Late last night I realized that the traffic for Question-Defense.com was way down for the day and thought it was related to some recent updates I had performed on the site. I spent probably an hour or so last night verifying that nothing was out of the ordinary with the site and wasn’t able to find any issues. Upon waking up this morning the traffic again was extremely low for this time of the day even on a Saturday so we started to investigate. One of the referrers that traffic had dramatically decreased for was Google so we went to Google and performed a search that we knew would return a link to Question-Defense.com. Sure enough upon clicking on the link to Google we hit the question-defense.com URL and then we were immediately redirected to finditnow.osa.pl. Below we describe the issue in more detail, provide specifics about how our site was hacked, and provide the information needed to locate and resolve the problem.
Recently there was a 0-day vulnerability posted for WordPress which allows users with edit post capabilities to issue SQL injection attacks against the WordPress site. Depending on the type of site that you run this isn’t a huge deal unless you allow any users that sign up to edit and publish articles on the WordPress site. One of the things that could help assist in this type of scenario is knowing who logins in and when as well as knowing if there are failed logins which could help indicate malicious activity. Below is information on a plugin that can accomplish both of these goals.
Lately I have had a lot of requests on how to install Sun’s Virtual Box on Backtrack 4. Virtual Box is a virtual environment similar to Vmware but it is free. Virtual Box will allow you to run other operating systems on your host. This can be useful for security because you will not harm any one or any thing will practicing.
It should be noted that adding third party repositories to any distribution can cause problems. That being said, many of us have downloaded and installed Virtual box using this method with out any problems.
Below I will outline the few simple steps to install Virtual Box
Typically when I need to use tshark I do so on a Linux server however there are times where it is convenient to have tshark available on my Windows 7 laptop. The TShark application is installed with Wireshark so installing TShark is very easy using the Wireshark GUI intsaller on Windows. One thing that makes tshark more useful is adding the tshark.exe executable to your PATH on Windows so you can open a command prompt and use TShark from any directory. Follow the directions below to first install Wireshark and then to add the directory that includes tshark.exe to your Windows 7 PATH.
I was creating some demo videos for a class I am giving in a few weeks and I decided to post a few that I will not be using. This is the first in a series of Metasploit Attacks I will be showing. As always, these things are for instructional use only. Special thanks to…