Secure your webserver

Published Date: 2020/02/12 by: DaVieS

Secure your webserver

Warning! Seems like webdevelopment went crazy!
If you would like to avoid any hacking or destructive operations by attackers see below, you may found this little article interesting.

To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1Mo24VYuZfZrDHw7GaGr8B6iZTMe8JbWw8 and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: plife_geniza, plife_shop, plife_crm . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise.

So what to do? - We help that.

How did they hacked me...

The most common attack methods are:

  • .env files (Laravel) may contains your database passwords and any sensitive data, this file should not been used by Laravel this is simply irresponsibility since PHP was born all passwords are must be stored in PHP files.
  • .git files, this is a Git Repository if this available to attackers they could grab your source code including passwords.
  • .ini files sometimes a beginner PHP programmers uses .INI files to store passwords
  • .db / .sqlite We discovered many SQlite database available in websites that contains passwords or any sensitive datas.
  • User-Agent XSS: if your website tracking User-Agent or any header sent to the server and if you can see them like in admin-area you should 'escaping' against < > html codes, because if you dont a well crafted query could lead to hijacking your session.
  • You didn't use SSL.
  • You are using wordpress

 

 

Prevention!

Prevention is always the best solution, here are some steps:

  • Make sure the Database Server is unreachable from internet.
  • Disable some paths / extensions in your webserver config
    • .git
    • .env (Laravel uses it, no clue how do they think this...)
    • .ini
    • .db
    • .sqlite
  • Make a regular backups and upgrade your server periodically.



If you like the article then don't forget to share!


Is Rust better than C/C++ ?

Rust is relatively new programming language which offers full memory management and garbage collection, while C/C++ already has a decent history..


Network Update

Proudly announcing that in the past days we expanded our infrastructure and our services will become more stable and quickier at us west, us..


Windows 10/11 Disable Search and annoyings on start menu

The one of the most irritative feature on windows is a "new" start menu which sends every input into Microsoft related services. Also if you have..


BVCP 2.0.x Released

Our one of the most popular FREE-TO-USE Software BVCP reached the next milestone.Big thanks to the active community, a ton of feedbacks received..


Welcome 2024

We have been busy at 2023. Im personally very happy to see a lot of new technologies especially EV related researches.We continued to support our..


FreeBSD 14 fresh install breaks mc (Midnight Commander) subshell support

We are very happy to announce that - if you did not know already - one of the best Operating System released a new version. FreeBSD 14. This..


ZFS Replication Software

  While we are working on BVCP 2.0 just another software made to handle ZFS Replications over multiple nodes. The software yet not released..


Bhyve UEFI drops into EFI shell, Linux wont boot Easy Workaround

  EFI works that way that the installer places a file into a FAT32 partition in a regular directory as called "BOOT". The usual full path of..


Nexus Datalogger 2023

We're proudly present that we released out our next version of datalogger software as commerical product. Our first version of Datalogger..

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD