Blog

Sitesassure Security Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

SItesassure Blocks and Reports On Multiple Intrusion Attacks

Posted by on in Uncategorized
  • Font size: Larger Smaller
  • Hits: 1073
  • 0 Comments
  • Subscribe to this entry
  • Print

Virus-Malware-RemovalWe recently installed the Sitesassure Security Suite on one of our service companies websites. This joomla website has been secured by RSFIREWALL for years, a software firewall which we recommended and have installed on every joomla site worked on. It has been extremely effective over the years in preventing attacks and intrusions from success compromising websites.

 

 

 

This week we installed the Sitesassure Security Suite and found out what is really going on with this website. We found malicious activity against our website that RSFIREWALL had never detected or reported. It looks like our site was surviving on barrowed time.

 

The report identified the attackers IP and immediate blocked the ip on the firewall. Other firewalls may identify the IP of the attacker, but you have to manually add the IP to the blacklist. This step was all completed automatically.

But look at the email notification from the firewall

Attack Type: Cross-site scripting,Cross-site request forgery,Directory Traversal,Layer 2 Intrusion,Local File Inclusion,Remote File Inclusion,SQL Injection


Violation: POST.");_?>set_time_limit(0); $ip_ changed from '91.121.105.21' " to '91.121.105.21' "

 

This is not just some drive-by automated attack. Tis was not a simple injection. This attack violated many rules and the firewall not only prevented the attack from being successful, but blocked it and reported the attack in detail AND IN REAL TIME. We did not get a report from RSFIREWALL or from SITELOCK on this attack. Neither of these popular services detected or reported a single incident related to this attack.

 

How long has this been going on? When under the watch of SLITELOCK and RSFIREWALL services did anything ever get through undetected? We dont know. We are running the integrated clam-AV antivirus program which will find and report if it finds anything. Not only that but it will tell us what fies are infected and give us the option to backup the infected files so we can clean, quarantine and/or deleted the infected file withour breaking the website.

 

Thanks to Siteassure, we can enjoy our New Years celebration with no worries, and we are assured of our websites integrity.

 

 

 

0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Saturday, 25 March 2017
Contact Us
First Name (*)
Please let us know your name.
Your Email (*)
Please let us know your email address.
Company (*)
Please let us know your Company
Last Name (*)
Please let us know your last name.
Phone (*)
Please let us know your Phone
Subject (*)
Please write a subject for your message.
Message (*)
Please let us know your message.
Captcha (*)Captcha
  Refresh
Invalid Input

SitesAssure.com

 
Email:
support@sitesassure.com
185 E Elm St #812
Torrington, Connecticut 06790
Call: 1-(860) 294-2444
Monday - Friday, 8am - 8pm
 

affiliatebanner

 




 
Interwebshop Internet Services, LLC BBB Business Review

S5 Box

Login

Register

You need to enable user registration from User Manager/Options in the backend of Joomla before this module will activate.