Web attacks in November 2018


The first step in a web attack begins with mass-scanning the web for vulnerable applications and/or servers. When unpatched software is identified, an attempt is made to exploit the vulnerability. Any vulnerability in the web application, database, operating system or in the network will lead to an attack on the web server.

Successful exploitation could lead to information disclosure, denial-of-service conditions or achieve arbitrary code execution with the privileges of the server.

SonicWall Threat Research Lab has observed attempts to exploit unpatched vulnerabilities on the web.  Find below the software list that were most attacked in November 2018.

phpMyAdmin is a free software tool written in PHP, which helps users to perform the administration task on MySQL and MariaDB over the Web user interface. phpMyAdmin supports a wide range of operations like managing databases, tables, columns, relations, indexes, users, and permissions via the Web user interface.

Apache Struts2:
Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller architecture

Apache Tomcat, often referred to as Tomcat Server, is an open-source Java Servlet Container developed by the Apache Software Foundation. Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket, and provides a “pure Java” HTTP web server environment in which Java code can run.

JBoss Enterprise Application Platform (EAP) is an application server written in Java, which implements the Java Platform, Enterprise Edition (Java EE) specification.

Oracle WebLogic:
Oracle WebLogic Server is an enterprise-class multi-tier Java Application Server platform. WebLogic is typically used as a platform for large enterprise web applications. The components of the WebLogic Platform include an Application Server, Portal, Application Integration service and HTTP web server.

Internet Information Server (IIS) :
The Internet Information Server (IIS) is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server service that is capable of serving static, as well as dynamic content.

WordPress is a free and open-source content management system based on PHP and MySQL. Features include a plugin architecture and a template system.

How to mitigate?

1. Use latest software and apply security patches whenever they are available
2. Do not use default credentials
3. Do not use default configuration
4. Turn off all unnecessary features by default
4. Secure configuration files

How to configure SonicWall Web Application Firewall (WAF) to protect against a whole suite of web attacks such as Cross-site scripting, SQL Injection, OS Command Injection, and many more:
How to configure SonicWall firewall to prevent brute force attacks:
How to block Denial of Service attacks using Intrusion Prevention:
How to protect SQL servers from Injection attacks:


Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.