3rd Drupalgeddon alert! How to be protected with BitNinja?
Eniko Toth

3rd Drupalgeddon alert! How to be protected with BitNinja?

Third critical Drupal vulnerability discovered!!! Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602). If  you or your customers have Drupal websites and would like to avoid  backdoors, cryptocurrency miners and other malwares, BitNinja is here to  help you! Just make sure your WAF rule #402003 is enabl...
Read more
BitNinja Daily Routine - How to eliminate hackers on your servers completely?
George Egri

BitNinja Daily Routine - How to eliminate hackers on your servers completely?

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps When you first install BitNinja on your server, the best you can do is to enable all modules. All the beta modules are used in many production servers, it is safe in most of the cases to simply enable them all. If you have considerations about enabling all the modules, then here is a list of minimal modules to enable: IP reputation DoS detectio...
Read more
Web Application Firewalls: Choosing the Right WAF for Server Security
Anita Batari

Web Application Firewalls: Choosing the Right WAF for Server Security

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly. The average web server faces thousands of attacks on a daily basis. There are a number of web application firewalls available to protect your server, and having the right security in place can mean the difference between just another “day at the office” and a dozen “sleepless nights” trying to maintain your servers’ uptime. Let’s take a look at why having a WAF is so important, how it works, and the op...
Read more
Vulnerabilities of Small Office/Home Office routers
Ferenc Barta

Vulnerabilities of Small Office/Home Office routers

I'm quite sure that you have one of the small office/home office (SOHO) devices at home to share the Internet access for your computers, smartphones and IoT gadgets. These devices are really great, as they are capable of routing and address translation, they often have a built-in switch, an access point and a user-friendly web-based management interface.  In summary, they meet the requirements of home networking for an affordable price. Unfortunately, researchers and hackers often find serious vulnerabilities in these consumer-grade devices. Recently we have contacted several I...
Read more
The most common CMS attack types
Daniel Mecsei

The most common CMS attack types

Nowadays, the Internet plays a huge part in our lives. It gets bigger and bigger every day, now it has more than one billion websites. Most of these sites are built with CMS which stands for Content Management System. It is a tool that provides an easy-to-use method for users without any programming skills in creating websites. The most common CMSs are written in PHP because most shared-hosting providers only provide this way to share/operate your website with the community. According to the statistics, WordPress has the largest market share with 52%, followed by Joomla with only 6%. The...
Read more
Heckin Funny Hacks
Dani Molnár

Heckin Funny Hacks

Dani Molnár
Hacking became a huge part of our lives, partly because of popular culture and partly because they can give us some serious headaches when they mess with our beloved computers.  Usually people see them as either harmful cyber-criminals or as freedom-fighters. But in this article we are talking about a third group of hackers, those who are just doing it for the “lolz”. These pranksters - whether we agree with their method or not – will definitely make you laugh! AC/DC Power Plant What do you get when you combine AC/DC’s Thunderstruck with several nuclear research facilit...
Read more
Have you ever forgot the root password of your server?
Mariann Csorba

Have you ever forgot the root password of your server?

Mariann Csorba
We are all human beings and do not work like flawless creatures of artificial intelligence, we are prone to make mistakes and forget things. Although, sometimes we forget crucial information which might be essential to our daily life, like the root password of our server. For a sysadmin it can be a real disaster if s/he cannot log into the server. What can you do if this happens with you? Follow our easy step by step instructions, which will solve this matter.  Save this list and you will never have to stress about the lost or forgotten password again.      ...
Read more
WordPress, Curse or Blessing?
Mariann Csorba

WordPress, Curse or Blessing?

Mariann Csorba
WordPress is the most commonly used blog engine, which is free to use and has an open source code. It is used mainly for the operation of websites, blogs and webshops. If your purpose is to have a great website in a blink of an eye, which you are able to develop later in parallel with the change of unique demands, you have found the best solution. Why is it a blessing? As it gets more and more successful, the number of developers and supporters grow proportionately. They constantly look for bugs, vulnerabilities while they report and fix them. It is easy-to-use, so laymen can al...
Read more

Hydra: One of the most well-known bruteforce tools

Mariann Csorba
The Kali Linux is an open source code operational system which is based in Debian. In the system we can find several „penetration” applications, such as: Aircrack-ng Hydra Nmap Wireshark Metasplot framework Maltego Owasp-Zap SQLMap John Burpsuite Johnny Pyrit SIPcrack PWdump Rainbowcrack Maskgen Hexinject SSLSniff Dsniff In this article, I am going to tell you more about the Hydra’s operation and elaborate on how the BitNinja provides protection against it. Hydra works as a bruteforce program and it is one of the best password cracking tools in th...
Read more

How to build the most secure password of all times?

Nikoletta Szabo
Let’s start this article with a really simple simile, just to be on the safe side and make sure that everyone understands the function of a password. If your account is your home, the password is the key, while the login process is the threshold of your home. So if someone forgets the password, it equals with leaving the keys somewhere and if your account has been hacked, than your home has been sacked.       Two years ago in the USA, as much as 47% of the adult population’s account has been hacked and compromised. This is just one of the hard facts that sho...
Read more