This is an era where you have to be more thoughtful about every single attack: be it a second or a minute. But we often pay attention to the bigger attacks and ignore the simplest and less vulnerable attacks. Even if they don’t get publicity in the headlines, they are still very disastrous. LFI (Local File Execution) and RFI (Remote File Execution) attacks are such threats. They are quite similar to the treacherous and notorious XSS attacks because they use the same formula: Code Injection technique. LFI and RFI attacks are less sophisticated and therefore, are easily controllable. Although, if the security brigade doesn’t take it seriously then that can prove quite evil. More than 23% of people witnessed web application attacks were LFI and RFI attacks.
What is the solution to your problem?
Vulnerability scanners are great tools which can help you stay safe from various kinds of attacks, by scanning, detecting, preventing, and fighting for those attacks ( if such incidents happen). ESDS VTMScan is a great scanner which can help you in detecting these problems.
Knowing LFI and RFI attacks:
RFI (Remote File Inclusion), the name suggests that it for the file which is at a remote distance. So, RFI is a technique where the attacker can install a script i.e., a piece of code in a file of a remote server. The websites running on PHP have more vulnerability of RFI attacks because of the PHP functions called ‘require’ and ‘include’. These functions allow insertion of additional files in the main code. If the inputs from the user aren’t properly validated, then the hackers can exploit this vulnerable opportunity.
There are more than 70% of the websites running on PHP which creates an ocean of opportunities for the hackers. A final outcome of an RFI attack can be either arbitrally running a malicious code or exhibiting the contents of your file. It is the responsibility of every security analyst to keep this attack on a check but sadly, it is ignored.
Now, consider LFI (Local File Inclusion) attack. It is quite a duplicate of the RFI attack. By the name, you may have got that the term ‘local’ over here suggests the targeted and attacked files are on the local server. The hacker doesn’t have to search for remote files, instead, he prefers the files on the current server to execute his evil plans via malicious codes. LFI attacks are easy to do as all you need is a web browser. Further, LFI can easily turn into RFI attack merely by adding a file having attacker-set instructions on the remote server.
Does your website has faced and LFI or RFI attack? Do you worry about the protection of your website? Leave us a message on our site.
Check out few notorious happenings of RFI and LFI attacks:
LFI vulnerability of a WordPress add-on, TimThumb caused 1.2 million websites to be down. LulzSec attacked their targets with the help of RFI bots. More than 85% of PHP websites have version 5.2 or higher which allows hackers to step-in easily. They prefer LFI attacks on those websites which have PHP version over 5.2, therefore, LFI attacks are three times more popular than RFI attacks. The value of the ‘allow_url_include’ parameter can be either ‘on’ or ‘off’. The default value of the parameter is ‘off’, and due to this, the sites have become LFI attack vulnerable which were previously RFI attack prone.
How can you alleviate the number of LFI and RFI attacks?
Following preventive measures can ensure that your site stays safe :
Using vulnerability scanners:
The scanners use a technique called ‘dorking’ which has the search hints from Google suggesting potential vulnerability. Further, it helps in identifying the vulnerabilities and then eliminating the malicious traces from infected web applications. The scanner is a tool which regularly scans for potential threats, identifies it, prevents them from occurring, and if they still occur then it combats it.
Using WAF (Web Application Firewalls):
These firewalls are expert in blacklisting the URLs which are harmful and blocking the hackers. It makes the application zero-day vulnerable. A WAF can detect attacks together with a pre-configured database of attack formats and application layer information. It can also recognize the access patterns used by automated tools. Further, WAF creates and sends out the list of blacklisted/spam hosts which tried to attack you and it blocks future attackers.
Fixing the code of your website:
The developers and programmers should take measures while writing the code to prevent RFI and LFI attacks. You must tell your developers to review the code.
For more information, visit: ESDS VTMScan