{"id":10147,"date":"2018-10-16T09:16:19","date_gmt":"2018-10-16T09:16:19","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=10147"},"modified":"2020-01-07T06:56:34","modified_gmt":"2020-01-07T06:56:34","slug":"why-protection-from-lfi-and-rfi-attacks-is-also-important","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/","title":{"rendered":"Why Protection From LFI And RFI Attacks Is Also Important?"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/LFI-And-RFI-Attacks-banner-1-1024x536.jpg\" alt=\"\" class=\"wp-image-10316\" srcset=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/LFI-And-RFI-Attacks-banner-1-1024x536.jpg 1024w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/LFI-And-RFI-Attacks-banner-1-150x79.jpg 150w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/LFI-And-RFI-Attacks-banner-1-300x157.jpg 300w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/LFI-And-RFI-Attacks-banner-1-660x345.jpg 660w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/LFI-And-RFI-Attacks-banner-1.jpg 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><p style=\"text-align: justify;\">This is an era where you have to be more thoughtful about every \nsingle attack: be it a second or a minute. But we often pay attention to\n the bigger attacks and ignore the simplest and less vulnerable attacks.\n Even if they don\u2019t get publicity in the headlines, they are still very \ndisastrous. LFI (Local File Execution) and RFI (Remote File Execution) \nattacks are such threats. They are quite similar to the treacherous and \nnotorious XSS attacks because they use the same formula: Code Injection \ntechnique. LFI and RFI attacks are less sophisticated and therefore, are\n easily controllable. Although, if the security brigade doesn\u2019t take it \nseriously then that can prove quite evil. More than 23% of people \nwitnessed web application attacks were LFI and RFI attacks.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#What_is_the_solution_to_your_problem\" >What is the solution to your problem?<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#Knowing_LFI_and_RFI_attacks\" >Knowing LFI and RFI attacks:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#Check_out_few_notorious_happenings_of_RFI_and_LFI_attacks\" >Check out few notorious happenings of RFI and LFI attacks:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#How_can_you_alleviate_the_number_of_LFI_and_RFI_attacks\" >How can you alleviate the number of LFI and RFI attacks?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#Following_preventive_measures_can_ensure_that_your_site_stays_safe\" >Following preventive measures can ensure that your site stays safe :<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#Using_vulnerability_scanners\" >Using vulnerability scanners:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#Using_WAF_Web_Application_Firewalls\" >Using WAF (Web Application Firewalls):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/#Fixing_the_code_of_your_website\" >Fixing the code of your website:<\/a><\/li><\/ul><\/nav><\/div>\n<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_the_solution_to_your_problem\"><\/span><strong>What is the solution to your problem?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\"><strong>Vulnerability scanners<\/strong>\n are great tools which can help you stay safe from various kinds of \nattacks, by scanning, detecting, preventing, and fighting for those \nattacks ( if such incidents happen). <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>ESDS VTMScan<\/strong><\/a> is a great scanner which \ncan help you in detecting these problems.<\/p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Knowing_LFI_and_RFI_attacks\"><\/span><strong>Knowing LFI and RFI attacks:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p><p style=\"text-align: justify;\">RFI (Remote File Inclusion), the name suggests that it for the file \nwhich is at a remote distance. So, RFI is a technique where the attacker\n can install a script i.e., a piece of code in a file of a remote \nserver. The websites running on PHP have more vulnerability of RFI \nattacks because of the PHP functions called \u2018require\u2019 and \u2018include\u2019. \nThese functions allow insertion of additional files in the main code. If\n the inputs from the user aren\u2019t properly validated, then the hackers \ncan exploit this vulnerable opportunity.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">There are more than 70% of the websites running on PHP which creates \nan ocean of opportunities for the hackers. A final outcome of an RFI \nattack can be either arbitrally running a malicious code or exhibiting \nthe contents of your file. It is the responsibility of every security \nanalyst to keep this attack on a check but sadly, it is ignored.<\/p><\/p>\n\n\n\n<p>Now, consider LFI (Local File Inclusion) attack. It is quite a \nduplicate of the RFI attack. By the name, you may have got that the term\n \u2018local\u2019 over here suggests the targeted and attacked files are on the \nlocal server. The hacker doesn\u2019t have to search for remote files, \ninstead, he prefers the files on the current server to execute his evil \nplans via malicious codes. LFI attacks are easy to do as all you need is\n a web browser. Further, LFI can easily turn into RFI attack merely by \nadding a file having attacker-set instructions on the remote server.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\"><em>Does your website has faced and LFI or RFI attack? Do you worry about the protection of your website? Leave us a message on <\/em><strong><em>our site.<\/em><\/strong><\/p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Check_out_few_notorious_happenings_of_RFI_and_LFI_attacks\"><\/span><strong>Check out few notorious happenings of RFI and LFI attacks:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p><p style=\"text-align: justify;\">LFI vulnerability of a WordPress add-on, TimThumb caused 1.2 million \nwebsites to be down. LulzSec attacked their targets with the help of RFI\n bots. More than 85% of PHP websites have version 5.2 or higher which \nallows hackers to step-in easily. They prefer LFI attacks on those \nwebsites which have PHP version over 5.2, therefore, LFI attacks are \nthree times more popular than RFI attacks. The value of the \n\u2018allow_url_include\u2019 parameter can be either \u2018on\u2019 or \u2018off\u2019. The default \nvalue of the parameter is \u2018off\u2019, and due to this, the sites have become \nLFI attack vulnerable which were previously RFI attack prone.<\/p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_can_you_alleviate_the_number_of_LFI_and_RFI_attacks\"><\/span><strong>How can you alleviate the number of LFI and RFI attacks?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Following_preventive_measures_can_ensure_that_your_site_stays_safe\"><\/span><strong>Following preventive measures can ensure that your site stays safe :<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using_vulnerability_scanners\"><\/span>Using vulnerability scanners:<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">The scanners use a technique called \u2018dorking\u2019 which has the search \nhints from Google suggesting potential vulnerability. Further, it helps \nin identifying the vulnerabilities and then eliminating the malicious \ntraces from infected web applications. The scanner is a tool which \nregularly scans for potential threats, identifies it, prevents them from\n occurring, and if they still occur then it combats it.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using_WAF_Web_Application_Firewalls\"><\/span>Using WAF (Web Application Firewalls):<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">These firewalls are expert in blacklisting the URLs which are harmful\n and blocking the hackers. It makes the application zero-day vulnerable.\n A <strong>WAF<\/strong> can detect \nattacks together with a pre-configured database of attack formats and \napplication layer information. It can also recognize the access patterns\n used by automated tools. Further, WAF creates and sends out the list of\n blacklisted\/spam hosts which tried to attack you and it blocks future \nattackers.<\/p><p style=\"text-align: justify;\">\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Fixing_the_code_of_your_website\"><\/span>Fixing the code of your website:<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">The developers and programmers should take measures while writing the\n code to prevent RFI and LFI attacks. You must tell your developers to \nreview the code.<\/p><\/p>\n\n\n\n<p>For more information, visit: <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>ESDS VTMScan<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is an era where you have to be more thoughtful about every single attack: be it a second or a minute. But we often pay attention to the bigger attacks and ignore the simplest and less vulnerable attacks. Even if they don\u2019t get publicity in the headlines, they are still very disastrous. LFI (Local&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/www.esds.co.in\/blog\/why-protection-from-lfi-and-rfi-attacks-is-also-important\/\" class=\"gdlr-button small excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":81,"featured_media":10316,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1271],"tags":[1920,1906,1970,1954,1971,1957,1907,1972,1914,1916,1943,1909,1951,1952,1195],"class_list":["post-10147","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-advantages-of-online-virus-scanners","tag-audit-your-web-security","tag-automated-audit","tag-banner-grabbing","tag-cms-scan","tag-content-change-monitoring-scan","tag-cyber-attacks","tag-database-malware","tag-esds-vtmscan","tag-esds-vtmscan-virus-scanner","tag-esds-vtmscan-vulnerability-scanner","tag-features-of-mtvscan","tag-lfi","tag-rfi","tag-website-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/81"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=10147"}],"version-history":[{"count":5,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10147\/revisions"}],"predecessor-version":[{"id":11135,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10147\/revisions\/11135"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/10316"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=10147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=10147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=10147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}