The popular blog system WordPress has already existed for ten years. It is one of the most frequently attacked systems of this kind. Since 2004 more than 200 security gaps have been known in WordPress. Pre-built exploit attacks allow an attacker to inject and execute its own code, 43 such attack boxes are known. However, other PHP-based content management systems such as Drupal and Typo3 have many weaknesses. There are also numerous gaps in PHP itself.
In April of this year, 90,000 remote-controlled zombie hosts from a bot network attacked many WordPress installations to gain admin access. Attacks on blogs can be politically or criminally / economically motivated. Mass attacks such as those from April are used to acquire extensive resources that are then abused for criminal purposes, including the spread of harmful programs (malware). So-called defacements are partly politically motivated, partly pure vandalism. Attacks can hit any blogger.
The security company Kaspersky Lab has published several checklists (see left) to help blogs better protect their blog against attacks. It is important that safety aspects are already included in the concept phase. This includes rights management in order to minimize the accessibility of third parties. In addition, the use of plug-ins should be minimized to minimize the attack area. Even before an attack, regular backups as well as the acquisition of security-related knowledge can limit the possible damage.
Attacking vectors against blogs, first aid after attacks on blogs, protection and protection, PHP protection
No comments:
Post a Comment