About the vulnerability

Contact Form 7 is a famous WordPress plugin that helps users to create different contact forms on the website. The plugin has a very big user base and having almost over 5 million active installations. So, any vulnerability to such a popular plugin will cause serious security issues to a big number of websites.

Recently there was a report related to this plugin where some security researchers were able to exploit its vulnerability which allowed them to files of any type, bypassing all restrictions set to allow the type of upload-able file types on a website. Also, it allows web shell injections which create it more dangerous and threatening to the website security.

How cPGuard handles the problem?

Immediately after the vulnerability is announced, our WAF team has started investigating it and released a WAF update to protect our user’s websites from the vulnerability. So far cPGuard WAF has the following set of protections against the particular vulnerability.

• We have an explicit WAF rule which prevents exploiting the particular vulnerability
• Our existing WAF rules will prevent uploading PHP files
• Our existing WAF rules will prevent accessing PHP files from the target location.
• Our scanner engine can report about the  file uploads/injections 

Do I still need to worry?

Our WAF and scanner engine are powerful enough to block such targeted and generic types of web exploits. Even though cPGuard provides security measures for this problem, we still encourage you to advise your users to upgrade the Contact Form 7 plugin to the latest version, 5.3.2.

If you need any additional details, please  contact our support team.

One of the frequent questions that we are receiving recently is, how efficient the scanner is, and what can be the option to do something similar to the Rapid scan offered by another solution. To answer this question we have to explain how the total scanning system works automatically or manually and the total workflow is much faster and efficient compared to any other competing solution.

The scanner levels

In cPGuard, we scan each new/updated files in multiple levels which helps to process the files in various ways, multiple times with the most recent virus signatures, and efficiently process them with very less load. Each of the layers is explained below.

1. HTTP Upload Scanner:- If you have WAF integration enabled, this is the first level of scanning if the file is uploaded/updated via the Web. This scanner will immediately deny file upload if it contains malicious code and notifies the customer. You can find the related log in Web Server ModSec log or under WAF logs in cPGuard WAF.

2. Automatic Scanner:- If you have Virus Scanner enabled under Settings >> Scanner, this will trigger. So this is the background scanner where it keeps track of all uploaded/modified files and scans them.

3. Daily Scanner:- If you have Dialy Scanning enabled from Settings >> Additional Settings, Daily files scanning will trigger every day. This option will scan all files uploaded/updated in the last 24 hours.

4. Weekly Scanner:- If you have Weekly Scanning enabled from Settings >> Additional Settings, Weekly files scanning will trigger every Sunday. This option will scan all files uploaded/updated in the last 7 days.

So how the incremental scanning work?

Like the different scanner level explained above, each layer works differently. So once you have cPGuard installed and configured on your server

• Run ALL manual scan which will scan all Web Files on your server and take actions on them
• Enable Daily Scan
• Enable Weekly Scan
• Make sure that WAF integration is enabled and works fine

So the above steps make sure that your server will be free from all known virus files. In addition to the scanner layers, our WAF rules are powerful enough to stop uploading/exploiting vulnerable files and add an extra layer of security.

Is the incremental scan really fast? 

Yes, it really works fast and efficiently than any other competing solution. Based on the analysis from multiple servers, it took less than a few minutes to complete daily scanning for 200GB web data and that too without any high load on the server. You can see how many files it scanned and how much time it took for each scan.

Is it possible to schedule Daily and Weekly Scans?

Yes, if you prefer to run the scheduled scans at any particular time you can do it easily. To do it

• Disable Daily and Weekly scanners from Additional Settings
• Use the cpgcli CLI utility to schedule Daily and Weekly scans at your preferred time.

More questions?

We are always happy to hear from you…if you need any more clarifications please reach our Support desk.

What are the new features in recent cPGuard versions?

At OpsShield, our engineers are always keen to hear the feedback from our customers, read each of them carefully and make amendments to the software to make it useful and user-friendly. So in each versions, we try to add at least one of the requested features along with the other updates and bug fixes. So in recent cPGuard versions, we have added few such options which you might not have noticed yet. 

1. User-defined Captcha protected URLs

We have introduced our recent Captcha protection techniques a couple of months back, which will handle the Captcha requests in our cloud . This is one of the best and effective mechanisms out there and it will take out the load to handle attackers out of your server. This method can stop majority of the attacks against your server and reduce server load in a great scale.  We used to protect a set of pre-defined URLs like WordPress login page, Joomla login page, etc which get most of the attacks. But to make it flexible and to protect other web apps and URLs, we now make this list user-defined. So the user can now decide which all URLs should be protected using Captcha and it is the unique feature that is available to protect your web apps. You can simply add the  new URL from Settings >> WAF of cPGuard UI.

2. Weekly Scanner

We have added a weekly scanner recently, which will scan all files which are updated in past 7 days. This will ensure that all files will scan again using the updated rules set and thus can eliminate many bad files from the server. The scanner is designed to consume very few resources and finish in a short time span. This is also an optional feature, where users can opt to disable this from Additional Settings page, though we recommend to keep it enabled

3. Revamped License Checking 

One of the often complaints that we receive from our clients was about the license status. It failed to detect the license status some times because the license system was  located in central Europe and some clients had connections issues to the resource. So to fix it, we have migrated our licensing system to AWS and distributed the checks through their worldwide network. So now the license check can be done from any location without any failure

4. Command Line Utility

This is one of the other feature requests that we received in past…a clean and simple tool to manage settings from the command line. So that is available now…you can refer our KB  to know more about this tool and various command-line options it has. This is  a very useful tool for people who wish to change settings quickly and on multiple numbers of servers using some automation.

5. Enhanced daily reports

We have changed the daily report formatting and style to a modern way, in which a user will get all activities with a graphical representation. It is good enough to understand the whole attack statistics happened on the server.

The features are not limited to the above but you can find all the details about each version update in our changelog. Also if you wish to add any specific features into cPGuard, please feel free to contact us and we will see what we can do with it. 

As of 2020, the majority of internet traffic comes from automated sources such as hacking tools, spammers, impersonators and bots. Keeping your website safe and secure from hackers is a constant process. The more you neglect the security of your website, the more likely your website and business will suffer. We, humans, look at its easy way to get things done, therefore the majority of the websites are built through CMS.

A content management system(CMS) is application software that helps users create, manage and modify content on a website without the need for particular technical ability. Imagine starting a podcast of your own or setting up a website that can easily manage your content and the context.

WordPress, Drupal, Magento and Joomla are some of the most popular content management systems used. The four open-source CMS’s I mentioned are software source code that anyone can test, modify and improve.

Open-source software is like two sides of the coin. On the one side, open-source software allows people the option to match their specific needs and preferences, and everyone can see what this is doing behind the scenes. On the other side, people with bad intentions can study and search for publicly available source code until they find a bug, weakness, defect, or feature for abusing activities.

When using a CMS, you need to keep an eye out for updates, especially the ones that are popular. Apply them according to your sense of duty, and be sure to do it quickly if the updates are intended to fix a published vulnerability. Website hijackers will make sure they are aware of the latest vulnerabilities and will follow any non-patched site.

In 2019 alone, more than 20 million CMS users have experienced security breaches. About 79.6% of well-known websites managed using WordPress, the most widely used CMS, contain vulnerabilities that can be exploited by standard attacks.

Here I am going to provide you with some mastery, to keep your website safe and protected.

Ways to tighten your CMS website security

Enable Two Factor Authentication
This is a great way to protect your website accounts. In addition to providing a password to your account, you will also need to provide an additional code that you will need to create with a personal device.

Restrict the number of login attempts
Controlling the number of login attempts will eliminate brutal force, as well as reduce the risk of hackers and bots gaining access to the system.

Install verified plugins, themes and extensions 
Before installing any web-components(plugins, themes etc..) to your website, think about what the downfalls of the web-components are versus the benefits. Only download web-components from well-rated developers in the community to avoid the risk of malware. Check for updates on the web-components authoritative websites and see how long ago the developer has patched any security issues.

Use a Firewall/WAF
The server hosting your website uses the rest of the untrusted internet to connect to your online files. Going unsafe will led to the website allows to potential viruses. So it’s important to use a firewall on the hosting server. The firewall acts as an additional layer of security to prevent this kind of harm and is useful for tracking suspicious activity

Keep website up-to-date
The CMS website and all web-content related to the websites need to be updated at regular intervals whenever an update is available. Developers often come up with solutions and upgrades that include new security solutions that ensure the website stays away from abusing/phishing etc…

Install an SSL Certificate
Add SSL certificate to enhance the website’s security layers, the SSL certificate is a bit code on the server that provides security between online communications. When a web browser server connects to a secure website, the SSL certificate establishes an encrypted connection.

Monitor your website
If someone injects malicious code into your website, it may interfere with your website’s downtime. However, website monitoring can quickly get you to this problem. It notifies webmasters via text and email at regular intervals.

Scan your local PC
Always, recommended scanning your local computer on a regular basis. Since you are connecting your website back-end from your local PC for activities download the files online or install the executable files, which may seem reliable but come with viruses. Some people can steal your website’s logins and inject malicious files into your website. It is important to perform an in-depth scan of your machine regularly with powerful and reputable antivirus software.

Change your passwords
Increase password strength by changing passwords frequently with special characters and other unique sequences. Changing passwords often oppose details that a hacker might record. Changing passwords means that even if a person has access to your account, they won’t be able to keep track of it for long. Therefore, it is best to change passwords once a week to make your website safer.

How cPGuard can help to protect CMS on your shared servers?

1. cPGuard automatic scanner will scan all the files under each account and thus prevents installing any bad code into the website
2. The WAF module protects the websites from all generic and known web exploits
3. The domain reputation monitoring will help to make sure that there is no harmful contents in your website
4. The brute-force and Captcha modules will stop brute-force attacks against the websites
5. Promptly alert the end-user about the latest attacks through the control panel end-user UI so that they can take proactive actions
…

Please check https://www.opsshield.com/cpguard-features/ for more details or contact our team to know more…

From the release to the latest version, we have released more features out for making the customers to reduce their time for hardening their server security.

The most adorable feature of cPGuard is lightweight as a feather, as you know when feathers grow, they mature into powerful branches of the server. Usually, a security plugin consumes more resources which will cause more problems for the other service running on the server and the admin should need to kill the process manually and start the service again, which will make them more time to work on. Another issue will be the disk usage consumption for the logs created by the plugin and this needs to be cleared out or cropped out in certain intervals. In the case of cPGuard, we have made an efficient algorithm to reduce all these concerns.

The other advantages of using cPGuard which save admin time are below.

• User Friendly

Simple and Powerful Interface, Easily view all the information and make informed decisions and take fast action from our detailed reports. We have both the admin level and end-user level UI using which you can get all information about your account and run a manual scan on demand

• Less Spamming

Eliminate up to 90% of incoming spam emails using SRBL, which is a clever RBL based system to reduce emails from known spam sources.

• Low load spikes on the server

Prevents large scale attacks using Real-time Intrusion protection and reCAPTCHA protection made with Mod-security plus cPGuard WAF. Our Captcha based brute-force protection is one of the unique solutions in the market and stops 99.99% of such attacks.

• Less hacked websites

We constantly update our scanner engine and rules to catch all latest threats, Our WAF is quite powerful to catch all generic attacks which makes your websites less vulnerable to common attacks. Also the cloud-based Auto Clean system which will automatically send infected files to our cloud-based analysis engine and push a cleaned file back to the server.

• Less resource

Our powerful smart analytics are carefully designed to have the least consumption on your server performance.

• Fewer User Complaints

Fewer bugs with continuous integration and works seamlessly with the server environment.

Our engineers are working more on the cPGuard core to develop more security features for tightening the security on the servers.

The most compelling part is customer satisfaction; 99% of our customers are happy with our product/service and we have fewer user complaints. We listen, understand, and learn their situation to resolve their server related security issues. So all our customers have a better experience with our services.

• You have some suggestions to improve cPGuard?

Sure we love to talk to you, get your feedback, and act on it. You can contact our support team any time and we will handle each of the feedback that we receive seriously.