Select Page

malware


LFD saying “Suspicious process running under user XXXX”? Here’s how we fixed it

Here at Bobcares, our Dedicated Support Engineers maintain servers of web hosts, web designers, and other online businesses.

In cPanel and Plesk servers, a common error we see from LFD (Login Failure Daemon) is Suspicious process running under user XXXX. (more…)

Eitest infection – Why your servers maybe at risk!

One of the world’s longest lived malware networks, Eitest network is offline now. But the infection is still active and can affect servers running malicious and vulnerable code.

When the EITest infrastructure was discovered in 2011, it was not foreseen that cyber criminals would start using it as a TDS botnet. Today, we’ll see what is Eitest infection, and how your server can get affected by it. (more…)

Secure your Windows 2003 and 2008 servers from WannaCry ransomware

Secure your Windows 2003 and 2008 servers from WannaCry ransomware

WannaCry ransomware is all over the news now, causing the internet world to shake in doubt and fear. With over 200,000 computers in 150 countries being affected, the damage is really wide-spread.

For businesses and servers that are affected by this malware, the impact of this attack is huge and can lead to loss of business. As a result, it is important to secure your servers for ensuring their normal functioning. (more…)

Case study : How we help cPanel server owners prevent frequent malware infections

Case study : How we help cPanel server owners prevent frequent malware infections

Google blacklists about 8,000 to 11,000 websites per day for hosting malware or phishing contents. Of these, up to 98% are classified as “compromised” websites – which means, these sites belong to legitimate businesses, but were infected with malicious code without the knowledge of the website owners. (more…)

How we blocked zero-day malware attacks on websites using NAXSI firewall

How we blocked zero-day malware attacks on websites using NAXSI firewall

On Oct 17th 2015, we started receiving reports of Magento shops being infected by GuruIncSite malware. We found that attackers were somehow getting access to Magento admin panel, and were inserting malicious code into websites. Magento’s official site didn’t have any information on the attack, and all that anyone knew was that Magento software had a vulnerability that allowed admin access to attackers.

This is a fairly typical scenario in a zero-day attack. An attack is termed zero-day when the affected software vendor isn’t aware of the vulnerability being exploited, and virtually everyone that uses that software is vulnerable to an attack. Unlike other kinds of attacks, defense against a zero-day attack is harder because no official patch or notification would be available from the vendor. Business owners using the vulnerable software would be left to fend for themselves until a patch is available. (more…)

Vulnerabilities in exploitation kits?

Many hackers prefer to design and use their own tools to search for and attack vulnerable sites, but a majority of them use various exploitation “kits“. Some of the most common ones are Zeus, Neosploit, Eleonore and Justexploit. The developers of these kits constantly include 0-day vulnerabilities in the latest versions of their malware. Since most of these kits are open-source, users can also modify the code to include vulnerabilities known to them. Exploitation kits have been available for many years, and millions of users have suffered. However a study by recently established security company TEHTRI-Security suggest that the malware “kits” themselves have vulnerabilities!

(more…)

How safe are your Linux packages? – Here’s how you can stay safe!

If you happen to know any Windows Server “fanboys“, you’d probably have noticed the smug look they have on their faces right now. Its most likely after little announcement. A recent version of the Unreal IRC server source tar ball, stored on various mirrors, was replaced by one that contained a backdoor. It seems it was replaced some time back in November 2009 and no one noticed it till now! So if anyone downloaded and installed it since then, their servers are open to compromise. So how safer are Linux servers? Its high time we stopped thinking of Linux as Invincible.

(more…)