Welcome, Guest.
Sign Up or Login

WebEnabled made creating, developing, and deploying our camp website extremely easy and extremely affordable... ~ Matthew Connerton, Drupal Camp Asheville Organizer (Aug 11, 2010)

I've already seen a huge increase in my productivity due to the ease of use your system provides. ~ Nik (April 26, 2010)

WOW ~ Small independent LAMP developers can now leverage their experience via this platform to compete head to head with the big boys. ~ Victor (April 18, 2010)

Genius ~ the simple, yet powerful premise; Module Management, Site Security / Backups and Development Speed are saving me big chunks of time ~ thanks again !!! ~ Patrick (April 15, 2010)

An awesome addition to a Drupal developer or firm's toolbox, and solves some rather difficult problems quite elegantly. ~ Chris (August 4, 2009)

A quick and easy way to set up a LAMP demo site, sandbox, testing ground, or production environment ~ the breadth of tools that are available ROCKS ! ~ Doug (April 29, 2010)

PC + Mac + Linux ~ No more operating system concerns, I love the fact that your platform expands who I can now collaborate with, NICE ! ~ Marc (May 10, 2010)

I co-manage a Drupal shop and have been using the WebEnabled platform for the past 20+ days and absolutely LOVE the interface. ~ Rohan (May 11, 2010)

Sweet! Worked like a charm! Can WebEnabled make other parts of my life that simple!? Laundry, ..., grocery shopping? Wow! - Susan (June 20, 2010)

Lightning fast servers, great service. Good job. - Srdan (June 23, 2010)

Malware attacks "easily the most prevalent" in 2009

Dec

Fri, 12/04/2009 - 9:40am • Tom C.

Good day and welcome to my blog courtesy of WebEnabled. I'm Tom Canavan, author of the book Joomla! Web Security and web security specialist.

In a recent survey by the Computer Security Institute (http://tinyurl.com/yju2qe6) they found that 43% of the attacks were malware based. Code clearly bent on the destruction of your site.

Additionally both organized crime and terrorists have jumped on the CyberCrime bandwagon (http://tinyurl.com/ydm7wd4).

What can you as a site developer do about this crime wave? First make sure the code you are using is as free as possible of known vulnerabilities. A recent check of vulnerable open source code (extensions, applets, applications) showed this as of time of writing (12/4/2009)

_______________________________________________________________________________________
2009-12-04 GeN3 forum V1.3 SQL Injection Vulnerability
2009-12-04 DPI 1.1-final Powered by Clixint XSS
2009-12-04 2009 You! Hostit! XSS php cr4wl3r
2009-12-04 Invision Power Board <= 3.0.4 LFI and <=3.0.4 and <=2.3.6 SQL Injection
2009-12-04 UBB.threads 7.5.4 2 Multiple File Inclusion Vulnerabilities
2009-12-03 Huawei MT882 Modem/Router Multiple Vulnerabilities
2009-12-03 Thatware <= 0.5.3 Multiple Remote File Include Exploit
2009-12-03 phpMyFAQ <= 2.5.4 Multiple XSS Vulnerabilities
2009-12-03 Component TP Whois for Joomla 1.5.x XSS
2009-12-03 MundiMail 0.8.2 Remote Code Execution
2009-12-03 Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
2009-12-03 Vivid Ads Shopping Cart (prodid) Remote SQL Injection
2009-12-02 Simple Machines Forum Multiple Security Vulnerabilities
2009-12-02 Kide Shoutbox v0.4.6 XSS & AXFR
2009-12-01 Ciamos CMS <= 0.9.5 (module_path) Remote File Inclusion
2009-12-01 Robert Zimmerman PHP / MYSQL Scripts Admin Bypass
2009-12-01 Dotdefender Remote Command Execution 3.8-5
2009-12-01 ISPworker <= 1.23 Remote File Disclosure exploit
2009-12-01 Quate CMS <= 0.3.5 (RFI/LFI) Multiple Remote Vulnerabilities
2009-12-01 Joomla Joaktree Component v1.0 SQL Injection Vulnerability
2009-12-01 Joomla MojoBlog Component v0.15 Multiple Remote File Include Vulnerabilities
2009-12-01 Public Media Manager <= 1.3 (forms_dir) Remote File Include Vulnerability
2009-12-01 Joomla! ProofReader Component 1.0 RC6 Cross-Site Scripting Vulnerability
_______________________________________________________________________________________
That's only four days of discovered vulnerabilities.

I recommend giving Nessus.org a look. They produce a GPL vulnerability tool. This will allow you to check for some of the common items that are often overlooked. However, if you have a decent budget, picking up a copy of acunetix.com's tool is WELL worth it to check your code for SQL Injections, XSS and more.

Doing your part to secure the Internet is not just a courtesy anymore.

Tom Canavan is author of the book Joomla! Websecurity, a frequent speaker and writer on the topic of web security and runs http://www.JoomlaRescue.com

Tom C.'s blog
Login or register to post comments