Web Security & HTTP
HTTP requests can vary however today I will be specifically on the POST HTTP request.
I have lots of customers who are running CMS for their business, for instance wordpress, and I am monitoring them servers using custom built scripts, not just for the fun of it, but for the fact paying for a control panel with ready made monitoring tool, won’t let me offer my web hosting at the same price.
Some of the customers just hire a web developer on project basis, the developer sets up the website, customize the theme, and forget all about the security and vulnerability he/she left behind.
So I will be showing you one of my day to day roles, whilst I am monitoring a website that got recently hacked and defaced, I was just looking at the methods the hacker(s) Is using, I noticed the majority of them, take advantage of either the wrong files permissions, outdated plugin with XSS vulnerability, weak passwords.
They usually start with using a vulnerability scanner like wpscan one of the newest tricks they do, they try and upload a malicious file to your website that will receive the http requests, these files are usually base64 encoded.
The end user when they have a look on their directory, nothing would look fishy their, except once you suspect the location of a file, for example since I am pretty used to the structure of wordpress, I found a file under the name of load.php under the wp-content directory, I know this file belongs somewhere under wp-includes, so I opened the file and decoded it using this base64 decoder.
Once the file is uploaded the hacker(s) Don’t access your website directly, in face they just put it in one of their servers networks, aka botnets, either to send spam e-mails, or to attack other server with DDOS etc.
So if you have your apache access log open, you’ll notice loads of http requests, post requests, get requests, etc. The post http requests are the ones you need to worry about.
So if you’re a web developer or a hosting provider, and you know for a fact that this website is pretty much static there’s a very simple trick you can do.
This trick is blocking certain http requests, such as post http request 1.0, and we can do this by adding the following line to the .htaccess of your main web directory: