tag:blogger.com,1999:blog-11439698149647352682024-03-04T21:47:16.841-08:00Kyplex Cloud Security BlogKyplex blog is a blog of Kyplex ltd the creator or web security scanner and website antivirusKyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-1143969814964735268.post-66085084310088745952012-07-23T05:06:00.000-07:002012-07-25T01:34:43.372-07:00Food for Thought: Does locally installed antivirus solves your website problems?If you are a website owner that knows nothing about network and security; this post
is for you! In this post we would describe briefly classical security vulnerability and observe the difference between local and external antivirus scanning.
How does a web-server works for us?
When you type the following url on your browser address bar, http://www.mylovleyblog.com/articles/coocking
few Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-81571825094946201792011-08-06T12:24:00.000-07:002011-08-06T14:25:59.346-07:00PHP Security: Automatic Integer ConversionHello AllThis time I would like to cover security bug that I have seen today while doing some tests with our security scanner. We have added special signatures to our ZeroDayScan web security scanner to check for such bugs. In brief PHP has another method that can be used to perform SQL injections. This is not widely known bug for PHP community.PHP is very popular language used in a lot of Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-88665228559887895752011-07-26T00:09:00.000-07:002011-07-26T00:34:35.974-07:00Casper Downloader gets shell accessOne of our clients got hacked and we urged to help him to identify the security issue that the black hat hacker discovered to break into his website.This specific customer had some outdated software that allowed the users to upload arbitrary files. The fraudster used that script to upload PHP script on his website and got control over the website. After that, this PHP script downloaded IRC bot Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-70771738435812309232011-03-31T02:38:00.000-07:002011-03-31T03:11:36.367-07:00Using curl to download password-protected pagesWe are rebuilding one of our sites witch was used as a blog in the past. We decided to republish one of it's posts here.Sometimes, for the research we need to download massive amounts of content from password-protected websites. It can be done manually using Internet Explorer, though it becomes a problem when downloading large amounts of pages. Manually, it is a tedious task, which can be Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-66112103031507473392010-10-15T06:02:00.000-07:002010-10-15T06:13:33.234-07:00Website Virus DetectionToday I would like to tell you about a new and exciting feature that we have added to the scanner – Website Virus Detection. ZeroDay web security scanner now is able to identify malware urls in the scanned websites. Some of the ulrs, especially the ones crafted with iframe HTML tag, are opened in automatic way. So, if a user visits this page, his browser will be under attack. It happens because aKyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-85991933300563160032010-07-03T13:31:00.000-07:002010-07-28T13:25:19.642-07:00Number of connection errorsHello AllWe are constantly adding new features to our scanner. This time we would like to discuss our new feature that is important for all ZeroDayScan users. Our new reports contain a number of connection errors printed in the report summary. For example take a look at the following print screen.This connection error number specifies number of cases when our web security scanner had a problem Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-61553993595538901052010-06-01T12:29:00.000-07:002010-06-01T13:33:18.188-07:00Great review by KillerStartups.comWe have great news for all our users.Our web security service was just reviewed by the leading KillerStartups.com blog covering the hottest start-ups over the internet.Here is a direct link to the review page: http://www.killerstartups.com/Web-App-Tools/zerodayscan-com-scan-how-secure-your-site-isVote for us and spread the world about our service!Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-17574066789006356142010-05-13T13:27:00.000-07:002010-05-17T23:09:07.904-07:00The ZeroDayScan scanner and Apache's mod_securityHello,Today, while digging into the security scanner's logs, I found a strange response returned from one of the servers. We got "406 Not Acceptable" response saying that "An appropriate representation of the requested resource /xxx/yyyyyy.php could not be found on this server."After some research, it turned out, that this error originated from the mod_security Apache module. This is a great toolKyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-35695922204863842652010-04-26T14:20:00.001-07:002010-05-15T02:46:13.245-07:00Full path disclosure bug in Drupal 6.16 (0day)Hello,This time, we would like to share with you a few bugs ZeroDayScan found in default Drupal installation (Drupal 6.16). Both of these bugs lead to full path directory disclosure in the default Drupal installation.Why it is important?Full path directory disclosure bugs allow the attacker to study the internal structure of your website. It is very helpful in case SQL injection is found on the Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com6tag:blogger.com,1999:blog-1143969814964735268.post-63650129748567188402010-04-20T05:57:00.000-07:002010-05-15T02:27:03.400-07:00Port Scan Feature AddedHello everybody,We have some very good news for all of our users. As you should know, we are constantly working on adding new features to our web security scanner. Recently we added a new application feature that I would like to share with you. That is the port scanner as part of the free scanning service.So if you submit your website to our security scan, together with all the SQL Injections andKyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0tag:blogger.com,1999:blog-1143969814964735268.post-91212368118071217392010-04-19T10:57:00.000-07:002010-05-15T02:25:01.527-07:00Welcome to zerodayscan blogHello All,Welcome to the zerodayscan blog. Here we are going to publish project news as well as interesting security findings.Kyplex Cloud Security Bloghttp://www.blogger.com/profile/13504218104415284464noreply@blogger.com0