Blog

Sitesassure Security Blog

This is some blog description about this site

SItesassure Blocks and Reports On Multiple Intrusion Attacks

Virus-Malware-RemovalWe recently installed the Sitesassure Security Suite on one of our service companies websites. This joomla website has been secured by RSFIREWALL for years, a software firewall which we recommended and have installed on every joomla site worked on. It has been extremely effective over the years in preventing attacks and intrusions from success compromising websites.

 

 

 

This week we installed the Sitesassure Security Suite and found out what is really going on with this website. We found malicious activity against our website that RSFIREWALL had never detected or reported. It looks like our site was surviving on barrowed time.

 

The report identified the attackers IP and immediate blocked the ip on the firewall. Other firewalls may identify the IP of the attacker, but you have to manually add the IP to the blacklist. This step was all completed automatically.

But look at the email notification from the firewall

Attack Type: Cross-site scripting,Cross-site request forgery,Directory Traversal,Layer 2 Intrusion,Local File Inclusion,Remote File Inclusion,SQL Injection


Violation: POST.");_?>set_time_limit(0); $ip_ changed from '91.121.105.21' " to '91.121.105.21' "

 

This is not just some drive-by automated attack. Tis was not a simple injection. This attack violated many rules and the firewall not only prevented the attack from being successful, but blocked it and reported the attack in detail AND IN REAL TIME. We did not get a report from RSFIREWALL or from SITELOCK on this attack. Neither of these popular services detected or reported a single incident related to this attack.

 

How long has this been going on? When under the watch of SLITELOCK and RSFIREWALL services did anything ever get through undetected? We dont know. We are running the integrated clam-AV antivirus program which will find and report if it finds anything. Not only that but it will tell us what fies are infected and give us the option to backup the infected files so we can clean, quarantine and/or deleted the infected file withour breaking the website.

 

Thanks to Siteassure, we can enjoy our New Years celebration with no worries, and we are assured of our websites integrity.

 

 

 

Share this article:

Mysterious Russian Malware Is Infecting 100,000+ W...
Obamacare Website Was Hacked in July

Contact Us

Contact Us
First Name (*)
Please let us know your name.
Your Email (*)
Please let us know your email address.
Company (*)
Please let us know your Company
Last Name (*)
Please let us know your last name.
Phone (*)
Please let us know your Phone
Subject (*)
Please write a subject for your message.
Message (*)
Please let us know your message.
Captcha (*)

Invalid Input

SitesAssure.com

185 E Elm St #812
Torrington, Connecticut 06790
Call: 1-(860) 294-2444
Monday - Friday, 8am - 8pm


Interwebshop Internet Services, LLC BBB Business Review