Since June, Google has provided hosting for files used in attempted hackings of websites through an account with their Google Sites services. A listing of all the files hosted is available at http://sites.google.com/site/nurhayatisatu/system/app/pages/recentChanges?offset=25. Some of those files are used in remote files inclusion (RFI) attacks which seek exploit vulnerabilities in software that allow remotely hosted files to be be executed. If the attacks are successful modifications are made to website that place spam or malware on the website, or allows the hacker remote access to the website. Attempting hackings utilizing these files have occurred at least as recently as three days ago. We have reported this to Google using the “Report Abuse” link multiple times but the files have continued to remain up.
Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
- Behind the Scenes of a Hack That Causes a Website to Redirect on Mobile Devices
- Sucuri Security Uses Bad Data to Try to Scare People into Using Their Service
- This Is Not a Remote File Inclusion Vulnerability in WordPress 4.2.2
- The Slow Pace of WordPress Plugin Vulnerabilities Getting Fixed
- SiteLock Also Managed to Break a Website
Web Software Updates
WordPress VersionWe are running WordPress 4.2.2 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Did We Make a Mistake?While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.