Revslider, a widely-used WordPress plugin, has come under scrutiny due to a security vulnerability found in its config.php file. This exposure raises concerns for site owners using vulnerable versions of this plugin. It's crucial to understand the risks associated with this vulnerability and the necessary steps to protect your website. Nature of the Vulnerability The […]

Malware injection remains a significant threat to websites and applications globally. This article discusses what malware injection is, how it occurs, and best practices for prevention. What is Malware Injection? Malware injection is a technique used by cybercriminals to insert malicious code into a legitimate program or a website. This code can exploit vulnerabilities in […]

Revslider, a widely-used WordPress plugin, has come under scrutiny due to a security vulnerability found in its config.php file. This exposure raises concerns for site owners using vulnerable versions of this plugin. It's crucial to understand the risks associated with this vulnerability and the necessary steps to protect your website. Nature of the Vulnerability The […]

Malware injection remains a significant threat to websites and applications globally. This article discusses what malware injection is, how it occurs, and best practices for prevention. What is Malware Injection? Malware injection is a technique used by cybercriminals to insert malicious code into a legitimate program or a website. This code can exploit vulnerabilities in […]

FastComet is one of the trendiest web hosting companies these days. They have more than 45,000 customers from 83 countries, over nine years of experience in system administration, and they’ve been providing public cloud hosting services since 2013. FastComet has a very high rating on HostAdvice, thanks to their high reliability, excellent 24/7 support, affordable […]

Your server’s safety is the number one priority for us, that’s why we have created two new BitNinja WAF rules which are already part of the safe minimum ruleset. They grant protection against the following vulnerabilities: Magento Remote Execution Protection Those who are using Magento and didn't apply the patch are vulnerable to RCE (remote code […]

If someone wants to use a server resource or take control of the server in some way or wants to steal data, then he does it via remote code execution vulnerability. What is Remote Code Execution? This vulnerability triggers in so many ways, but in most cases, it is possible via the following methods. •Untreated […]

There are tons of paid/free cloud-based solutions or standalone applications available over the internet that allow the user to check a system’s security level. Depending on the need, people can choose from simple nmap through “blackbox” security assessment tools to a wide range of heavy-weight penetration testing tools. Our approach Here at BitNinja we think […]

For devops in the web hosting business, holiday season is not exactly the most wonderful time of the year. If you’ve ever sneaked out from Christmas dinner to check on your servers’ status, or been woken up by attack alerts when only Santa Claus is supposed to be awake, you know what I mean. The […]

Before I begin to explain CSRFs we need to understand some facts. First of all, we have to see how websites usually work when they have a login. Most pages use username/email and password for authentication. In today's world, it's not uncommon for newer sites to support two-step authentication. Normally we use a login once […]

In the previous blog article, we learned about SQL injection and how it works. If you read it then you will know that it belongs to the family of the most serious vulnerabilities. The next vulnerability is not going to be so serious, but it's worth taking care of. What is HTTP Parameter Pollution? The […]

A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It […]

The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware. In this article, we’ll diversify the different types of malware so that you can better understand their behaviour. There are […]

Web applications typically use authentication mechanisms to prevent unauthorized users from accessing protected resources. However, attackers often search for weaknesses in these systems, with username enumeration being a common method to identify valid usernames in a system. This article will discuss various ways to identify valid usernames on any WordPress website, along with tips to […]

MySQL is the world's second most widely used relational database management system (RDBMS) and the most widely used open-source RDBMS. Its popularity makes it a target for cybercriminals, leading to numerous brute-force attack tools readily available on the Internet. What is a Brute-Force Attack? A brute-force attack is a method used by attackers to gain […]

SQL Injection is a type of attack aimed at exploiting vulnerabilities in an application's software. Attackers insert malicious SQL code into input fields, which the application executes against its database. This can lead to unauthorized access to sensitive information, data loss, or even complete system compromise. Recent Vulnerability Overview One significant SQL injection vulnerability has […]