edu@gmail.com
CC: websecurity@webappsec.org
Enviado: Domingo 16 de junio de 2013 4:08
Asunto: Re: [WEB SECURITY] WebSite Malware and Samples
Gautam,
I have quoted two sentences from your e-mail:
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Most of them were either Wordpress or Joomla.
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Are you seeking the CVE(s) of the injection vulnerabilities within
Joomla and Wordpress?
--
Regards,
Christian Heinrich
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi Christian & Emilo,
I was looking for something which Emilo mentioned and more from your
experience. I know google gives lots of result on this however i was
looking at something which you guys use as good source.
This will help to start some reading.
If you guys by any chance have access to any list where i can get sample of
a vulnerable (malware infected) WordPress or joomla site then please share.
I like to practice while i am reading to make more sense to what i am
reading.
Thanks Guys.
I will go through this.
On Mon, Jun 17, 2013 at 4:58 PM, Emilio Casbas ecasbasj@yahoo.es wrote:
Hi,
StopBadware has a comprehensive guide to help webmasters with badware in
their websites:
https://www.stopbadware.org/common-hacks
https://www.stopbadware.org/webmaster-help/
And resources to help find badware and avoid it in the future:
https://www.stopbadware.org/hacked-sites-resources
Regards
Emilio
De: Christian Heinrich christian.heinrich@cmlh.id.au
Para: Gautam gautam.edu@gmail.com
CC: websecurity@webappsec.org
Enviado: Domingo 16 de junio de 2013 4:08
Asunto: Re: [WEB SECURITY] WebSite Malware and Samples
Gautam,
I have quoted two sentences from your e-mail:
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Most of them were either Wordpress or Joomla.
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
the web that were exploited.
Are you seeking the CVE(s) of the injection vulnerabilities within
Joomla and Wordpress?
--
Regards,
Christian Heinrich
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
--
Regards,
Gautam
I would recommend our labs for web site malware samples:
And our blog is only about it:
thanks,
On Mon, Jun 17, 2013 at 3:58 AM, Emilio Casbas ecasbasj@yahoo.es wrote:
Hi,
StopBadware has a comprehensive guide to help webmasters with badware in
their websites:
https://www.stopbadware.org/common-hacks
https://www.stopbadware.org/webmaster-help/
And resources to help find badware and avoid it in the future:
https://www.stopbadware.org/hacked-sites-resources
Regards
Emilio
De: Christian Heinrich christian.heinrich@cmlh.id.au
Para: Gautam gautam.edu@gmail.com
CC: websecurity@webappsec.org
Enviado: Domingo 16 de junio de 2013 4:08
Asunto: Re: [WEB SECURITY] WebSite Malware and Samples
Gautam,
I have quoted two sentences from your e-mail:
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Most of them were either Wordpress or Joomla.
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Are you seeking the CVE(s) of the injection vulnerabilities within
Joomla and Wordpress?
--
Regards,
Christian Heinrich
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
I would also recommend www.exploit-db.com as a place where you can find
plenty of known joomla and wordpress exploits, among others.
Best off all, the site often has a link to the vulnerable version of the
software, so you can download it and install it in your lab. Great way to
learn!
-Seth
On Jun 17, 2013 9:02 AM, dd@sucuri.net wrote:
I would recommend our labs for web site malware samples:
And our blog is only about it:
thanks,
On Mon, Jun 17, 2013 at 3:58 AM, Emilio Casbas ecasbasj@yahoo.es wrote:
Hi,
StopBadware has a comprehensive guide to help webmasters with badware in
their websites:
https://www.stopbadware.org/common-hacks
https://www.stopbadware.org/webmaster-help/
And resources to help find badware and avoid it in the future:
https://www.stopbadware.org/hacked-sites-resources
Regards
Emilio
De: Christian Heinrich christian.heinrich@cmlh.id.au
Para: Gautam gautam.edu@gmail.com
CC: websecurity@webappsec.org
Enviado: Domingo 16 de junio de 2013 4:08
Asunto: Re: [WEB SECURITY] WebSite Malware and Samples
Gautam,
I have quoted two sentences from your e-mail:
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Most of them were either Wordpress or Joomla.
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Are you seeking the CVE(s) of the injection vulnerabilities within
Joomla and Wordpress?
--
Regards,
Christian Heinrich
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
I would also recommend www.exploit-db.com as a place where you can find
plenty of known joomla and wordpress exploits, among others.
Best off all, the site often has a link to the vulnerable version of the
software, so you can download it and install it in your lab. Great way to
learn!
-Seth
On Jun 17, 2013 9:02 AM, dd@sucuri.net wrote:
I would recommend our labs for web site malware samples:
And our blog is only about it:
thanks,
On Mon, Jun 17, 2013 at 3:58 AM, Emilio Casbas ecasbasj@yahoo.es wrote:
Hi,
StopBadware has a comprehensive guide to help webmasters with badware in
their websites:
https://www.stopbadware.org/common-hacks
https://www.stopbadware.org/webmaster-help/
And resources to help find badware and avoid it in the future:
https://www.stopbadware.org/hacked-sites-resources
Regards
Emilio
De: Christian Heinrich christian.heinrich@cmlh.id.au
Para: Gautam gautam.edu@gmail.com
CC: websecurity@webappsec.org
Enviado: Domingo 16 de junio de 2013 4:08
Asunto: Re: [WEB SECURITY] WebSite Malware and Samples
Gautam,
I have quoted two sentences from your e-mail:
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Most of them were either Wordpress or Joomla.
On Sun, Jun 16, 2013 at 9:31 AM, Gautam gautam.edu@gmail.com wrote:
Are you seeking the CVE(s) of the injection vulnerabilities within
Joomla and Wordpress?
--
Regards,
Christian Heinrich
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org