There has been a sudden increase of attacks on sites that have Code Injection vulnerabilities. Code Injection is a term used when code is injected straight into a program/script from an outside source for execution at some point in time.
These type of vulnerabilities may be many times worse than any other vulnerability, since the security of the website, and possibly of the server, is compromised.
Result of Code Injection:
- An attacker can output the contents of any php file raw to the browser, where he can possibly obtain an sql login/password to your database.
- An attacker can use your website to send out large amounts of spam to various email addresses.
- An attacker can deface your website.
- An attacker can obtain private information.
- An attacker may gain access to the whole server.
- This is why it is important to secure your website, and not leave such vulnerabilities open for attack.
- Check Firewall Settings Regularly.
- Do Windows Updates regularly.
- Avoid unknown programs and software, from unknown publishers.
- Don't open mails from unknown senders or don't open suspicious emails with attachments.
- Upadte your Security Software regularly and do scan with them alleast once in a week.