Zero-day Duplicator Plugin Vulnerability – Patch it with BitNinja WAF
Eniko Toth

Zero-day Duplicator Plugin Vulnerability – Patch it with BitNinja WAF

On 19 February 2020, Wordfence reported a highly critical vulnerability found in the popular Duplicator plugin for WordPress. This plugin is useful when users want to migrate and copy WordPress sites. With Duplicator, sysadmins can create a new copy of the site and the generated file can be downloaded from the WP dashboard. WordPress Duplicator Plugin Zero-day Vulnerability Exploiting the newly discovered zero-day vulnerability allows hackers to download arbitrary files from the target sites. More than 1 million WordPress websites are affected by this security flaw. When users crea...
Read more
Best of 2019 – The 15 Most-Read Cybersecurity News
Eniko Toth

Best of 2019 – The 15 Most-Read Cybersecurity News

Hackers and cyberattack techniques are evolving every day. Hosting companies and every server owner should keep an eye on the cybersecurity news to prepare themselves and protect their systems against the new types of threats. That’s why BitNinja collects the hottest cybersecurity news and sends out a Cybersecurity Digest each month. Now, we’ve summarized the Top 15 articles from 2019 that our readers loved the most. Here is the list: 1. Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers On the 10th of August at the DevConf, a Turkish researcher revealed a z...
Read more
2019 Highlights – A Great Year at BitNinja
Eniko Toth

2019 Highlights – A Great Year at BitNinja

As 2019 will be over soon, it’s time to stop for a while and look back on what happened this year. 2019 was a unique year at BitNinja (you’ll see on the results). We got closer to our mission – making the internet a safer place. However, we couldn’t have reached the successes mentioned below without our ninjastic partners. Many new features were inspired by the Ninja Community. Also, the continuous feedback that we are receiving from day to day about how BitNinja changed businesses’ life for the better is a huge motivation for us to keep working harder and harder every day. So, we’d l...
Read more
Ultimate WAF Guide  - How to patch WordPress vulnerabilities and block web attacks
Jacint Lazok

Ultimate WAF Guide - How to patch WordPress vulnerabilities and block web attacks

An exploited CMS vulnerability or vulnerabilities to web-based attacks is a big security issue as one well-aimed attack can cause a data leak, data loss or make your server unavailable. These attacks need to be stopped before they even reach your server and the WAF 2.0 module can do that for you. This powerful defense tool can protect you from these attacks without slowing down your server’s response time or increasing the load. In this guide, I will show you how you can use it to maximize your server’s protection by fine-tuning this module. Spoiler: not by turning on every WAF rule ;)&n...
Read more
Case Study - The Best Security Solution for Valicom Net Cloud Services
Eniko Toth

Case Study - The Best Security Solution for Valicom Net Cloud Services

Valicom Net is a Cloud Hosting Company in Cyprus with more than 15 years of experience specializing in Business Web Hosting, Cloud Services, Virtual Private Servers, Dedicated Servers, Hosted Exchange, Web Development with Content Management System, Network Security, Antispam Services, Online Storage Email & Remote Backup. Challenges „As we offer managed and unmanaged services, the challenge for us was to protect both services. For the managed servers all security updates were done on time which was not the case with the unmanaged servers as customers usually don’t update them. We w...
Read more
Satori IoT Botnet Stopped by BitNinja
Eniko Toth

Satori IoT Botnet Stopped by BitNinja

Our Port Honeypot module proactively catches botnets very quickly, as botnets usually start to scan open ports, which is the first step of the attack cycle. We found an old IoT botnet that became active again. It strangely happened just 2 months after 21-year-old Kenneth Schuchman pleaded guilty to developing and deploying the Satori botnet. The Satori botnet The Satori malware family was discovered in December 2017 . It is a derivative of the famous Mirai botnet, however, the technique of leveraging default or weak passwords doesn’t seem as effective for hackers anymore. As users...
Read more
Joomla & vBulletin RCE vulnerabilities patched by BitNinja WAF 2.0
Eniko Toth

Joomla & vBulletin RCE vulnerabilities patched by BitNinja WAF 2.0

RCE attacks are one of the most dangerous types of attacks as hackers could take complete control of the victim’s host, meaning that they can run commands, install malware, etc. In this article, I’d like to introduce 2 new vulnerabilities, which have been patched by BitNinja WAF: vBulletin RCE Rusty Joomla RCE New botnet utilizes the vBulletin RCE vulnerability In September, a new zero-day vulnerability was found in vBulletin . Nowadays, vBulletin is the most popular internet forum software, so this threat could affect many people. The vulnerability (CVE-2019-16759...
Read more
How to optimize your websites for SEO success with security
Boglarka Angalet

How to optimize your websites for SEO success with security

Building a winning website is hard, and comprises of many components. Plus, every client wants great page speed, uptime, UX, design, and marketing to make the business profitable. However, many VPS owners forget to focus on security - from SEO aspect. Until they get hacked and the rankings drop... How website security directly affects SEO  Keywords, meta tags, contents, backlinks. All of these terms are worth noting, especially if your websites are down, poisoned or flagged by Google. Marketers often skip security in their SEO strategy. Alternatively, it could be that th...
Read more
How to secure WP-login
Lazlo Takacs

How to secure WP-login

WordPress is the most known CMS in the world currently (WordPress runs 32% of the entire internet), we hear that it is the easiest CMS to handle, to install and to use. Taking all these information into account, we would think that it is safe as a house. Wrong! It might be easy to use, but for this exact reason, it is easy to hack. As it is free, there are many free plug-ins which are usually not up to date, creating weak points. Hackers always tend to exploit vulnerabilities in Plugins, Themes and WP Core. There are many parts where WordPress should be strengthened, now I would like to hig...
Read more
2018: The Year in Review at BitNinja
Boglarka Angalet

2018: The Year in Review at BitNinja

As we look back now, it is amazing to remember all the things we achieved together and all the threats BitNinja saved us from since the start of the year.  Here’s a five minute summary of what we have been up to in 2018.  Hacker-free new year to everyone! See you in 2019! Thank you for an amazing 2018! First of all, we’d like to say thank you for your engagement and support all around the year. You inspire us to achieve the best security solution available, to develop our community and to deepen our knowledge of every aspect of cybersecurity.  Thanks...
Read more