Technopark.ma got compromised by malware  (this is site may harm your computer )

The officelle website of technopark got compromised by malisous code ; It look like that hackers exploit a vulnerability in the open source joomla (Joomla security Flaws) .The website serving malware to anyone visiting it). This attack seems to be targeting smaller and biggest  sites that lack personnel with the skills and security awareness .

Ce site risque d'endommager votre ordinateur.

(continue reading…)

attack asp

When i was testing an iis server after defacement attack, the webmaster was confused how hackers gaina ccess to the server and changes the visual appearance of the site or a webpage .

1 – Hackers use xgallery (Absolute gallery): SQL injection to get admin passwords and upload backdoors .
2 -Hackers uploaed automatically tools to deface the server replace every index.
3 -Hackers record the defaced home pages in zone-h digital attack archives.

Hackers exploit Xgallery panel to bypass the upload : Web application security

This attack allows a hacker who can upload a “safe” file extension (jpg, html, etc) to upload an ASP script and force it to execute on the web server. The vulnerability occurs when a file name is specified in the form of “attacker.asp;.jpg” — the application checks the file extension and sees “jpg”, but the web IIS server will stop parsing at the first “;” and sees “asp”. The result is trivial code execution on any IIS server that allows users to choose the file name of their uploaded attachment.

(continue reading…)

One of the most important ways to stay secure is to stay informed !

Web application security is a critical task, and communicating to you about security is one of the most important factors in keeping your site safe. Ironically, even mentioning security publicly is a challenge, as many hackers see it as an invitation to find new .Hackers use different exploit (public and private attacks) several sites are reporting very suspicious infection every day by google . Attackers inject:

• Malware
• Worms
• Trojan Horses
• Spyware
• Dishonest adware
• Crime ware amongst other malicious threats

This is some reason why google flag your website: “This site may harm your computer”.

This site may harm your computer

One of the most important ways to stay secure is to stay informed. Hackers continually try new approaches, discover new vulnerabilities, and attempt different exploits. As sysmox team find out about potential vulnerabilities, we try to respond webmaster quickly that you can : Applying security fixes may mean installing a software update, modifying your system configuration, or changing how you code your web application.

(continue reading…)

The number of vulnerabilities discovered is still on the rise with an increase of more than 70% over the past two years .

sysmox delivers vulnerability management security solutions that provide websites of all sizes with a more effective way to secure and manage their most valuable digital assets.

Website Security Testing for a Financial Company

Small & Medium sized web Business security Solutions 

Solutions for small and medium sized websites.

Why Manage Vulnerabilities :

The reality today is that the amount of security information is virtually unmanageable and on top of this the number of newly discovered vulnerabilities is increasing while time for remediation is decreasing. This forces IT departments to reassess their approach to protect the corporate web server.

The effectiveness of targeted and automated websites attacks has clearly demonstrated that most web portals are without sufficient vulnerability protection strategies despite the fact that 99% of all exploits leverage known vulnerabilities (Source: US CERT). Hackers use vulnerabilities to exploit web sites with a JavaScript malware most website got flaged “this site may harm your computer” .

Attacker use wordpress vulnerabilities ; Oscommerce ; In-house … to target websites .

This site may harm your computer

sysmox’s aim is to give you exactly the intelligence you need to address vulnerabilities fast and effectively before intruders cause serious harm to your website.

Whether you control security from a central security department or have distributed security responsibilities, our services assure that you receive security alerts tailored to your IT infrastructure.

(continue reading…)

After development, the Macromedia Flash communication application moves into production. At that time, you’ll want to properly configure the Macromedia Flash Communication Server . This should be done with security issues high on the priority list. Insecure server configurations can result in several negative situations, including unauthorized users who compromise information, steal server usage, cheat in games, or disrupt—or even shut down—the server. Below you’ll find a checklist of security configuration settings (as well as a few “best practice” tips) that you should consider as you set up your Flash Communication Server MX for real-time use by intranet or Internet users .

Genral administration setting :

Set a secure user ID and password. Don’t use “admin”, “administrator” (and so forth) as the user name. Pick a password with at least 8 characters, including digits and punctuation.
2     Use the <Allow> and <Deny> tags in the Server.xml file to restrict which client computers can connect to the Admin application.
3     Set the Admin tool to bind to a port that is not available to the general public. Block access to this port with your firewall.

(continue reading…)

404 error page: A 404 error page is what appears in a web browser when a user attempts to access a website that does not exist. Unlike DNS error pages, these pages are generated by websites themselves, not by the user’s browser. As a result, they are much more difficult for programs to alter.

Add/Remove programs: a function on the user’s “Control Panel” on the user’s computer. Ths function allows the user to unistall or install progams on his/her computer. (continue reading…)

Web browsing has become the favorite target of malicious code writers seeking to compromise your network. The number of browser vulnerabilities continues to rise, fuelling zero-hour exploits which can infect systems before patches or signatures are available. The threat is moving from the inbox to the browser with increasing focus on gaining financial advantage. This is most evident in the recent rise of spyware which comes in a wide variety of forms, from programs that steal confidential information to nuisance adware.

By the time most administrators realize they have a problem, the damage is already done, and they are left with the high cost of remediation, lost productivity, and unnecessary network traffic and system instabilities. Increasing browser vulnerabilities, zero-hour threats, and the insertion of malicious code on vulnerable sites.

If you own or manage a website, you are responsible for that website’s security. Compromised websites can infect visitors with badware, and are commonly blacklisted by search engines, web browsers, and security vendors (This site can harm your computer)

Many legitimate websites are the targets of malicious hacking attacks, during which code linking directly to badware is inserted onto an otherwise innocent, but poorly secured, website. Another common way that legitimate sites are compromised is through third-party content such as the ads provided by an advertising network, which can be used as vectors for the distribution of badware.

We offer several resources to help you learn how to remove badware from compromised websites and secure your sites against future attacks.

• Our Security Tips page is a great place to start. Learn about common attack techniques and how to detect them on your site.
• You can contact us for additional help.
• If your site has been flagged by Google, check Google’s diagnostics page for your site for more information about the badware that Google detected on your site.

If your site was flagged by Google and you’re sure that the site is now clean, you can file a Request for Review with google webmaster. You can also contact us to help you

When people search for my site on Google, the search engine result instead links to a Google webpage that says there might be badware on my site. ?
Google has placed warnings in its search results for websites that its testing has determined to host or distribute badware.

If a Google user searches for a site that Google has determined to be potentially dangerous, they will see a warning in the search results.
Currently, many sites that are the subject of Google’s warnings have been the victims of a malicious hacking attack, in which code linking directly to badware through exploits was inserted onto an otherwise innocent, but poorly secured, website. In other cases, a website with no intention to distribute badware hosts content (such as ads or hit counters) provided by a third party, and can inadvertently distribute badware through that content. If you are confused about why your site has a Google warning, then there are strong odds that your site has experienced one of the above situations.

To remove the warning, you will need to discover what code on your site caused Google to flag your site, and then clean and secure your site;Sysmox can clean and secure your website.
Once your site is certain to be clean and secure, there are three ways the Google warning can be removed. Google periodically re-scans the sites it has previously flagged, so you can choose to wait for this re-scan. (continue reading…)

Google/StopBadware says “This site may harm your computer”, and it’s YOUR site! What to do, step by step. 

Here are reasons why your website can be flagged with the “This site may harm your computer” warning in Google search results, in approximate order of likelihood:

(continue reading…)