5WordPress Security: Securing Sites From Hackers / Future Attacks

WordPress Security
As WordPress is the most popular CMS available on the web but also vulnerable to threats if we don't follow the necessary security measures.

In one of previous guest post, Sarah Rexman mentioned some tips about securing WordPress and in this post I'm gonna share my own experience. While working as freelancer on oDesk, Elance and Freelancer; clients always have issues about securing their sites from hackers and ask about how to prevent from future attacks. So consider these points to secure your WordPress site for now and future:
  • Keep your WordPress up to date. Latest stable version is 4.0.1 released on 20th November, 2014.
  • Keep your all plugins, themes up to date.
  • Always keep backup of your database, files and make it update after some interval.
  • If site has been compromised, then you must change your salt keys from your wp-config.php file under root directory. You can generate new keys from here. It will force all users to have to log in again.
  • Change your all passwords associated with site at regular interval.
  • Use strong passwords for all logins. Include the mixture of atleast one uppercase letter, lowercase letter, special character, number.
  • Change your WP-Admin username from admin to some other name.
  • Change database prefix from wp_ to some other complicated characters.
  • Make sure timthumb script is updated if your site using it. For outdated script, use Timthumb Vulnerability Scanner plugin to patch.
  • Use plugins after testing it properly. Going through plugin review, Google search will let you know about the reputation of the plugin.
  • Keep track of latest visitors through log files for tracking site users. If you find any suspicious activity at any particular time, then logs files might help you to know a bit about the attacker.
  • Change permissions for .htaccess, wp-config.php, themes main files to 444.
  • Proper file permissions for other files and folders. Best practice is to use 644 for files and 755 for folders.
  • Keep your own system virus free.
  • Always try accessing the site credentials from your own system only.
  • Validate all user inputs  like URL, image uploads etc.
  • Keep track of WP-Admin, FTP accounts user section for any unauthorized user.
  • You can also use Wordfence plugin to monitor from malicious scripts.
  • Put some security to the server on which your site is hosted, either it hosted on dedicated or a shared server.
  • Keep updated with latest vulnerabilities.
Is your own site get infected with malware/virus, contact me through contact form to get rid of malware with future security implementation. In some cases, site might be hit by pharma hack, you can check it either through site content or by searching your site on Google with query "site:example.com pharma"

Having any further issue? Please comment down!
Read more »

0How To Protect In Cafe/Public Computers While Surfing Internet?

Protect in Cafe
People who surf internet on cafe/public computers, are more vulnerable to be hacked, reason is simple! They are unaware from the software installed on public computers, their privileges. It's always secure to access internet from your personal computers, but some times you have to access it from other places like cafe, your friend computer. So what if you wanna to secure yourself from these hacks? Two things you must keep in mind while surfing from pubic computers:

1. Always prefer to private browsing. Mostly people are unaware from this wonderful feature of browsers. So what is private browsing and how to enable it?
  • Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited, private browsing do not save Visited pages, History, Passwords, Cookies and Cache files.
  • For enabling it, press Ctrl+Shift+P for firefox and IE users (For chrome use shortcut Ctrl+Shift+N or check my other post Incognito Window In Google Chrome For Safe Browsing), a prompting window will ask you for starting private browsing.
2. Use On-Screen Keyboard. What to do if you think there is suspicious keylogger installed on system. Don't take risk, use on-screen keyboard. Keyloggers captures information from normal keyboard only. So whenever you do login on your personal internet banking accounts or else, always prefer to use virtual keyboard. You can open it by typing OSK in run.
Read more »

2Tutorial On Shoulder Surfing Technique & How To Prevent From It

Shoulder Surfing
Hello everyone!! Today I'm gonna tell about a cool & funny hacking technique named Shoulder Surfing. Mostly among you would've use this technique before too, but never knew about its name, so let me clear what is shoulder surfing in brief:

Shoulder surfing is the way to obtaining information by looking over any person's shoulder (It's similar to cheating in exam from someone sitting ahead you). For e.g. while filling your personal data like email, password, security pin or while doing transactions from ATMs, person behind you can see what you're typing & grab the sensitive information. It seems weird, but persons who're very slow in typing, mostly become victim of it. Shoulder surfing can also be done through long distance by using binoculars.

How to prevent from this hacking technique?
  • As I recommend, type fast as you can.
  • Know who's behind you while typing.
  • At last but not least, pick strong passwords for email accounts, transactions (so that the person behind you even could not make a guess about what you typed).

    And the best way I found on Google:

Shoulder Surfing Prevention
haha :)
Read more »

3Tutorial On Information Gathering / Foot Printing (Hacking Technique)

Information Gathering
Information gathering or Foot printing is the basic technique of hacking which includes gathering maximum information about the target computer systems. It is a very important part of hacking because the more information about target system we have, more the number of attacks we can launch. Information gathering is the important technique because all other process of hacking based on information that you have. Therefore we must know what information to gather, where to find it, how to collect it & how to process the collected information.

Let's start with an example: Suppose your designation is as a hacker in your company & company wants some information about the target system like physical location, IP records and some details about the specific domain. What you've is only the domain name (e.g. www.example.com) or IP address. There are some practical steps you need to follow while gathering information about target system:
  • First step is to finding the IP address:
    • Go to command prompt> type ping www.example.com
    • It will give you IP of the target system.
  • After getting IP, next step is to know about the physical location of the victim:
    • Go to IP2location from here, enter the IP in search field & hit enter.
    • It will give you details about the physical location of the victim.
  • Now, we have to find out the details of the domain (example.com):
    • Go to who.is or whois.domaindetails.com & type the site address of victim.
    • It will give you details about domain owner, server, domain expiry/creation date.\
  • Use Traceroute for tracing the websites path:
  • Use Google for getting more information about the victim.
Following above methods will help you in getting maximum information about the target system & if you need further information, then google it with your queries.

Some of the tools used for information gathering are nslookup, traceroute & Nmap. Very soon, I will explain about Information Gathering technique using Back Track.
Read more »

0A Guide To Google Hacking Techniques

Google Hacking
Hi everyone!! As we all know Google is the major search engine and #1 ranking site and it's like a part of our daily routine.

Google hacking does not mean to hack Google's site/server, it means likely to be smart in Google search. Almost every kind of information is provided there, but the thing is how you search your queries. In this post I've provided a PPT which is all about Google hacking techniques. I'm sure after completing the whole PPT, you would become more expert in Google search.

PPT is all about learning the basics of Google hacking and finding vulnerabilities in the websites.

You can download it from here.

Whether you search your queries as smart worker or hard worker in Google, depends upon how much you know about it! so start your smart work from right now.
Read more »

4Tutorial On DNS Cache Poisoning (Redirect abc.com By Entering xyz.com In Address Bar)

DNS Cache Poisoning
Hello guys! Today I'm gonna post about a hacking technique named "DNS Spoofing or DNS Cache Poisoning". DNS cache poisoning is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's). This trick is commonly used by hackers for redirecting original site to fake site (like opening Facebook, Gmail, Orkut would open fake facebook, gmail, orkut). Let's understand it by taking an example:
  • Go to C:\Windows\ System32\ Drivers\ etc\ Hosts
  • Open it with notepad.
  • Write 67.195.160.76 www.google.com below 127.0.0.1 localhost like that:
    127.0.0.1 localhost

    67.195.160.76  www.google.com
Where 67.195.160.76 is IP address of yahoo, you can change it whatever you want. If you are thinking about knowing IP address of any site, then go to command prompt> Type ping site name, for e.g. ping www.facebook.com


Note: Even you can use it for phishing purpose.
    Read more »

    2Internet Download Manager v6.0 Beta Full Version Without Using Any Keygen

    IDM Logo
    Download Internet Download Manager v6.0 Beta Full Version Without Using Any Keygen. So no need to be panic. Just download this IDM version and access the full version's feature without any keygen.

    You can download it from here.

    Note: Never update it, when IDM will ask for updating it.



     
    Read more »

    2How To Know Location Of Victim & When Your Mail Has Been Read?

    SpyPigHello friends! So do you wanna to know when your friends read your email? Now you can find out when your email has been read by the recipient! No more guessing: "Has he or she read my email yet?"

    SpyPig is a simple email tracking system that sends you a notification by email when the recipient opens your message. It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others, follow these steps:
    • Enter your email address under step 1.
    • Any title under step 2.
    • Select image & then copy image location if you are using firefox, paste it in message body or simple drag & drop image, then send it as an attachment to the victim.
    • When victim will open it, you will receive a message with subject "Your email has been read with contents:
      • Email Title:
      • Sent by You:
      • Your IP Address:
      • Opened by Recipient:
      • Recipient Location:
      • Recipient IP Address:
    Note: For more information, visit SpyPig website.
    Read more »
    © 2014 Learn The Basics Of Ethical Hacking About | Site Map | Privacy Policy | Contact