All-Round Defense

Hackers attack sites using vulnerable scripts, then the blame goes to web hosting provider for not implementing proper security on a server, or is compromised.
“I have been using the script over the years without any problem.”

Web Hosting Company says: “All server is intact, only your site got hacked. Update the scripts you are using to secure your site.”

Do you believe, most of the easily available CGI scripts are vulnerable, according to the survey conducted by most of the companies?

Once the cracker exploits the vulnerability of your scripts, reaches to your directory, and tries to install other CGI, PHP or other scripts and take control of your content. Now, it depends on the cracker what to display on the site.
Content is the key, and you loses control over it.

Most of the scripts available on the Internet not tested for the various parameters passed with URL. The look attracts you, and you install on your website, but forgets to check whether a script tested one. Novice programmers have the propensity to err, experienced ones do check their scripts properly, what is going to the server, and what server is responding to requests. Unskillful programmer leaves gaps in his programming, which smart hacker can easily exploit to gain access. You can say that not only code but that programmer is also a high vulnerability.

You can find institutes in every street, teaching programming to many novice students, and once the learn core of the programming with some database queries, they start doing programming; they are the inexperienced programmers.
These institutes cannot be blamed for that, as they can only teach how to use the programming language, but doing the programming in a secure way is inherit property, which the programmer learns by his experience.
How to build secure codes is not being taught in institutes that need to learn by research.
This new generation is in a hurry, they want to attain high heights in very short time, they are lazy to read the new stuff, and they are the people, who want to start using, before learning everything of that.
It is true, who, want to spend so much time.
Although experience teaches them all but learning from mistakes in this real world is not considered good enough.
“Who, sacrifice his website because you are in learning mode.”
Most of the Internet programmers choose PHP instead of Java, like most, they are reluctant of using dragon system resource. They love programming with PHP-CGI combination. I would say, most of the today’s people are not a programmer, they are the hackers, they just rebuild the already done scripts for the purpose, and the game is over.

PHP-Nuke parameter vulnerability problem

You might have heard about the well-known PHP-Nuke which allows the user to have a forum, chat and news service on their website. Thousands of website owners might have installed PHP-Nuke on their websites, and I do suppose, most of them are not aware of its vulnerability issue. It does contain the parameter vulnerability problem. All script parameters passed with the URL string of the browser. Developer assumed that the number only passed on it.

However, any real hacker, who do know the structure of the database used in the PHP-Nuke can easily exploit. Knowing the structure is also easy, as PHP-Nuke is a freely available script with its source code. A hacker can do SQL query to the database server with the ID parameter and can obtain the passwords of the registered users. You say that passwords stored in the decrypted form, but you agree, that it is very easy for a hacker to crack those and decrypt them.

Most of the free scripts do the Perl scripts. Perl was developed to manipulating the system and was not Internet intended. Programmers use them to handle the remote servers, but, then they, can also be used by hackers to take control of the dedicated server system.

It is advisable to do scanning on these free scripts before using them for vulnerabilities. Once, you are aware of those vulnerabilities you can find the ways to block them, and you cannot afford the leave the things for God to handle. Most of the Web Hosting companies do not help with the free scripts.

Threat intelligence firm Bad Packets has confirmed PHP RCE vulnerability CVE-2019-11043 actively exploited by attackers to compromise NGINX web servers having PHP-FPM (FastCGI Process Manager) feature enabled. The PHP development team patched it in PHP versions 7.3.11, 7.2.24, and 7.1.33.

Admin can check the server vulnerability by executing the following bash command:

egrep -Rin –color ‘fastcgi_split_path’ /etc/nginx/
  • If the command runs successfully, upgrade the PHP version, or mitigate the issue with WAF filtering.
  • check unauthorized modifications occurred in the system

Take measures to protect the site and patch all vulnerabilities. Prevention is better than cure, preventing hacker attack is much better than eliminating its consequences.