Which are the most scanned ports?
Eniko Toth

Which are the most scanned ports?

What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit number between 0 and 65535. There are some specific ports which identify some exact services, e.g. port 80 is used for HTTP communication. Types of ports: Well Known Ports: 0 - 1023 Registered Ports: 1024 - 49151 Dynamic/Private : 49152 - 65535 W...
Read more
Cyberstorm from Argentina
Anita Batari

Cyberstorm from Argentina

Two days ago storm clouds of cyberwar has reached our server from Argentina. In this article, we will share you some details about the attack. 22nd November started as a usual day. Until the afternoon nothing strange happened, then at about 5 o’clock a heavier request flood reached our servers, which has been increased until 7 o’clock, and stayed really high. As you can see on the chart below, the average request number has been doubled compared to numbers from a few hours before and even tripled compared to the result from a day ago. The numbers are decreasing, because lots of the IPs r...
Read more
ServerPilot compatibility test
Zoltan Toma

ServerPilot compatibility test

Lots of our users are interested in using BitNinja with ServerPilot and our team was also very curious how much compatible they are. Therefore, I have tested it and today I show you the results. :) Test details Tested operating systems: Ubuntu LTS 14.04, Ubuntu LTS 16.04 The goal of this test is to check if BitNinja modules are compatible with ServerPilot and it's configurations. I used ServerPilot’s manual installer on two Ubuntu Vagrant boxes and two SoftLayer hosted Ubuntu servers. ServerPilot should be installed on a fresh installed/created server, meaning no Apache,...
Read more
Old botnets aren’t harmless - the presence of Cutwail botnet nowadays
Anita Batari

Old botnets aren’t harmless - the presence of Cutwail botnet nowadays

Server operator faces many different types of attacks every day. Brute force, spam, CMS hacks and SQL injections are the most common - and the majority of them are automated botnet attacks. I think none of us can estimate how many servers and PCs are being unprotected against even the most simple botnets. But it’s not necessary to be a victim of an easily defendable attack. But even being careful, one thing you can fail about server security is underestimating the risk of old vulnerabilities and botnets. Thinking they’re doing no harm anymore, since they have been exposed and tracked d...
Read more
Vulnerabilities of Small Office/Home Office routers
Ferenc Barta

Vulnerabilities of Small Office/Home Office routers

I'm quite sure that you have one of the small office/home office (SOHO) devices at home to share the Internet access for your computers, smartphones and IoT gadgets. These devices are really great, as they are capable of routing and address translation, they often have a built-in switch, an access point and a user-friendly web-based management interface.  In summary, they meet the requirements of home networking for an affordable price. Unfortunately, researchers and hackers often find serious vulnerabilities in these consumer-grade devices. Recently we have contacted several I...
Read more
High Availability
Daniel Mecsei

High Availability

In computer science, the term of availability is used to describe the period of time when a service is available. High availability is a quality of a system that assures high-level performance for a given period of time. The main goal of high availability is to eliminate the Single Point of Failures (SPoF) in your infrastructure. To eliminate SPoF, each layer of your stack must be prepared for redundancy. Be aware, redundancy alone cannot guarantee high availability. A mechanism must detect the failures and take action when one of your components of the stack becomes unavailable....
Read more
IP spoofing: don’t let hackers deceive you
Nikolett Hegedüs

IP spoofing: don’t let hackers deceive you

IP address spoofing is a technique used by hackers to disguise their IP address as another IP and gain access to sensitive information or access private services on authorized networks. In some special cases, they can create IP packets that contain a false source IP address and this way hide their original address or impersonate another computing system.This is possible when they have access to the router for the local network. The Internet Protocol states that all IP packets must have a header section. This section contains the IP address of the packet’s sender - and other information too,...
Read more
SQL injection examined 2/2 –Testing your apps against vulnerabilities
Ferenc Barta

SQL injection examined 2/2 –Testing your apps against vulnerabilities

In the previous part of the article, we had looked at some incidents to better understand how attackers try to find SQL injection vulnerabilities. Instead of looking for other incidents, I’ve decided to write a short introduction about testing your own application using publicly available automatic tools. Constantly searching for vulnerabilities on your web applications and services is vital. Most of the time, such systems are exposed to the Internet and it is certain that sooner or later, someone will try to exploit their vulnerabilities. Environment We’ll use a popular too...
Read more
New IoT botnet captured by BitNinja
Anita Batari

New IoT botnet captured by BitNinja

We always keep our eyes on the logs, data, and charts. We always see abnormalities and unusual behaviours, we have found botnets before, but our recent catch is one of the biggest. These cases are really hard to handle due to the huge number of affected IPs. On the evening of 14th June, we have seen something strange, the average incident number increased by nearly 200%. But that was just the beginning, later on, there was a period when we received over five times more incidents. After 24 hours, we had four times more data than on an average day. We have captured a new botnet, which attacke...
Read more
The most common CMS attack types
Daniel Mecsei

The most common CMS attack types

Nowadays, the Internet plays a huge part in our lives. It gets bigger and bigger every day, now it has more than one billion websites. Most of these sites are built with CMS which stands for Content Management System. It is a tool that provides an easy-to-use method for users without any programming skills in creating websites. The most common CMSs are written in PHP because most shared-hosting providers only provide this way to share/operate your website with the community. According to the statistics, WordPress has the largest market share with 52%, followed by Joomla with only 6%. The...
Read more