Last Updated: 2015-09-14 11:55:12 UTC
by Xavier Mertens (Version: 1)
This morning, I had a quick look at my web server log file and searched for malicious activity. Attacks like brute-force generate a lot of entries and thus can be easily detected. Other scanners are working below the radar and search for very specific vulnerabilities. In this case, a single request is often sent to the server and generate a simple 404 error without triggering any alert. My blog being based on the Wordpress CMS, I searched for non HTTP/200 hits for plugins URLs ("/wp-content/plugins/")
CMS or “Content Management Systems” became vey popular today. It's easy to deploy a WordPress, Drupal or Joomla on top of a UNIX server. They exist also shared platforms which offer you some online space. If a CMS is delivered with standard options, it is easy for the owner to customize or to tune it.. just like cars. Modern CMS offer a way to extend the features or the look’n’feel via plugins (or add-ons or extensions).