WE HAVE MANY SUPPORT OPTIONS

3Get our response in 2 hours or less.

You can also email us at info @ intelliplans .com // Need Remote Support? Windows or Mac

WE'RE AVAILABLE 24/7

Sales: 800.229.0674
24/7 Phone Support: 850.549.2282 | 480.624.2500
Customer Service | Contact Form | Email

50,000 sites hacked through WordPress plug-in vulnerability

50,000 sites hacked through WordPress plug-in vulnerability

A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.

The security flaw is located in MailPoet Newsletters, previously known as wysija-newsletters, and was fixed in version 2.6.7 of the plug-in released on July 1. If left unpatched, it allows attackers to upload arbitrary PHP files on the Web server and take control of the site.

MailPoet Newsletters has been downloaded almost 2 million times from the official WordPress plug-in repository to date.

Several days ago researchers from Web security firm Sucuri spotted an automated attack that injected a PHP backdoor file into many WordPress sites. A deeper analysis revealed that the attack exploited the MailPoet file upload vulnerability patched at the beginning of the month.

“The backdoor is very nasty and creates an admin user called 1001001,” the Sucuri security researchers said Wednesday in a blog post. “It also injects a backdoor code to all theme/core files. The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place.”

The Sucuri free website scanner, which people use voluntarily, detects a few thousand sites compromised by this attack every day, according to Daniel Cid, chief technology officer at Sucuri. However, Sucuri estimates that up to 50,000 sites were infected so far, he said Thursday via email.

Some sites that didn’t have MailPoet installed or were not even using WordPress were also compromised, because of what Cid calls cross-contamination. If one Web hosting account has a WordPress site vulnerable to this attack, the PHP backdoor uploaded through it can infect all sites hosted under that same account.

“On most shared hosting companies—GoDaddy, Bluehost, etc.—one account can not access files from another account, so the cross-contamination would be restricted to sites within the same account,” Cid said. However, in other cases, “if the server is not properly configured, which is not uncommon, then [the infection] can spread to all sites and accounts on the same server.”

The injection script used in the initial attack had a bug that damaged legitimate site files, resulting in obvious errors. That’s no longer the case, as attackers fixed their code and the latest variation of the malware no longer breaks websites, Cid said.

In order to protect their WordPress websites from this attack, administrators should update the MailPoet plug-in to the latest version, which at this time is 2.6.9. Version 2.6.8 of the plug-in, released on July 4, addressed an additional security issue.

Continue reading
Rate this blog entry:
2177 Hits
0 Comments

Free Joomla Templates, eh?

Free Joomla Templates, eh?

Malicious templates

Published on Sunday, 11 May 2014 18:52
There are numerous sites advertising free templates but you have to watch out. File sharing sites are the most common place to get a free template or from a friend if you read the joomla forums.
Nowadays more and more unsavoury distributors of templates have come on the scene trying to cash in on joomla success and catch unwary users.

Several companies in the past have been known to just put hard coded links into their files. Eg Themza whose method was to call an encoded gif{menu_col.gif} file to place a spam link in the menu and also in the footer. a sample of the code
A big discussion on themza is at http://forum.joomla.org/viewtopic.php?p=1827027 They also do not state they are gpl as they have restrictions on you altering their code.

A newer trick is

to place a piece of code into a file and mark it, for those interested to look, as a security check

/*security feature START*/ if ($this->countModules("left") && $this->countModules("right")) {$compwidth="60";} else if ($this->countModules("left") && !$this->countModules("right")) rpub \'Nhgube yvax zhfg erznva vagnpg.\';qvr;}}purpx_sbbgre();'));function artxReplaceButtons($content){$re = artxReplaceButtonsRegex();} /*security feature END*/ ?>

I have jumbled the coded letters to prevent linking. or even clearer but strangely in the same file from joomlathemes.co aka joomlatemplates.me

$host = substr(hexdec(md5($_SERVER['HTTP_HOST'])),0,1); $url1 = "http://malicious.me/3.1"; $text1 = array("Simple Joomla Templates","Best Joomla Template","Joomla Blog Template","Joomla Tema", "Free Joomla Template","Gratis Joomla","Plantillas Joomla","Customize Joomla Template","Joomla шаблоны", "Download Joomla Templates"); $url2 = "http://spam.com/ipage-review/"; $text2 = array("iPage Reviews","iPage Hosting","iPage Coupon","iPage Complaints", "iPage Review","iPage Hosting Review","iPage","iPage.com","User Reviews iPage", "iPage Reviews"); echo "".$text1[$host]." by ".$text2[$host]."";

This varies in its method by using an array to randomly change the bait text. Here is another interesting case for a template provider advertising wordpress templates on a joomla template.

div id="hdd">Templates Joomla 1.7 by Wordpress themes free

Since these practices came to light and people started avoiding them, it has become more common to use various different names that all lead to the same sites. freshjoomlatemplates aka qualityjoomlatemplates aka joomlaskins aka livedemos.net or joomlathemes .co aka joomlatemplates. me

It has been stated that these download sites are not "malicious" just "link spamming" template providers. Most of these sites provide legitimate free templates from other developers repackaged with the 'dodgy' code inside. It is up to you, the user to decide to use them or not.

Credits: http://vel.joomla.org/articles/1250-malicious-templates.html

Continue reading
Rate this blog entry:
6210 Hits
1 Comment

2012 Internet Statistics

There is so much happening on the Internet during a year that it’s impossible to capture it all in a blog post, but we’re going to give it a shot anyway. How many emails were sent during 2012? How many domains are there? What’s the most popular web browser? How many Internet users are there? These are some of the questions we’ll answer for you.

To bring you these answers, we’ve gone to the ends of the web – wherever that is – and back again, and compiled a list of truly fascinating facts about the year that was. Some of the numbers are snapshots taken during the year, others cover the entire period. Either way, they all contribute to giving us a better understanding of Internet in 2012. Enjoy!

Email

  • 2.2 billion – Number of email users worldwide.
  • 144 billion – Total email traffic per day worldwide.
  • 61% – Share of emails that were considered non-essential.
  • 4.3 billion – Number of email clients worldwide in 2012.
  • 35.6% – Usage share of the most popular email client, which was Mail for iOS.
  • 425 million – Number of active Gmail users globally, making it the leading email provider worldwide.
  • 68.8% – Percentage of all email traffic that was spam.
  • 50.76% – Percentage of all spam that was about pharmaceuticals, the top category of all spam.
  • 0.22% – Share of worldwide emails that comprised some form of phishing attack.

Web pages, websites, and web hosting

  • 634 million – Number of websites (December).
  • 51 million – Number of websites added during the year.
  • 43% – Share of the top 1 million websites that are hosted in the U.S.
  • 48% – Share of the the top 100 blogs that run WordPress.
  • 75% – Share of the top 10,000 websites that are served by open source software.
  • 87.8 million – Number of Tumblr blogs.
  • 17.8 billion – Number of page views for Tumblr.
  • 59.4 million – Number of WordPress sites around the world.
  • 3.5 billion – Number of webpages run by WordPress viewed each month.
  • 37 billion –  Number of pageviews for Reddit.com in 2012.
  • 35% – The average web page became this much larger during 2012.
  • 4% – The average web page became this much slower to load during 2012.
  • 191 million – Number of visitors to Google Sites, the number 1 web property in the U.S. in November.
Continue reading
Rate this blog entry:
10413 Hits
0 Comments

2011 Internet Statistics

So what happened with the Internet in 2011? How many email accounts were there in the world in 2011? How many websites? How much did the most expensive domain name cost? How many photos were hosted on Facebook? How many videos were viewed to YouTube?

We’ve got answers to these questions and many more. A veritable smorgasbord of numbers, statistics and data lies in front of you. Using a variety of sources we’ve compiled what we think are some of the more interesting numbers that describe the Internet in 2011.

Email

  • 3.146 billion – Number of email accounts worldwide.
  • 27.6% – Microsoft Outlook was the most popular email client.
  • 19% – Percentage of spam emails delivered to corporate email inboxes despite spam filters.
  • 112 – Number of emails sent and received per day by the average corporate user.
  • 71% – Percentage of worldwide email traffic that was spam (November 2011).
  • 360 million – Total number of Hotmail users (largest email service in the world).
  • $44.25 – The estimated return on $1 invested in email marketing in 2011.
  • 40 – Years since the first email was sent, in 1971.
  • 0.39% – Percentage of email that was malicious (November 2011).

Websites

  • 555 million – Number of websites (December 2011).
  • 300 million – Added websites in 2011.
Continue reading
Rate this blog entry:
2241 Hits
0 Comments

Which CMS to Choose: Drupal, Joomla or Wordpress?

WordPress, Joomla and Drupal are the three most popular content management systems (CMS) online.

All three are open source and built on PHP + MySQL. All three vary significantly in terms of features, capability, flexibility and ease of use. Below, we’ll take a look at some of the advantages and disadvantages of each of these CMS solutions:

Drupal: Pros and Cons

Drupal is the granddaddy of CMS systems on this list – it was first released in early 2001. Like WordPress and Joomla, Drupal too is open-source and based on PHP-MySQL. Drupal is extremely powerful and developer-friendly, which has made it a popular choice for feature rich, data-intensive websites like Whitehouse.gov and Data.gov.uk.

Let’s consider a few pros and cons of Drupal:

Advantages of Drupal

  • Extremely Flexible: Want a simple blog with a static front page? Drupal can handle that. Want a powerful backend that can support hundreds of thousands of pages and millions of users every month? Sure, Drupal can do that as well. The software is powerful and flexible – little wonder why it’s a favorite among developers.
  • Developer Friendly: The basic Drupal installation is fairly bare-bones. Developers are encouraged to create their own solutions. While this doesn’t make it very friendly for lay users, it promises a range of possibilities for developers.
  • Strong SEO Capabilities: Drupal was designed from the ground-up to be search engine friendly.
  • Enterprise Friendly: Strong version control and ACL capabilities make Drupal the CMS of choice for enterprise customers. The software can also handle hundreds of thousands of pages of content with ease.
  • Stability: Drupal scales effortlessly and is stable even when serving thousands of users simultaneously.

Disadvantages of Drupal

  • Steep Learning Curve: Moving from WordPress to Drupal can feel like walking from your car into a Boeing 747 cockpit – everything is just so complicated! Unless you have strong coding capabilities and like to read tons of technical papers, you’ll find Drupal extremely difficult to use for regular use.
  • Lack of Free Plugins: Plugins in Drupal are called ‘modules’. Because of its enterprise-first roots, most good modules are not free.
  • Lack of Themes: A barebones Drupal installation looks like a desert after a drought. The lack of themes doesn’t make things any better. You will have to find a good designer if you want your website to look anything other than a sad relic from 2002 when using Drupal.

Recommended Use

Drupal is a full-fledged, enterprise grade CMS. It’s recommended for large projects where stability, scalability and power are prioritized over ease of use and aesthetics.

Continue reading
Rate this blog entry:
1012820 Hits
0 Comments
TOP