question on ports

[handsunc]

Hello!

Hi, My son is learning ethical hacking and I setup a test site for him to try and hack into (of course I used the Bulletproof security plugin in it) He claims that he found open ports with this software below on the site and that he could upload a malware payload into the site with Xss cross scripting. I don’t know anything about this, so I wanted to ask you becasue he seems so sure that he could inject malware but does not want to becasue he said it would spread to the entire server. I have felt so confident since using your plugin on the many wordpress sites I manage, I wanted to be able to give him a response to this becasue I really don’t believe these ports could be so vulnerable (he sent me a screenshot of the ports) Thanks so much for your time, if you could help me out with this. Carin

pentest-tools.com/website-vulnerability-scanning/website-scanner

 

[AITpro Admin]

Ports are on the web server itself. So if he found a vulnerable port then that is on the server itself.  BPS protects websites, not web servers.  BPS does not have the capability to protect ports and neither would any frontend web app since that is simply not possible to do.

[handsunc]

That shows how ignorant I am! One more question, have you seen the plugin on appsumo, Hide My Wp Ghost, https://appsumo.com/products/hide-my-wp-ghost/. Supposedly it can make the site look like a drupal or early joomla site, thereby diverting wordpress bot attacks.

Do you think it would be a valuable addition to bulletproof, or just redundant. I value your opinion and thank you!

[AITpro Admin]

I’ve never tested that plugin before, but some people with BPS Pro also use Hide My WP Ghost.  So they are compatible with each other.  Can’t really offer an opinion since I’ve never taken it for a test drive.  Here are the installation instructions > https://forum.ait-pro.com/forums/topic/hide-my-wp-ghost/

[Author]

Posts