100,000+ WordPress Websites infected By SoakSoak Malware

Leave a Comment

More than 100,000+ WordPress Websites infected By Malware

More than 100,000 WordPress Websites infected By SoakSoak Malware
More than 100,000 WordPress Websites infected By SoakSoak Malware

WordPress is the Best Content Management System (CMS) and number of bloggers and internet marketers uses WordPress CMS for their blog because of its simplicity and awesomeness.

But Recently more than 100,000 WordPress websites/blogs are affected by the SoakSoak Malware. And millions of websites on the internet are currently using WordPress and this Malware can be the great threat.

How to know whether your WordPress websites are infected by SoakSoak Malware ?

Once you are infected with this Malware then you might experience some unexpected redirection to SoakSoack.ru and you will end up downloading malicious files in your computer without your knowledge. 

Google (The Search Engine giant) has added more than 10,000+ WordPress websites to their blacklisted sites to protect the users and that can effect the revenue of the website owners.

What dose SoakSoak Malware do to your WordPress Website/blog ?

SoakSoak Malware do to your WordPress Website/blog


The SoakSoak Malware simply modifies the php file located at wp-includes/template-loader.php and then it will add malicious JavaScript code named "swobject.js"and it will load everytime the user opens your site.

Critical CSRF flaw in Blogger that allows to write posts on any Blog [Fixed]

Leave a Comment

Critical CSRF flaw in Blogger

Critical CSRF flaw in Blogger that allows to write posts on any Blog
Critical CSRF flaw in Blogger that allows to write posts on any Blog 

Blogger is the most famous Blogging platform and almost all the bloggers starts blogging from the blogger platform. But One Egyptian security expert have found the most critical Vulnerability in the Blogger.com!

Egyptian security expert Mazen Gamal Mesbah have Found Cross Site Request Forgery (CSRF) in Publishing the new articles on any blog powered by blogger. All the blogger blogs where vulnerable to this critical CSRF flow.

Checkout GitHub Bug Bounty Program 

By Exploiting this Critical CSRF in Blogger an attacker can publish any type of content on on blog that runs on blogger platform.

The only thing needed to publish a content on any blog is blogger id and its very easy to get blogger id of any blog.

Video Proof of concept of this Critical Blogger Vulnerability




Blogger is owned by the Google and Google have a Bug Bounty Program using which information security researchers can submit the vulnerability and get rewarded by them.

Timeline Of Vulnerability Reported to Google.


2/9/2014 - Vulnerability was found by the information security researcher
2/9/2014 - Got positive response from Google Security team.
3/9/2014 - Critical CSRF on Blogger fixed by the Google Security Team
4/9/2014 - Security Researcher Received $3133.7 reward from Google.

How to Create Password Protected post in WordPress

Leave a Comment
Hey, if you are a blogger having blog on WordPress and if you want to share the content with only selected person then you have to set the password for that post and all you have to do is to share your password with whom you want to share your post! Sounds interesting right ? so, in this article i am going to show you how to create password protected posts (articles) in WordPress.


Follow the simple steps to create password protected posts in WordPress.

1. login into your WordPress blog
2. Go to Posts –> Add New
3.  Now click visibility and change it to password protected.
Create-Password_protected-post in wordpress 4. Now just Hit ok and you have done!


5. Just share the link and the password with those people you want to share your content. If you have any question then feel free to ask!

Google AdSense have started EFT for Indian publishers

Leave a Comment

Hey Indian AdSense publishers, here is the Good news for you! Now you don’t have to wait for more then 15 days to receive your payments of the Google AdSense! Because the Google AdSense have introduced the EFT (Electronic fund transfer) system for the Indian publishers!

 

Google-Adsense-eft-for-indian-users

 

It takes too much long time if you are not living in the mega city like Delhi and all. its still taking more then 15 days and a week for the clearance of the cheque.

 

Now all the Indian publisher will get paid by the EFT i mean you will not receive any Google AdSense cheques now! if you have enabled EFT for your Google AdSense account. You will directly get paid by EFT.

 

I have found one announcement from the AdSense Pro payments you can check it from here. And they have also mentioned that if you want to get this update then apply self-hold to your payments and then we will upgrade the accounts in India with self-hold to the new EFT payment system.

Official website of EC Council Got hacked

Leave a Comment

The Official website of the Council of Electronic Commerce Consultants (EC Council) has been hacked and defaced by the hacker named Eugene Belford.

 

EC Council Got defaced

 

Official website of eccouncil got hacked

He have added one message in the defacement “Owned by certified unethical software security professional”.

 

You might not be aware about the EC Council but its a place where people takes the training  of the CEH and other coerces!  And may be attacker was not satisfied with the EC council training!

 

Site defaced: eccouncil.org

Mirror: zone-h.com/mirror/id/21830813

 

They are still not sure how was the website got hacked!