Secure your webserver

Published Date: 2020/02/12 by: DaVieS

Secure your webserver

Warning! Seems like webdevelopment went crazy!
If you would like to avoid any hacking or destructive operations by attackers see below, you may found this little article interesting.

To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1Mo24VYuZfZrDHw7GaGr8B6iZTMe8JbWw8 and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: plife_geniza, plife_shop, plife_crm . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise.

So what to do? - We help that.

How did they hacked me...

The most common attack methods are:

  • .env files (Laravel) may contains your database passwords and any sensitive data, this file should not been used by Laravel this is simply irresponsibility since PHP was born all passwords are must be stored in PHP files.
  • .git files, this is a Git Repository if this available to attackers they could grab your source code including passwords.
  • .ini files sometimes a beginner PHP programmers uses .INI files to store passwords
  • .db / .sqlite We discovered many SQlite database available in websites that contains passwords or any sensitive datas.
  • User-Agent XSS: if your website tracking User-Agent or any header sent to the server and if you can see them like in admin-area you should 'escaping' against < > html codes, because if you dont a well crafted query could lead to hijacking your session.
  • You didn't use SSL.
  • You are using wordpress

 

 

Prevention!

Prevention is always the best solution, here are some steps:

  • Make sure the Database Server is unreachable from internet.
  • Disable some paths / extensions in your webserver config
    • .git
    • .env (Laravel uses it, no clue how do they think this...)
    • .ini
    • .db
    • .sqlite
  • Make a regular backups and upgrade your server periodically.



If you like the article then don't forget to share!


Big Concern: Facebook hack, Google Chrome V8 Hack, Meta Support

Many users experiences that their account leaked through Facebook Advertisement platform.The BOT change their names to Kevin Konkrete Davis and..


Maintenance

We are doing some regular maintenance at 22:00 - 02:00 UTC. Some services might be distrupted at this time. ..


FreeBSD Bhyve Webadmin | BVCP 1.9.8 Just Released

BVCP 1.9.8 features  New protocol to transmit VNC/RFB data as encrypted and compressed.Better, faster and more responsive UI.Colored..


BVCP 1.9.8 Upcoming Features

We received a ton of feedback about our new project, BVCP.So here is a little description what we are working currently. The next release will..


Trackit-PortGuard just released

When implemented well, this software can be considered as two-factor pre-authentication.Therefore this is one of the most secure method to..


2022 annual report

Here we go another year passed away.We very well predicted the importance of energy efficiency. In the year of 2022 we faced a lot of challenges..


A dull attempt to hack into my email from Nigeria.

Seems like this amazing African country has some hacky potential, but so much to learn.The thing why is this attempt worth a blog entry, because..


BVCP 1.9.0 Released Today

A major version update released out today!This update address many requests and improves overall speed and performance. Highlight of this..


Energy Saving

We have been busy since expanding our services worldwide meanwhile in other hand helping reduce CO emission in industrial-scale levels.  We..

All rights reserved nPulse.net 2009 - 2023
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD