This morning, I had a quick look at my web serverlog file and searched for malicious activity. Attacks like brute-force generate a lot of entries and thuscan be easily detected.Other scanners are working below the radar and search for very specific vulnerabilities. In this case, a single request is often sent to the serverand generate a simple 404 errorwithout triggering any alert. My blog beingbased on the Wordpress CMS, I searched for non HTTP/200hits for plugins URLs (/wp-content/plugins/)
CMS or ">Content Management Systems became vey popular today. Its easy to deploy aWordPress, Drupal or Joomla on top of a UNIX server. They exist also shared platforms which offer you some online space. If a CMS is delivered with standard options, it is easy for the owner to customize or to tune it.. just like cars.ModernCMS offer a way to extend the features or the lookn">From a security perspective, plugins are today the weakest point of a CMS.If most of the CMSsource code is regularly audited and well maintained. Its not the same for their plugins. By deploying and using a plugin, you install third-party code into your website and grant some rights to it. Not all plugins are developed by skilled developers or with security in mind.Today, most vulnerabilities reported in CMS environment are due to ">8000+ hits for uninstalled/non-existent plugins
Xavier Mertens
ISC Handler - Freelance Security Consultant
rootshell.be
truesec.be