Using Centrora to scan malware is easier in 5.2.0

We are going to release 5.2.0 next week, but during the testing today by using a new scanning function we programmed to detect malware for a client’s website, we found that using 5.2.0 is very easy to detect suspicious files. Here is a screenshot of the modified core WordPress files and the suspicious files that we detected for this infected website:

New File Scanner


We checked the modified core files, and confirmed they are modified by hackers:

Scanned malware

We can’t wait to release this new and more powerful version of the Security plugin to the community!

Read More

Centrora Security 5.0.7 – The security tool you must love!

We are delighted to announce that Centrora Security 5.0.7 is released today, core changes include the following:

Download Centrora Security 5.0.7 Now

= 5.0.7 =
* Added: Administrator URL protection for both WordPress, Joomla and Suite versions
* Added: Security Manager Account management section to add a security manager account to manaage Centrora Security
* Enhancement: Enhanced CSS and UI support for OEM partners
* Added: Security warning message in configuration page to enable the Centrora System plugin for Joomla and Suite users

= 5.0.6 =
* Bug fixed: Suite version only – fixed errors showing in the administrator menus

= 5.0.5 =
* Bug fixed: Suite version only – JFactory not found error when loading the language tags

= 5.0.4 =
* Added: Added file upload logging function for premium users
* Enhancement: Enhanced the panel for allowed file extensions for file uploads

= 5.0.3 =
* Fixed: Fixed the Firewall checking warning message shows incorrectly when the firewall is turned on

= 5.0.2 =
* Enhancement: Improve the virus scanner and scanner report to use stricter patterns to avoid false alerts

= 5.0.1 =
* Enhancement: Change the virus scanner to use stricter patterns during the scanning to avoid false alerts

= 5.0.0 =
* Added: Brand New Look and feel! – We took valuable feedback from you our customers and revamped the look of Centrora Security. Give it a go, we think you will love it!
* Added: Help text to give users a better understanding of each configuration setting
* Added: Strong Password Enforcement under Firewall configuration settings
* Added: A What’s New section where you can view News of security and other related posts from our own security consultants – learn what you can do to harden your site’s security
* Enhancement: Merge Firewall Configuration Functions
* Enhancement: Improved firewall configuration settings layout – Rearraged & simplified configuration settings
* Enhancement: Reducted duplicate functions under Firewall
* Enhancement: Improved site navigation speed
* Enhancement: Changelog view under what’s new to get details of each release
* Enhancement: Improved Dashboard design (Phase 1) – expect more to come!
* Fixed: Audit page fixes to “Fix” button
* Fixed: Other minor visual bug fixes
* Fixed: Minor JS fixes for data pagination

Virus Scanner Version 5
Virus Scanner Version 5

Enjoy the better security solution for your Joomla and WordPress websites.

Read More

Slider Revolution (RevSlider) vulnerabilities

Recently the outdated versions of Slider Revolution vulnerabitlies leads to thousands of sites hacked. This post shows you one research on how the hack was performed and how we can use Centrora Security Malware scanner to scan the infected files.

The Hack

The main issue with Slider Revolution is its file upload handling in the WordPress Ajax function. It is reported that this issue is fixed in the latest version of the plugin (versions above 4.1.4), but  some of the themes mayinclude this plugin into their framework and do not update it. This expose your website to the hackers with this vulnerability.

To replicate, the Exploit DB provides three articles detailing how the hack can be performed and how to upload files to the website:

Hacking files usually will be uploaded to the following folder: /revslider/temp/update_extract/, this iis the first place the hacking file is uploaded, and the uploaded file usually is named as ‘update_extract.php’.

The findings in the real hack

In one of the website that is affected by this vulnerability, we find that the file contains the following codes:


When we decode this code, it returns the following PHP codes, which is a password protected script that allows the user to post commands to the server and do anything on the server:


Scanning the website

We further scan the website to check if any malware is uploaded into the server, and answer was yes, there are shell codes uploaded and they have to be removed.



For security reasons, we hide the file information that is detected by Centrora Virus Scanner from the screenshot below:


We help the client clean all these files.

Activate the protection

Once the malware is cleaned, we need to activate the Centrora Firewall protection in the php.ini by adding the following activation codes to the php.ini of the website:



Read More

Hardening your PHP setting

Customizing your PHP Configuration

In the System Audit section of Centrora Security, you usually will see some warning messages like the following:

System Audit Warning

If you see warnings in the above section, we highly recommend you change the PHP Configuration in your website. In most cases, you can customize your PHP configuration by creating a php.ini file in your public_html / htdocs /httpdocs folder, e.g.

In this php.ini file, simply put the following codes will harden your PHP configuration:

Sometimes you may be running PHP as an apache module, in such case, you will need to edit the .htaccess file in the public_html folde, and put the following codes into the .htaccess file:

Trouble Shooting

1. If you cannot change the PHP Configuration after trying the above methods, this indicates your hosting company does not allow you to change the PHP configuration by yourself. Please try to contact the hosting company and ask them to change the PHP Configuration to the following:

Read More

Using SSH keys on your server

This article is provided as a courtesy for web adminsitrators to enhance the server security. Installing, configuring, and troubleshooting SSH keys is outside the scope of support provided by Centrora Security.


An SSH key will let you automatically log into your server from one particular computer without needing to enter your password. This is convenient if you make frequent SSH and scp connections to your server.

You will create an SSH key on your computer, and then configure your server to accept it. This will allow you to automatically log into your server from this computer, without being prompted for your password.


Please do not set up an SSH key on a public or shared computer that does not use individual profiles. This will allow strangers to easily access your server.


Windows users using Putty (credits to MediaTemple for this tutorial)



1. Generate the Key

Run PuTTYgen.exe.


Click “Generate” and move your mouse.

Once the key is generated, enter your key passphrase.

Then click ‘Save public key’ and ‘Save private key.’

2. Select & configure your user

Let’s choose a user for which to create the SSH key. In our example, the user is “root” for “”:

Connect to your server as the root user.

Cut and paste on one line your public ssh key.

It should look similar to the following:

You will want to protect the file and change its ownership.

3. Add the private key

Run Pageant.exe.

This application runs in the background. When it loads, it should be displayed in your tray.

Right click the icon and click on “Add Key.”

4. Turning off the Password Authentication for the SSH server:

Open the SSH Deamon Configuration file:

Search PasswordAuthentication, change it to ‘no’, and ‘Port’, change it to a random number, e.g. 6799, save the file by using ‘CTRL + X’

Then restart the SSH Daemon, e.g.

Now, stay connected to the remote server, do NOT logged off from the server at this stage.

5. Connect using your SSH key with PuTTY

Open PuTTY and connect as “”

Putty Root Access

Since Pageant.exe has your passphrase stored, you connect without entering your password:

SSH root access


Linux users using Terminal

1. This step is performed in your server.

Make sure that you logged in as root in your server’s SSH terminal, then create the paired key in the terminal:

It will ask for a password for the key file so only you can access it, please enter a password and note down the password. Then the command will generate two files: a) the and b) myKey. The myKey file is a private key (like the key that you open your doors) and the is a public key (you can consider this as a lock of your door and only your private key can open this lock).

Now lcopy the content of the myKey file by using the vi or nano function, e.g.

You can now copy-paste the content of the myKey file into a text file in your own PC, and save it as myKey in your PC (and better to make a backup of the key into a backup hard drive).

Once the private key ‘myKey’ is copied and backup in your PC, you can delete the myKey file in the server:

Next, we need to add the public key into the authorized_keys file (adding this new lock into the door) so our new private key can log in (so you can use this new private key to open the lock)

Now, let’s make sure the permissions of the authorized_key is correct.

2. Turning off the Password Authentication for the SSH server:

Open the SSH Deamon Configuration file:

Search PasswordAuthentication, change it to ‘no’, and ‘Port’, change it to a random number, e.g. 6799, save the file by using ‘CTRL + X’

Then restart the SSH Daemon, e.g.

Now, stay connected to the remote server, do NOT logged off from the server at this stage.

3. Testing if the key is working correctly

First, open a NEW terminal, we need to load the key in your PC, now make sure you open the terminal in your local PC by logging in as root, e.g.

Once you enter your password and logged in, add the private key, assuming that your key is stored in this folder: /keys/myKey:

Now, try to login to your server:


If you can login without entering the root password, that indicates your paired key is working correctly. If not, repeat step 1.

Read More

Centrora Secuirty 4.9.0 – Enjoy your Google Drive Free Quota

We are delighted to announce that Centrora Security 4.9.0 is released today, core changes include the following:

Download Centrora Security 4.9.0 Now

= 4.9.0 =
* Added: Add Google Drive backup
* Added: Feature Requests #91: Back up function Offer other Options for Low server memory constraint users
* Added: Support for larger file size uploads (cloud backup)
* Added: Feature Requests #124: Add manual update function in the admin backend
* Added: Feature Requests #167: Add download virus pattern function to virus scanner section
* Enhancement: Improved backup Upload time – Faster More efficient Cloud Backups.
* Enhancement: Split backups for manageable file sizes
* Enhancement: Backup option for timeout constraint servers (during filesbackup )
* Enhancement: Improvements #119: Reorganise Menu System for better navigability
* Fix: Scheduled backup function fixes
* Fix: Bugs #85: Creating Backup Zip fails for some users
* Fix: Bugs #127: Premium Subscription multisite login Issues
* Fix: Bugs #161: Email template mass
* Fix: Minor UI fixes
* Fixed: Fixed warning error: “Undefined property: stdClass::$ischecked in fwscanner.php”

Centrora Security 4.9.0

Enjoy the better security solution for your Joomla and WordPress websites.

Read More