XSS attacks (Cross Site Scripting) can provide hackers access to your website content and database and they can take everything down, which took you years to build. Hackers are on the lookout for Cross Site Scripting (XSS) vulnerabilities in YOUR web applications. Shopping carts, forms, login pages, dynamic content are easy targets. Here are some tools to auto find and fix vulnerabilities and malicious (hidden) iframe code in your website.

{ read more }

railsXSS Vulnerability can result in a hacked website. Two vulnerabilities have been identified in Ruby on Rails, which could be exploited by attackers and hackers to disclose sensitive information and threat to websites. The first issue is caused by input validation errors when processing unicode characters, which could be exploited by hackers to cause arbitrary scripting code to be executed by the user’s browser in the security context of an affected site.

{ read more }


Recently Kaspersky, Bit-defender, Face book websites were attacked via XSS and SQL Injections and their databases were exposed. Screen shots about their vulnerability and database tables were posted over internet.

Kaspersky is one of the leading companies in the security and antivirus market. Their website is down right now (9 feb 09, 6:42 pm) as I checked it, which was hacked recently. They are in maintenance mode. It seems as though they are not able to secure their own data bases. The companies who claim to secure our computers are not secure themselves. Seems incredible but unfortunately, its true. Through SQL injection some hackers were able to expose users, activation codes, lists of bugs, admins, shop and many more tables of their database. This is just a security alert though. No loss to customers and company as I suppose because the team involved is saying that their purpose is to alert the big companies about security measures. They have posted all the names of the tables in database though. Now I suppose we will see the new secure Kaspersky website. I have used myself this antivirus for quite a long time and then I had shifted to another one.

{ read more }

WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. I recommend everyone upgrade to this release. The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

{ read more }

by on September 22nd, 2008

XSS or Cross Site Scripting
Remote Code Execution
SQL Injections

These are same things and methods almost. Lets discuss cross site scripting (XSS) and ways to prevent it.

Cross Site Scripting

Cross-site scripting (XSS) is a type of web security vulnerability typically found in web applications which allow code injection by hackers into the web pages by finding back doors and insecure and carelessly handled code. When they are done, they can execute code at your website and get your database and website private information.

{ read more }

Is your website secure? XSS attacks (Cross Site Scripting) provides hackers access to your website content and database. If web applications are not secure, then your entire database of sensitive information is at serious risk. Hackers are on the lookout for Cross Site Scripting (XSS) vulnerabilities in YOUR web applications. Shopping carts, forms, login pages, dynamic content are easy targets. Beat them to it and scan your web applications with Acunetix Web Vulnerability Scanner:

{ read more }

by on September 16th, 2008

Web hosting has been always a tricky question for webmasters. Sometimes you get satisfied with current hosting provider but its all a matter of time. I have experienced a loss recently. Mistakes might be mine also but some hosts do not cooperate enough to secure you but they leave you in critical time. I will not name the host. But I will reveal a critical situation I have been in. My Web hosting account was hacked. Web host suspended away my account and recommended me to move host.

Possible Reasons Involved

  • I was busy and away from my web account
  • I was using old versions of WordPress software
  • I was not aware of critical threat about website vulnerabilities
  • Too much reliance on host
  • Uploading of different open source software at my web host for checking purpose
  • Uploading of unsecured forms

{ read more }