Types Of Server Sides Risks?

People require high security for internet. Most of people find it convenient to manage their bank accounts and business with the help of the internet. In such situation, the web security becomes the most important field in the network security. The interactive forms are written in HTML. Users type the information and send the request to the server to store the information by the user. 

The request launches a script on the server that processes the data supplied by the user but the result may be much unexpected which raises the need for server side security. URL Manipulation, unexpected user input, cross site scripting, buffer overflows and heap overruns are all famous known server side risks. All of these risks will be explained in this article. 

1. Conventional security

Conventionally, a firewall is placed between the web server and the internet so all the HTTP traffic reaching the web server will be secured. The firewall will allow only that traffic to the web server which fulfills all the requirements of the firewall. In this way, the web server can be saved from attacks to a great extent. 

2. URL Manipulation

In URL manipulation, some parameters of URL are changed to get different results. The user id present in the URL can be manipulated to get the access of the account of any other user. If * is placed at the place of user id, one can get the list of all the members listed in the data base. Input of any user can be accessed and manipulated present on the page which is the great threat to security and privacy. If there’s a site about Medifast and Nutrisystem coupons containing personal details of different users, then you can manipulate the URL to access personal details of other users.

3.  Unexpected User Input

When the server gets the unexpected user input, crashing of the server is the best reaction. Otherwise it will provide the control of the server to the attacker. The attacker may then use the server for whatever he wants to do. He can corrupt your database, download complete database and delete your database. If you don’t have a backup, what are you going to do?

4. Cross site scripting

In cross site scripting, attackers place malicious script on the trusted host’s end. The user may download that malicious script from the trusted host without realizing that this code is dangerous for the security. Sometimes, the server displays error page but due to malicious code, it may appear as a normal login page to the user. The user will enter the required information which can be misused as it will be sent to the attacker.

5. Buffer Overflow

The attackers may launch the attacks which results in access violation, instability and code injection. It may destruct the data stored in the database, causes the malfunctioning of software and many other destructive actions could be performed.

But what’s the solution then? You need to consider a few points to overcome the server side risks. Cryptography should be used to send the whole data in the query string. On the server side, the user input should be filtered and all the characters which are used in the scripting language should be removed.

Read More

How To Sniff VOIP Session Using Cain

Voice over Internet Protocol (Voice over IP, VoIP) is one of a family of internet technologies, communication protocols, and transmission technologies for delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. Other terms frequently encountered and often used synonymously with VoIP are IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, and broadband phone.

Cain is an excellent software which can be used for sniffing a VOIP, There are couple of methods to sniff a VOIP session but in this tutorial I will explain you how you can use a Man in the Middle Attack with Cain and Abel to sniff a VOIP conversation.

Sniff VOIP Session With Cain

So here is how you can capture a VOIP session on your network:

Step 1 - First of all download Cain  and install it.

Step 2 - Once cain is successfully installed go ahead and launch it, Now launch the sniffer by clicking on a small green button just below the file option

Step 3 - Next click on the blue "+" at the top, choose "All hosts in my subnet" and click ok

Step 4 - This will show you all the active hosts on your network.

Step 5 - Next goto ARP tab at the bottom and press the blue "+" sign, select the hosts on which you want to you want to perform a man in the middle attack and click ok

Step 6 - Now just click on the little yellow "Microtoxic" button at the top to launch the ARP Poisoning attack which is the real name for Man in the middle attack..

Step 7 -  Next click VOIP tab at the bottom and if cain has captured a VOIP session, you will get similar results.

I hope you have enjoyed reading the post, I will write also write an article on protecting your VOIP sessions in the upcoming posts.

Read More

How To Find The Wordpress Version Of A Website/Blog

When ever a hacker tries to attack a CMS(Content managing system) the first thing which he usually does is that he tries to find out the version number of that CMS, So he could go and search on Exploit databases for possible exploits, In a wordpress blog by default you can easily find out some one's version number by just viewing the source of that particular blog.

 Now it's not a good idea to expose your version number because it will make your Website/blog more vulnerable to hackers, There are couple of ways through which you can hide your version numbers, The simplest one is to add the following code inside your functions.php file

remove_action('wp_head', 'wp_generator');

Moreover there are couple of other plugins which can help you hide your wordpress plugin, Just google for them.

Readme.html File Bug

Well even if any one is using plugins to hide their wordpress version number, it is still possible for a hacker to determine your version number, All the hacker has to do is to add "/readme.html" after the websites URL.

Countermeasures

• Use a good plugin that can hide your wordpress version number.

• Always update your wordpress to the latest version.

• Either delete readme.html file or change it to some thing like readme.php file.

I hope you have learned something new today, Feel free to comment.

Read More

Twitterfeed For Auto Tweet Tricks For Blogger And WordPress

Twitter is one of the best arrangement to boost traffic If you have twitter tab then I suggest you use twitterfeed to auto post your blog posts to twitter here there are four step tutorial.

Step 1 :The simplest way to involuntarily peep your blog posts is through Twitterfeed. Go to http://twitterfeed.com

Step 2:Login to Twitterfeed using your OpenID. If you have a Blogger tab, you will just need to point out Blogger from the list of doable logins and penetrate your username. For develop, if the URL of your Blogger blog is http://abcdefg.blogspot.com, then your username is abcdefg.

Step 3:With sorting in, you will be able to go to your Twitter feeds. This gives you the selection to penetrate a new feed. Click on “Start New Feed”. Penetrate your Twitter name and password, as well as the URL for your RSS feed. Adjust the settings for how regularly you want Twitterfeed to check your blog for new posts, and click “Start”.

Step 4:That’s it! Now, when you start a Blogger blog post, a peep will involuntarily be made and posted to your Twitter tab.

Read More