Centrora Security 4.1.1 for WordPress Firewall is released

Version 4.1.1 is released, here are the change logs:

* Improved: Improve respond actions for virus scanner to hanle network error
* Improved: Added restrictions on SQL user connection for Virus scanner, so it will queue until the connection is released to avoid heavy mysql server load
* Improved: Improved language tags in the virus scanner
* Improved: Improved Development mode detection function to avoid errors for some servers

The virus scanner function has been improved in order to avoid heaving SQL server burdens when the 8 scanning threads starts at the same time. See below for a capture of how it works.

Virus Scanner in version 4.1.1
Virus Scanner in version 4.1.1

Read More

[SQL Injection Vulnerabilities] WordPress Plugin Symposium 14.10

If your website is infected by SoakSoak malicious codes, simply subscribe a plan and activate the subscription in your website. We will help you clean the website shortly.

Subscribe Now!


This vulnerabilities has been fixed, if you are using version lower then 14.11, please update to version 14.11

http://www.wpsymposium.com/2014/11/release-information-for-v14-11/

https://downloads.wordpress.org/plugin/wp-symposium.14.11.zip

 

Read More

SoakSoak Malware Attack Update

If your website is infected by SoakSoak malicious codes, simply subscribe a plan and activate the subscription in your website. We will help you clean the website shortly.
Subscribe Now!

We found out another website with the SoakSoak infection, and finally track down the malicious codes are uploaded into the following folders:

Such codes will inject the following codes into your ‘wp-includes/template-loader.php‘ file

This loads the javascript redirection code to be loaded on your website which redirects users to soaksoak.ru. See the source code of the attack:

SoakSoak Attack
SoakSoak Attack

Read More

Update your Centrora Security to Protect from SoakSoak Malware

Update your Centrora Security to 4.1.0 and enhance your protection with our premium version, simply subscribe a plan and activate the subscription in your website.
Subscribe Now!

 

The SoakSoak Malware compromises 100,000+ WordPress websites last weekend. The attack targeted the Slider Revolution Plugin Critical Vulnerability. To be specific, we will show how the attacker gained access to the victim’s website and add malicious codes

The attacker first used the codes shown at the bottom of this page to upload shell codes into your website, which is named ‘cmd.php’. Specifically, the cmd.php file has the following content:

The attacker can execute any codes in the URL once the shell code is injected into the server.

Next, the attacker will inserted the following content into your theme files or core plugin files in order to add the infected javascript file into every page of your website:

SoakSoak Malware Anatomy
SoakSoak Malware Anatomy

To protect your website from being infected by the attack, please

  1. Uninstall Slider Revolution/Showbiz Pro plugin for the time being until the plugins are updated
  2. Install / Update Centrora Security 4.1.0 to protect your website

If you are using 4.1.0 or lower, please update your plugin to 4.1.0, and access the firewall panel to ensure you see the firewall updated flag as shown below:

Firewall Rules Updated in 4.1.0
Firewall Rules Updated in 4.1.0

Attached Attack Codes:

 

Read More

WordPress Download Manager 2.7.4 – Remote Code Execution Vulnerability

If you are using WordPress Download Manager lower than 2.7.5, please update your pluign to the latest version, vendor has released update patches that fixed the issue.

 

Read More

Server migration completed

We have completed the migration to a faster server, so we can offer better service to all of our valued customers. Since we move our server, our plugin needs to be updated in order to perform the Firewall rules and virus patterns update function.

For WordPress users, please update the plugin to 3.6.6, which can be accessed here.

For Joomla users, please update the plugin to 3.6.9, which can be accessed here.

Read More