Creating basic JavaScript encryption between Frontend and Backend.

Standard

One big problem with JavaScript is that it is very hard for a developer to hide JavaScript code and to create secure data transfer between browser and server. It is always possible for someone to check XHR transfers and this makes data transfer very unsecure.

I had to deal this problem, because I had to develop sweepstakes application , which gave prizes to the user live. To make this happen I had to make secure session exchange between browser and server to synchronize FrontEnd and BackEnd.

Continue reading

Watch out for hidden SPAM on your WordPress site!

Standard

Recently I had a case where my client reported me about suspicious links on his corporate website which was built using WordPress. Immediately I was thinking that site got hacked and I was preparing myself for gruesome backup tasks.

Luckily this attack was easy, although very clever. It just changed header file and included another file which was masqueraded as part of WordPress and it was placed into wp-includes directory. File name was class-ajax.php, which is very similar to another files in this directory.

Continue reading