Finding your php.ini

o find your php.ini file all you need to do is enter the following command into your SSH Terminal.

php -i | grep php.ini

It will show you the directory copy and paste the directory, mainly the url (/usr/local/lib/) as bellow:

root@hostname [~]# php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

Block IP ranges on CSF?

OK, so you wish to block a IP range from your server using cPanel/WHM.

We’ve always recommended CSF for the firewall on your VPS running cPanel and to do this on CSF go to the ConfigServer Security&Firewall then do the following:

If the IP was: 12.345.678.90

Quick Deny Red block type in:

To deny IP Range: 12.345.678.xxx use: 12.345.678.0/16

To deny IP Range: 12.345.xxx.xxx use: 12.345.0.0/16

To deny IP Range: 12.xxx.xxx.xxx use: 12.0.0.0/16

/dev/shm is not mounted with the noexec,nosuid?

Getting the error in ConfigServer Firewall?

/dev/shm is not mounted with the noexec,nosuid options (currently: none). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount.

Simply follow the following:

Use the command: nano /etc/fstab

Replace this line: tmpfs /dev/shm tmpfs defaults 0 0

With this one: tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Then Remount: mount -o remount /dev/shm

If you need support just contact our team who will be happy to help.

Russia May Be Unplugged from the Internet

The Russian government is considering radical plans to unplug the country from the worldwide web in the event of a serious military confrontation or big anti-government protests.

Vladimir Putin scheduled meeting of his security council to discuss what steps they may take to disconnect the locals from the Internet “in case of emergency”. This move will help them strengthen the country’s sovereignty in cyberspace. One of the proposals is also to bring the domain .ru under state control.

Today most of the Russian youth do not watch TV or read newspapers. Their flat screens are connected to their laptops which stream online shows and movies. This is not just about the annoying commercials and stupid local TV shows ¬– the matter is that Russian TV and most of the country’s newspapers are already under the Kremlin’s thumb. However, unlike in China, the Internet in the country has so far remained a comparatively open place.

The discussion over “unplugging” the Internet comes at a time when Russia has been bitterly critical of the western media over the situation in Ukraine. The information war escalates, and nobody can tell for sure who is really involved there – on both sides of the conflict.

So, Russia may decide to introduce the new measures early in 2015. The government needs some time to reduce the country’s dependency on the US technology and digital infrastructure, fearing that its communications can be vulnerable to US spying. The suggestions were to build a “national Internet”, which would be a domestic intranet. The government may also strengthen control over ordinary Russian users and their digital habits.

Although it is unlikely that Russian officials would really disconnect the Internet, the moves may be a real step forward in the development of a besieged fortress mentality. While earlier these ideas were mostly to do with so-called government communications, which could make them independent from western technologies, it seems that now they want to expand this crazy idea to the entire Russian Internet.

By the way, the experts point out that it would be technically possible for the government to shut off the Internet. The matter is that Russia has surprisingly few international exchange points, and all of them are under the control of national long-distance operators, which are close to the authorities.

The most worrying thing is the security council’s proposal to take control over .ru (Russia), .su (Soviet Union) and .?? (Russian Federation in Cyrillic) domains. Now they belong to a non-government organization, and many are hosted abroad.

If the decision is approved very quickly, it would open the way to the next step – to force all domains in the .ru zone to be hosted in Russia. It should be noted that Kazakhstan, an authoritarian state intolerant of online criticism, did the same a couple years ago.

However, the Russian authorities explained that they are not going to unplug the worldwide web to escalate the information war – they rather want to protect Russian cyberspace in case of further Western sanctions that may affect the Internet. One has to admit this approach makes sense.

Everyone knows that the Russian economy, which is already teetering on the verge of recession, is also reeling from the stringent Western sanctions over Russia’s alleged(!) involvement in the Ukraine conflict. In fact, it is really strange to discuss its involvement in the destiny of the country, where almost all population is Russian. In result, Washington and Brussels have introduced sanctions that are the toughest punitive measures since the cold war. As the Russians themselves admit, they never noticed the impact of sanctions of the both sides on their daily lives.

Source: ET

Worldwide Web Accounts for Billion Websites

For the first time ever, the number of websites on the Internet has gone above one billion and continues growing. The statistics updated in real time by online tracker Internet Live Stats and tweeted by Sir Tim Berners-Lee (who is known as the father of the Internet), over a billion companies and individuals have their own page today.

According to the statistics, the agency responsible for managing addresses on the worldwide web expands choices far beyond .com and .net in order to provide more online real estate for the ever increasing number of websites. The experts admit that such sort of growth is not back for a technology that celebrated its 25 anniversary in April 2014.

The Internet was born from a technical paper from Sir Tim Berners-Lee, at the time an obscure, young computer scientist at a CERN lab in Switzerland. He outlined a way to easily access files on linked personal computers.

Today over 40% of the world’s population are connected to the Internet, and the number of Internet users worldwide is quickly approaching 3 billion – almost half of them come from Asia. According to the statistics, 2.3 billion emails are sent in each second, and not all of them are spam adverts. Over 75% of websites today are inactive, but are parked domains or similar. People view more than 88,500 YouTube videos in a second, and not all of them are cat related.

Finally, the number of new websites more than doubled two years ago, but then it decreased by more than 20 million. On the downside over 25,000 sites have been hacked and are probably sending out part of those 2.3 billion emails mentioned above.

Original Source: ET

How to Detect SQL Injection Attacks

SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode’s 2014 State of Security Software Report , SQL injection vulnerabilities still plague 32% of all web applications. One of the big reasons is the attractiveness of the target – the database typically contains the interesting and valuable data for the web application.
A SQLi attack involves inserting a malformed SQL query into an application via client-side input. The attack perverts the intentions of web programmers who write queries and provide input methods that can be exploited. There is a reason they’re on the OWASP Top 10. Termed “injection flaws”, they can strike not only SQL, but operating systems and LDAP can fall prey to SQLi. They involve sending untrusted data to the interpreter as a part of the query. The attack tricks the interpreter into executing commands or accessing data. Attackers use this exploit to modify entries in your database, execute commands on the database (delete databases, change permission and so on) and read and exfiltrate data from your databases.
Examples of SQLi attacks can be found on the OWASP wiki.  The underlying flaws enabling SQLi attacks are introduced when developers create dynamic database queries that include user input.
Remediating SQLi attacks involves fixing coding defects that allow user-supplied input that can contain malicious SQL from modifying the logic of the query.  The OWASP wiki details some suggested defenses that application developers use to avoid introducing SQLi-enabling flaws.
The first step in dealing with SQLi exploits is detecting and investigating them.  When under attack, the following questions are critical:
  • When was I attacked?
  • Where was I attacked?
  • How widespread was the attack?
  • Were any files or tables overwritten?
  • Who is attacking me, and are others being attacked as well?
Using AlienVault USM to Detect SQL Injection Attacks
can help you detect these attacks and answer the questions above with several integrated security technologies including host-based IDS, network IDS and real-time threat intelligence.Network IDS spotting SQLi

The built-in to AlienVault USM gives you the ability to monitor all connection requests coming to your web server, plus it includes built-in correlation directives to spot activity indicative of a SQLi. Since the threat landscape is always changing, the Network IDS signatures are updated weekly based on threat research conducted by the AlienVault Lab research team, so you can stay current on new attacks.
Host IDS detecting SQLi by watching file activity
USM also includes a so you can monitor activity locally on a server. In this case, the HIDS agent would be installed on the web server itself, parsing the logs on your Apache or IIS server. Again, the built-in correlation rules in AlienVault USM make it possible to detect activity consistent with SQLi attacks and alert you immediately.  The AlienVault HIDS also monitors changes to files so you have visibility into which files and tables in your database were affected by the attack.
Here’s an example of the USM console displaying SQLi and the associated threat details:
HIDS Dashboard
AV 1
List of Recent SQLi Events
AV 1
Details about the Threat
AV 1
Real-time Threat Intelligence from the AlienVault Open Threat Exchange
In addition, AlienVault USM uses real-time threat intelligence from the AlienVault ) to spot connections with known bad actors. These are known malicious hosts or attackers whose IPs have shown up in OTX because they attacked other OTX contributors, have been identified by other threat sharing services we use, or have been identified via independent research conducted by our AlienVault Labs team.
OTX data provides context to the IDS information and can increase your confidence that a threat detected is malicious, since the activity you are observing is from a known malicious host. In addition, USM combines and correlates input from HIDS, NIDS and OTX via its built-in Security Information and Event Management (SIEM) capabilities, giving you the full picture of threats in your environment.
AlienVAult USM provides a single console with the information you need to do fast and effective incident response. Learn more:

Dropbox Disclosed Data on Government Requests

According to Dropbox’s transparency report, the service received 268 requests for user information from the authorities in the first half of 2014. Besides, the service also received 37 requests for information from abroad, noting that now Dropbox requires non-US governments to follow the Mutual Legal Assistance Treaty process to make a US court issue the required legal process to the company. Last year, Dropbox received 90 requests from abroad.

It is the first time that Dropbox published its transparency report biannually, also sharing data on how many national security requests were received from the American government. However, like other companies, Dropbox is only allowed to disclose the existence of these requests in a nonspecific aggregation. This means that the most information it can share is that “0-249” requests were received, affecting “0-249” accounts.

Of course, that number is small compared to 300 million users of Dropbox, and especially compared to millions of requests Google receives at the moment. However, the service points out that all the requests are treated seriously and scrutinized to make sure they satisfy legal requirements before complying. Dropbox also claims to push back in cases where agencies are looking for too much information or have failed to follow the proper procedures.

In result, the service handed over content 103 times, and “non-content” (such subscriber data as the name and email address; the date of account creation and other transactional information including IP addresses) was handed over 80 more times.

Dropbox also stressed its commitment to informing users of any requests from the law enforcement authorities for their information. At the same time, government agencies ask the service not to notify users of requests for their information, even when they are not legally entitled to do so. If Dropbox receives a request coming with a gag order, it will inform the requesting agency of its policy and let users know about the request unless the agency provides a valid court order.

Dropbox releases the transparency report for the third time now, but it hasn’t prevented attacks from Edward Snowden, calling the company “hostile to privacy” and blaming it of cooperating with NSA under the PRISM program.

Source: ET

By: SAM

Apple Promised to Enhance iCloud Security

The tech giant is going to add more security steps that would allow to keep hackers out of user accounts following the celebrity nude photo scandal. In addition, Apple will aggressively encourage users to take stricter measures.

The company will alert users via email and push notifications when detecting an attempt to change an account password, restore iCloud data to another device, as well when a device logs into an account for the first time.

Apparently, the company is moving quickly to restore confidence in iCloud security ahead of the very important event for Apple: the launch of its new iPhone is scheduled for September, 9. This is why the tech giant is going to broaden its use of the two-factor authentication security system in order to prevent future intrusions. If you don’t know, two-factor authentication demands users to have two of three things to access an account: for example, a password, a separate 4-digit one-time code, or a long access key the user gets on signing up for the service.

Apple is going to more aggressively encourage people to turn on the two-factor authentication in the new version of iOS, which release is also scheduled for September. The company explained that the attacks on celebrities’ iCloud accounts were individually targeted, and the investigation revealed that none of those cases had resulted from a failing of Apple systems.

iCloud allows the owners of Apple devices to store pictures and other material and access it from any iOS or Mac device. Although security in the cloud has remained a concern in past years, it couldn’t stop the rapid adoption of services offering reams of storage and management of data copied across from phones and computers.

A number of security experts claimed that the tech giant failed to make its devices and software easier to secure via two-factor authentication, as the latter requires a separate verification process after the initial log in. They argued that Apple could do more to advertise that option, since most people naturally don’t bother with security measures because of the extra hassle. They explain that the usability battle will always be there, but you can’t ever imagine using the bank card at an ATM without entering a pin. This is exactly how two-factor works: you have a card and you know a pin. One doesn’t work without another.

Source: ET

Apple Will Launch New iPhone on September 9

The tech industry expects that Apple’s next iPhone with a larger screen will be unveiled in two weeks. The company confirmed the date of its highly anticipated iPhone 6 launch event by sending out invitations featuring a close-up image of the top of the Apple logo saying “Wish we could say more”.

The event will take place in the Flint Centre in Cupertino. The company is expected to reveal a new larger smartphone at the event, with a 4.7in screen. The new device is expected to compete with larger phones manufactured by Apple’s rivals Samsung, LG, HTC, Sony and even Microsoft. The rumors are that the company will also announce the launch of another new iPhone with a larger 5.5in screen and wearable.

In addition, the industry expects that the new Apple’s smartphone will have a harder, more scratch-resistant sapphire screen. However, the recent indications from the supply chain suggest that the tech giant may struggle to meet demand for the new screen.

Traditionally, the fall event will also mark the launch of the new iPhone and iPad software, iOS 8. The updated system will include lots of new features focused around flexibility and interaction with Apple’s desktop and laptop machines.

Finally, the company’s new Health application is supposed to capitalize on the increasingly popular “quantified self”, collecting information from various fitness trackers and medical devices into a single application. In this connection, many industry observers expect iPhone 6 to also include expanded fitness tracking and health monitoring capabilities.

In the meantime, the market researches suggest that the iPhone 6 may become the biggest launch in Apple’s history. The matter is that the current demand for the new larger smartphone is expected to be extremely high, with iPhone users upgrading to the larger form factor popularized by Android and Windows Phones.

iPhone is what most of Apple customers are waiting for, but the tech giant is also expected to launch a smartwatch later in 2014. This device is expected to compete with the new raft of Google smartwatches from LG, Samsung, Motorola and others. However, it is unknown for sure whether Apple is going to reveal it during the September event.

Source: ET