Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

by | Apr 1, 2023 | CPGUARD, Most Popular, Uncategorized, Web Application Firewall

The vulnerability

As many of you are aware already, there is a critical vulnerability reported in the WordPress Elementor Pro plugin, which is installed on millions of websites. Though they have already released a patched version already, there are still many websites left unpatched, and active attack campaigns are going on against the WordPress websites. The vulnerability, which impacts version 3.11.6 and all older versions, allows logged-in normal users, like customers or site members, to change the website settings, create new admin users, change the site URL, etc.

What did we notice about this attack campaign?

Based on some reliable sources, most of the attack campaigns were started from the following IPs

  • 193.169.194.63
  • 193.169.195.64
  • 194.135.30.6

Upon investigating this further and checking the logs, we have noticed some attack attempts since 24th March 2023 and our WAF was blocking them without any specific rule added for this particular vulnerability ( our WAF rules are so generic to block many of the common abuse attempts ).

After multiple attack attempts against the servers within the cPGuard network, the IPDB system has caught it on the central system and blocked on all client servers where IPDB is enabled. Given below are a few relevant screenshots of the given incidents.

So what else we did do to protect servers from this vulnerability?

Even if we found that the automated attack attempts are already being blocked by the WAF and IPDB, we have released a WAF update today specifically to block exploiting this vulnerability specifically. We are still monitoring the servers and logs and we will amend the WAF rules as we get more pieces of evidence and logs.

It is also recommended to advise your customers and update the plugin to version 3.11.7 or higher as it is available.

Find malware in a cPanel user account

Find malware in a cPanel user account

by | Mar 29, 2023 | CPGUARD, Uncategorized, Web Application Firewall

What is malware in web hosting?

Malware is a generic term for any type of malicious software written specifically to harm a network, system, or user. In the web hosting domain, this usually means a back door, an injection, or a phishing kit that is uploaded to a user account and abuses the resources to distribute the attack. Mostly in a PHP web hosting environment, this happens due to a vulnerability in the web application or due to a compromised user password

Common impacts of malware-infected websites

 Once the account/website is infected, you may experience various issues like phishing content in the website, email spam originating scripts, scripts sending outbound attacks, server load spikes, etc. Such issues will eventually affect the reputation of your server IP address, and websites, and may cause abuse complaints as well. 

 How cPanel scanner engine can help to solve this?

We have developed cPGuard scanner engine to closely watch the file events under each account and scan them automatically. There are also daily and weekly scanner options to schedule the latest files ( which are enabled by default ) with the updated virus rules. That said, we constantly update the virus file detection rules and the scheduled scan will help to recheck the latest files with the updated rules set periodically.

Our scanner engine is carefully crafted specifically for Web Hosting PHP websites and it is one of the fastest, less resource-consuming scanners with the best results overall. 

How to detect malware under cPanel account using cPGuard manual scan

As mentioned already above, it is recommended to keep the automatic scanner turned on always for safer web space. If you detect any abuse on your account and want to scan files manually, you can do it either from the cPanel plugin or from the App Portal   

 1. From App Portal   , you need to go to the server on which the account is hosted,  go to Virus Scanner >> Manual Scan and there you can choose the account or enter the path to scan.

2. From cPanel , you can go to Security >> cPGuard and then you will have the option to scan your files.

Conclusion 

The cPGuard scanner is a very useful tool for web hosts and account holders to detect the malware files under their accounts. Together with the automatic files scanner, Web Application Firewall, IPDB Firewall, Reputation monitoring tools, etc cPGuard helps to keep all cPanel server safe and secure. 

DirectAdmin ModSecurity Web Application Firewall – DirectAdmin WAF 

DirectAdmin ModSecurity Web Application Firewall – DirectAdmin WAF 

by | Mar 7, 2023 | CPGUARD, Web Application Firewall

What is Web Application Firewall ( WAF )?

A web application firewall (WAF) is a security layer that can work with your web server or in front of your web server that monitors and filters incoming traffic to the web application. The duty of the WAF is to block malicious traffic, and bots while allowing legitimate traffic through. With a proper WAF, you may eliminate most of the web security threats against your websites or web applications and can avoid compromised websites on your server.

Importance for Web Application Firewall in DirectAdmin

The actual duty of WAF is to secure websites/web applications from web attacks and malicious access. On a DirectAdmin server where people normally host multiple websites, thus a security layer like WAF is essential because there must be multiple types/versions of web applications and frameworks installed on the same server. On many such servers, the installed Web Applications may contain known or unknown vulnerabilities which are the key for hackers to gain access to the website or the user account. With a proper Web Application Firewall, we can stop most of such website vulnerability scanners, general web attack attempts, and website compromise, and eventually helps to reduce server load/overhead and save server admin time. It is easy to enable and manage cPGuard WAF on  a DirectAdmin server we provide complete support for the integration and log management.

cPGuard WAF

The cPGuard WAF is powered by Malware.Expert Commercial ModSecurity rules set and tuned for shared hosting servers. It is written from scratch based on the real-world analysis of websites for over 10 years and can block most generic and targeted attacks. It can block most of the generic  attacks against Web Server and PHP, broken out into the following attack categories:

  • SQL injection
  • Cross-site Scripting (XSS)
  • Local File Include
  • Remote File Include
  • File upload vulnerabilities
  • Zero-Day attacks
  • Web shells executions
  • Captcha verification

It also has optimized application-specific Mod_Security rules, covering the same vulnerability classes for applications such as:

  • WordPress
  • Joomla
  • Drupal etc

How cPGuard WAF can help to block web attacks and reduce server load?

The cPGuard WAF has various rules set, which you can enable optionally based on your preference. The rules together can stop bad bot access, completely stop WordPress login page/ xmlrpc.php attacks using the unique captcha system, and block generic attacks.

For example, you may not need to worry about SQL injection attacks after enabling cPGuard WAF. This is a major issue, especially for WordPress plugins where such vulnerabilities are reported quite often ( recent examples are CVE-2023-23488, CVE-2023-23489, and CVE-2023-23490 ). You can be worry-free and do not need to follow it and force the users to patch them to avoid a compromised website.

How to enable cPGuard WAF?

To install and enable cPGuard WAF, you may need to purchase and install cPGuad first on your server. After installing cPGuard on your server, you may refer to this help article and enable WAF on your server. It is easy to enable – disable WAF with a few clicks. You also have the flexibility to enable/disable selective WAF rules set for specific types of attacks. You can view the WAF logs from App Portal and each user can view the web attacks against their websites from their user plugin available in DirectAdmin.

Conclusion

The cPGuard WAF is the cost-effective and efficient WAF and Security Plugin available now for your DirectAdmin server. It is compatible with all web servers supported in DirectAdmin and enables seamless integration with them. The cPGuard WAF can automate malware scans, web attack mitigation, and distributed attacks, and can help to reduce server load and total time to manage servers. We have 30 days free trial using which you can try the solution without payment…it is also the cheapest security suite even after the trial period. 

cPanel ModSecurity Web Application Firewall – cPanel WAF

cPanel ModSecurity Web Application Firewall – cPanel WAF

by | Feb 22, 2023 | CPGUARD, Web Application Firewall

What is Web Application Firewall ( WAF )?

A web application firewall (WAF) is a security layer that can work with your web server or in front of your web server that monitors and filters incoming traffic to the web application. The duty of the WAF is to block malicious traffic, and bots while allowing legitimate traffic through. With a proper WAF, you may eliminate most of the web security threats against your websites or web applications and can avoid compromised websites on your server. 

Web Application Firewall for cPanel 

As mentioned above, the actual duty of WAF is to secure websites and web applications from web attacks and malicious access. On a cPanel server where people normally host multiple websites, a security layer like WAF is essential because there must be multiple web applications and frameworks installed on the same server. On such servers, the installed Web Applications may contain known or unknown vulnerabilities which are the key for hackers to gain access to the website or the user account. With a proper Web Application Firewall, we can stop most of such website vulnerability scanners, general web attack attempts, and website compromise and eventually helps to reduce server load/overhead and save server admin time

cPGuard WAF

The cPGuard WAF is powered by Malware.Expert Commercial ModSecurity rules set and tuned for shared hosting servers. It is written from scratch based on the real-world analysis of websites for over 10 years and can block most generic and targeted attacks. It can block most of the generic  attacks against Web Server and PHP, broken out into the following attack categories:

SQL injection
Cross-site Scripting (XSS)
Local File Include
Remote File Include
File upload vulnerabilities
Zero-Day attacks
Web shells executions
Captcha verification

It also has optimized application-specific Mod_Security rules, covering the same vulnerability classes for applications such as:

WordPress
Joomla
Drupal
etc

 

How cPGuard WAF can help to block web attacks and reduce server load?

The cPGuard WAF has various rules set, which you can enable optionally based on your preference. The rules together can stop bad bot access, completely stop WordPress login page/ xmlrpc.php attacks using the unique captcha system, and block generic attacks.

For example, you may not need to worry about SQL injection attacks after enabling cPGuard WAF. This is a major issue, especially for WordPress plugins where such vulnerabilities are reported quite often ( recent examples are CVE-2023-23488, CVE-2023-23489, and CVE-2023-23490 ). You can be worry-free and do not need to follow it and force the users to patch them to avoid a compromised website. 

How to enable cPGuard WAF?

To install and enable cPGuard WAF, you may need to purchase and install cPGuad first on your server. After installing cPGuard on your server, you may refer to this help article and enable WAF on your server. It is easy to enable – disable WAF with a few clicks. You can also view the WAF logs from App Portal and each user can view the web attacks against their websites from their user plugin available in cPanel.

 

Conclusion 

The cPGuard WAF is the cost-effective and efficient WAF and Security Plugin available now for your cPanel server. It can automate malware scans, web attack mitigation, and distributed attacks, and can help to reduce server load and total time to manage servers. We have 30 days free trial using which you can try the solution without payment…it is also the cheapest security suite even after the trial period. 

Secure websites in Webmin/Virtualmin, Webmin antivirus/antimalware

Secure websites in Webmin/Virtualmin, Webmin antivirus/antimalware

by | Nov 21, 2022 | Uncategorized

Secure Webmin/Virtualmin Hosting

Nowadays it is very challenging to keep the websites on your server safe and secure. You can always expect an attack or attempt to compromise your website by attackers, especially towards popular CMS like WordPress. So it is laborious for every web host or server owner to keep updated and defend against such attacks and keep your websites safe.

How cPGuard can help you to secure websites on your Webmin/Virtualmin server?

All the modules in the cPGuard Security Suite work side by side to protect your websites from attacks. It secures your server in various layers, blocks invasion attempts, reduces server load and overhead, and helps to drastically reduce your admin hours dealing with attacks and compromised websites. Given below are some of the cPGuard modules that protect your server

  1. File Scanner – This module will act as an antivirus/antimalware for websites hosted in Webmin/Virtualmin. Integrated with its cleanup module, this will help to detect and wipe malicious file uploads and injections to your websites
  2. Web Application Firewall – cPGuards ModSecurity Web Application Firewall rules will stop all generic web attacks against your websites before they even begin. The commercial WAF rules by Malware.Expert protects your Webmin/Virtualmin client websites by effectively blocking generic web attacks, specific web attacks, and bot attacks and more.
  3. Distributed system firewall – The IPDB distributed system firewall for Webmin/Virtualmin can block traffic from known and active source IPs. This firewall for Webmin/Virtualmin is very much effective to block many attacks even before they reach your application server and thereby reduce your server overhead as well.
  4. Reputation monitoring – The reputation monitoring module will help to keep an eye on the status of your IP address and domains and alert you if they are listed on blacklists.

There are many other functionalities integrated within cPGuard to help you run your server securely and cleanly. Please read more about the features list at https://opsshield.com/standalone.html

If you wish to secure your Webmin/Virtualmin server, please follow the installation instructions. Installation is pretty simple and we have pre-built templates to support Webmin/Virtualmin servers.

Given below is cPGuard installation sample steps on  a Webmin/Virtualmin server.