8 Best Network Scanning Tools & Software for 2023

BY KIHARA KIMACHIA
MAY 30, 2023

Network scanning tools are a critical investment for businesses in this era of increasing cyber threats. These tools perform an active examination of networks to identify potential security risks and help IT administrators maintain the health and security of their networks.

As businesses become more digital and interconnected, the demand for such tools has significantly increased. To help businesses sort through the plethora of these solutions available on the market, we’ve narrowed down the list to eight top products and their ideal use cases.

Here are our picks for the top network scanning software:

Top network scanning tools and software comparison

Vulnerability ScanningReal-time Network MonitoringPenetration TestingCompliance AssuranceIntegration with Other ToolsEase of UseRange of Vulnerabilities DetectedScalabilityPricing (Starting)
Burp SuiteModerateHighHigh$1,999/yr
DetectifyHighModerateHigh$89/mo.
IntruderHighHighHigh$160/mo.
Manage Engine OpManagerModerateModerateHigh$245
Tenable NessusHighHighHigh$4,990/yr
Pentest ToolsModerateHighModerate$72/mo.
Qualys VMDRModerateHighHigh$6,368/yr
SolarWinds ipMonitorHighModerateHigh$1,570/yr

Jump to:

Burp Suite

Best for comprehensive web vulnerability scanning

PortSwigger BurpSuite dashboard
Source: portswigger.net

Burp Suite is a trusted tool among IT professionals for its robust web vulnerability scanning capabilities. It identifies security holes in web applications and is particularly well-suited for testing complex applications.

Pricing

The vendor has three enterprise pricing options as follows:

  • Pay as you scan: This tier starts at $1,999 per year plus $9 per hour scanned. It includes unlimited applications and users.
  • Classic: This tier is priced at $17,380 per year and includes 20 concurrent scans, unlimited applications and unlimited users.
  • Unlimited: This is the superior plan and is priced at $49,999 per year. It includes unlimited concurrent scans, applications, and users.

Features

  • Out-of-band Application Security Testing (OAST) added to dynamic scans for accurate identification of vulnerabilities.
  • Easy setup with point-and-click scanning or trigger via CI/CD.
  • Recurring scanning options for daily, weekly, or monthly scans.
  • Out-of-the-box configurations for fast crawl or critical vulnerability audits.
  • API security testing for increased coverage of microservices.
  • JavaScript scanning to uncover more attack surfaces in Single Page Applications (SPAs).
  • Scalable scanning with the ability to adjust the number of concurrent scans.
  • Custom configurations available, including crawl maximum link depth and reported vulnerabilities.
  • Burp Scanner, a trusted dynamic web vulnerability scanner used by over 16,000 organizations.
  • Integration with major CI/CD platforms such as Jenkins and TeamCity.
  • API-driven workflow for initiating scans and obtaining results via the REST API.
  • Integration with vulnerability management platforms for seamless scanning and security reporting.
  • Burp extensions allow customization of Burp Scanner to meet specific requirements.
  • Multiple deployment options including interactive installer and Kubernetes deployment.
  • Integration with bug tracking systems like Jira with auto ticket generation and severity triggers.
  • GraphQL API for initiating, scheduling, canceling, and updating scans.
  • Role-based access control for multi-user functionality and control.
  • Compatible configurations from Burp Suite Pro can be manually integrated into the Enterprise environment.
  • Reporting features include graphical dashboards, customizable HTML reports, scan history metrics, intuitive UI, rich email reporting, security posture graphing, aggregated issue reporting, and compliance reporting for PCI DSS and OWASP Top 10.

Pros

  • Extensive vulnerability detection.
  • Can handle complex web applications.
  • Integration with popular CI/CD tools.

Cons

  • Steep learning curve for beginners.
  • Relatively higher pricing.

Detectify

Best for ease of use and automation

Detectify dashboard
Source: detectify.com

Detectify is a fully automated External Attack Surface Management (EASM) solution powered by a world-leading ethical hacker community. It can help map out a company’s security landscape and find vulnerabilities that other scanners may miss​.

Pricing

The vendor has several pricing options as follows:

  • The full EASM package comes with a 2-week free trial. Pricing is custom and based on the number of domains, sub-domains, and web applications of the attack surface.
  • For organizations with a small attack surface, the vendor offers two pricing tiers that also come with a free 2-week trial:
    • Surface Monitoring: Pricing starts from $289 per month (billed annually). This package includes up to 25 subdomains.
    • Application Scanning: Pricing starts from $89 per month per scan profile (billed annually).

Features

The features of the full EASM solution are:

  • Continuous 24/7 coverage for discovering and monitoring your modern tech stack.
  • Crawling and fuzzing engine that surpasses traditional DAST scanners.
  • Ability to monitor large enterprise products and protect sensitive organizational data.
  • Accurate results with 99.7% accuracy in vulnerability assessments through payload-based testing.
  • SSO, API access, automatic domain verification, custom modules, and attack surface custom policies.
  • Identify risks before they are exploited by enriching assets with critical information like open ports, DNS record types, and technologies.
  • Integrates with popular tools such as Slack, Jira, and Splunk, and comes with an API that allows users to export results in the manner that best suits their workflows.

Pros

  • Simple and clean interface, easy to use.
  • Continuous automatic updates and scans.
  • Customizable reports and notifications.

Cons

  • Limited manual testing capabilities.
  • May generate false positives.

Intruder

Best for cloud-based network security

Intruder dashboard
Source: intruder.io

Intruder is a powerful cloud-based network security tool that helps businesses prevent security breaches by automating routine security checks. Each threat found is classified according to severity and a remediation plan proposed.

Pricing

  • Pricing is based on the number of applications and infrastructure targets with three pricing tiers: Essential, Pro and Premium. The Pro plan comes with a 14-day free trial.
  • Example pricing for 1 application and 1 infrastructure target is as follows:
    • Essential: $160 per month, billed annually.
    • Pro: $227 per month, billed annually.
    • Premium: From $3,737 per year.

Features

  • Easy-to-use yet powerful online vulnerability tool.
  • Comprehensive risk monitoring across your stack, including publicly and privately accessible servers, cloud systems, websites, and endpoint devices.
  • Detection of vulnerabilities such as misconfigurations, missing patches, encryption weaknesses, and application bugs, including SQL injection, Cross-Site Scripting, and OWASP Top 10.
  • Ongoing attack surface monitoring with automatic scanning for new threats and alerts for changes in exposed ports and services.
  • Intelligent results that prioritize actionable findings based on context, allowing you to focus on critical issues like exposed databases.
  • Compliance and reporting with high-quality reports to facilitate customer security questionnaires and compliance audits such as SOC2, ISO27001, and Cyber Essentials.
  • Continuous penetration testing by security professionals to enhance coverage, reduce the time from vulnerability discovery to remediation, and benefit from vulnerability triage by certified penetration testers.
  • Seamless integration with your technical environment, with no lengthy installations or complex configurations required.

Pros

  • Cloud-based, eliminating the need for on-site servers.
  • Comprehensive vulnerability coverage.
  • Automated, regular security checks.

Cons

  • Dependency on automated scanning engines may result in occasional false positives or false negatives.

ManageEngine OpManager

Best for real-time network monitoring

ManageEngine OpManager dashboard
Source:manageengine.com

ManageEngine OpManager is a comprehensive network monitoring application, capable of providing intricate insights into the functionality of various devices such as routers, switches, firewalls, load balancers, wireless LAN controllers, servers, virtual machines, printers, and storage systems. This software facilitates in-depth problem analysis to identify and address the core source of network-related issues.

Pricing

The vendor offers three editions with starting prices as follows:

  • Standard: $245 for up to 10 devices.
  • Professional: $345 for up to 10 devices.
  • Enterprise: $11,545 for 250 up to 250 devices.

Features

  • Capable of monitoring networks using over 2,000 performance metrics, equipped with user-friendly dashboards, immediate alert systems, and intelligent reporting features.
  • Provides crucial router performance data including error and discard rates, voltage, temperature, and buffer statistics.
  • Enables port-specific traffic control and switch port mapping for device identification.
  • Continuous monitoring of WAN link performance, latency, and availability, leveraging Cisco IP SLA technology.
  • Active monitoring of VoIP call quality across WAN infrastructure, facilitating the troubleshooting of subpar VoIP performance.
  • Automatic generation of L1/L2 network mapping, aiding in the visualization and identification of network outages and performance issues.
  • Provides monitoring for both physical and virtual servers across various operating systems such as Windows, Linux, Solaris, Unix, and VMware.
  • Detailed, agentless monitoring of VMware-virtualized servers with over 70 VMware performance monitors.
  • Utilizes WMI credentials to monitor Microsoft Hyper-V hosts and guest performance with over 40 in-depth metrics.
  • Enables monitoring and management of Host, VMs, and Storage Repositories of Citrix Hypervisor, providing the necessary visibility into their performance.
  • Allows for monitoring and management of processes running on discovered devices through SNMP/WMI/CLI.
  • Uses protocols like SNMP, WMI, or CLI for monitoring system resources and gathering performance data.
  • Provides immediate notifications on network issues via email and SMS alerts.
  • Facilitates the orchestration and automation of initial network fault troubleshooting steps and maintenance tasks.
  • Provides a centralized platform for identifying network faults, allowing for visualization, analysis, and correlation of multiple monitor performances at any instant.
  • Enables network availability, usage trend, and performance analysis with over 100 ready-made and customizable reports.
  • Employs a rule-based approach for syslog monitoring to read incoming syslogs and assign alerts.
  • Includes a suite of OpManager’s network monitoring tools to assist in first and second-level troubleshooting tasks.

Pros

  • In-depth network monitoring.
  • Easy-to-understand performance dashboards.
  • Supports both physical and virtual servers.

Cons

  • May be complex for beginners.
  • Cost can quickly escalate based on number of devices.

Tenable Nessus

Best for vulnerability analysis

Tenable Nessus dashboard
Source: tenable.com

Tenable Nessus is a vulnerability assessment tool that enables organizations to actively detect and rectify vulnerabilities throughout their ever-evolving attack surface. It is formulated to evaluate contemporary attack surfaces, expanding beyond conventional IT assets to ensure the security of cloud infrastructure and provide insights into internet-connected attack surfaces.

Pricing

  • Nessus offers a free 7-day trial. Customers can scan up to 32 IPs per scanner during the trial period.
  • After the trial, the product is available at a starting fee of $4,990 per year for an unlimited number of IPs per scanner.
  • Nessus Enterprise pricing is dependent on business requirements.

Features

  • Evaluates contemporary attack surfaces, extends beyond conventional IT assets, and provides insights into internet-connected environments.
  • Built with an understanding of security practitioners’ work, aiming to make vulnerability assessment simple, intuitive, and efficient.
  • Provides a reporting feature that prioritizes the top ten significant issues.
  • Nessus is deployable on a range of platforms, including Raspberry Pi, emphasizing portability and adaptability.
  • Ensures precise and efficient vulnerability assessment.
  • Offers visibility into your internet-connected attack environments.
  • Ensures the security of cloud infrastructure before deployment.
  • Focuses on the most significant threats to enhance security efficiency.
  • Provides ready-to-use policies and templates to streamline vulnerability assessment.
  • Allows for customization of reports and troubleshooting procedures.
  • Provides real-time results for immediate response and rectification.
  • Designed for straightforward and user-friendly operation.
  • Provides an organized view of vulnerability assessment findings for easy interpretation and analysis.

Pros

  • Broad vulnerability coverage.
  • Easy integration with existing security systems.
  • User-friendly interface.

Cons

  • Relatively higher pricing.

Pentest Tools

Best for penetration testing

Pentest Tools dashboard
Source: pentest-tools.com

Pentest Tools is a suite of software designed to assist with penetration testing. Pentest Tools provides the necessary capabilities to effectively carry out penetration tests, offering insights into potential weak points that may be exploited by malicious actors.

Pricing

The vendor offers four pricing plans as follows:

  • Basic: $72 per month, billed annually, for up to 5 assets and up to 2 parallel scans.
  • Advanced: $162 per month, billed annually, for up to 50 assets and up to 5 parallel scans.
  • Teams: $336 per month, billed annually, for up to 500 assets and up to 10 parallel scans.
  • Enterprise: For more than 500 assets and more than 10 parallel scans, plan pricing varies.

Features

  • Initially built on OpenVAS, now includes proprietary technology to assess network perimeter and evaluate a company’s external security posture.
  • Uses proprietary modules, like Sniper: Auto Exploiter, for a comprehensive security scan.
  • Provides a simplified and intuitive interface for immediate scanning.
  • Conducts in-depth network vulnerability scans using over 57,000 OpenVAS plugins and custom modules for critical CVEs.
  • Includes a summarized report of vulnerabilities found, their risk rating, and CVSS score.
  • Each report offers recommendations for mitigating detected security flaws.
  • Prioritizes vulnerabilities based on risk rating to optimize manual work and time.
  • Generates customizable reports with ready-to-use or custom templates.
  • Provides a complete view of “low hanging fruit” vulnerabilities, enabling focus on more advanced tests.
  • Allows testing of internal networks through a ready-to-use VPN, eliminating the need for time-consuming scripts and configurations.
  • Identifies high-risk vulnerabilities such as Log4Shell, ProxyShell, ProxyLogon, and others.
  • Assists in running vulnerability assessments necessary to comply with various standards like PCI DSS, SOC II, HIPAA, GDPR, ISO, the NIS Directive, and others.
  • Facilitates thorough infrastructure tests, detecting vulnerabilities ranging from weak passwords to missing security patches and misconfigured web servers.
  • Third-party infrastructure audit that’s useful for IT services or IT security companies, providing reports for client assurance on implemented security measures.

Pros

  • Broad coverage of penetration testing scenarios.
  • Easy to use, with detailed reports.
  • Regular updates and enhancements.

Cons

  • Proprietary technology can also limit interoperability with other tools or platforms.
  • New users may experience a steep learning curve.

Qualys VMDR

Best for cloud security compliance

Qualys VMDR dashboard
Source: qualys.com

Qualys VMDR is a top choice for businesses looking for cloud-based network security software. It provides automated cloud security and compliance solutions, allowing businesses to identify and fix vulnerabilities.

Pricing

  • Prospective customers can try out the tool for free for 30 days.
  • Pricing starts at $199 per asset with a minimum quantity of 32 (i.e., $6,368 total starting cost).
  • Flexible pricing for larger packages based on business needs.

Features

  • Qualys is a strong solution for businesses seeking cloud-based network security software, providing automated cloud security and compliance solutions.
  • Utilizes TruRisk™ to quantify risk across vulnerabilities, assets, and asset groups, enabling proactive mitigation and risk reduction tracking.
  • Automates operational tasks for vulnerability management and patching with Qualys Flow, saving valuable time.
  • Leverages insights from over 180,000 vulnerabilities and 25+ threat sources to provide preemptive alerts on potential attacks with the Qualys Threat DB.
  • Detects all IT, OT, and IoT assets for a comprehensive, categorized inventory with detailed information such as vendor lifecycle.
  • Automatically identifies vulnerabilities and critical misconfigurations per Center for Internet Security (CIS) benchmarks, by asset.
  • Integrates with ITSM tools like ServiceNow and Jira to automatically assign tickets and enable orchestration of remediation, reducing Mean Time To Resolution (MTTR).

Pros

  • Cloud-based, reducing on-premise hardware needs.
  • Comprehensive vulnerability and compliance coverage.
  • Powerful data analytics capabilities.

Cons

  • Can be complex for small businesses.
  • Pricing is high and can be prohibitive for smaller organizations.

SolarWinds ipMonitor

Best for large-scale enterprise networks

SolarWinds ipMonitor dashboard
Source:solarwinds.com

SolarWinds ipMonitor is an established network monitoring solution ideal for monitoring servers, VMware hosts, and applications on large-scale enterprise networks. It offers deep performance insights and customizable reports.

Pricing

SolarWinds ipMonitor has three pricing editions, each with a 14-day free trial: 

  • 500 monitors for $1,570
  • 1000 monitors for $2,620
  • 2500 monitors for $5,770

Features

  • The monitoring tool provides over a dozen notification types including alerts via email, text message, or directly to Windows Event Log files.
  • Facilitates the monitoring of common ports with key protocols.
  • Ensures IT environment functionality by continuously monitoring database availability.
  • Enhances end user network experience monitoring capabilities.
  • Offers monitoring of network equipment health in tandem with network infrastructure.
  • Confirms the ability of a web server to accept incoming sessions.
  • Provides critical insights into the overall IT environment.
  • Offers an affordable tool for network monitoring.
  • Utilizes VM ESXi host monitors to track the health and performance of your virtual environment.
  • Enables monitoring of Windows services and applications..

Pros

  • Extensive scalability for large networks.
  • Deep insights and comprehensive reporting.
  • Wide range of integrated applications.

Cons

  • Can be overly complex for smaller networks.
  • The pricing model may not suit smaller businesses.

Key features of network scanning tools and software

Vulnerability scanning is central to all network scanning tools, but other features, such as real-time monitoring, penetration testing, and integrability, should not be overlooked.

Vulnerability scanning

This is the most critical feature buyers typically look for in network scanning tools. Vulnerability scanning helps identify potential security threats and weak spots within the network. 

The tools do this by scanning the network’s devices, servers, and systems for known vulnerabilities such as outdated software, open ports, or incorrect configurations. 

This feature matters because it provides an overview of the network’s security posture, enabling users to take corrective measures promptly.

Real-time network monitoring

Real-time network monitoring allows for continuous observation of the network’s performance, detecting any issues or anomalies as they occur. 

This feature is vital because it can significantly reduce downtime and address performance issues before they impact business operations.

Penetration testing

Penetration testing (or pentesting) simulates cyberattacks on your network to test the effectiveness of your security measures and identify potential vulnerabilities that may not be detectable through standard vulnerability scanning. 

Penetration testing is essential for businesses as it offers a more proactive approach to cybersecurity than standard vulnerability scans.

Compliance assurance

Compliance assurance ensures that the organization’s network aligns with various regulatory standards, such as HIPAA for healthcare or PCI DSS for businesses that handle credit card information.

Compliance assurance is critical because non-compliance can result in hefty fines and damage to the company’s reputation.

Integration with other tools

Integration capabilities are an often overlooked but essential feature of network scanning tools. The ability to integrate with other IT management and security tools allows for a more streamlined and efficient workflow.

For example, integrating a network scanning tool with a ticketing system could automatically create a ticket when a vulnerability is detected.

This feature is vital as it enables businesses to enhance their overall IT infrastructure management and improve response times to potential threats.

How to choose the best network scanning software for your business

Selecting the best network scanning tool for your business involves several key considerations:

  1. Identify your needs: The first step is to understand what you need from a network scanning tool. Do you require real-time network monitoring, pentesting, compliance assurance, or more? The type of network you’re operating and the size of your business can heavily influence your needs.
  2. Consider the ease of use: The usability of the software is an important factor depending on the size and expertise of your IT team. If it’s too complex, it may be challenging for your team to use effectively. Look for software that has a user-friendly interface and offers good customer support.
  3. Examine the features: Look for software that offers the features that match your specific requirements. If you’re unsure what features you might need, consulting with an IT professional can be beneficial.
  4. Evaluate scalability: Your business is likely to grow, and so will your network. The network scanning tool you choose should be able to scale along with your business without losing efficiency.
  5. Check for regular support and updates: Good network scanning software should provide reliable support and regular updates to address emerging security threats. Check whether the software is frequently updated and if technical support is readily available.
  6. Review pricing: Lastly, consider the pricing and your budget. Keep in mind that while some software might be more expensive, it could offer more features or better support, leading to better value for your business in the long run.

Frequently Asked Questions (FAQs)

What are the benefits of network scanning tools?

Network scanning tools offer a multitude of benefits, including:

  • Security enhancement: Network scanning tools identify vulnerabilities and security risks within a network, allowing businesses to address these issues proactively and bolster their security posture.
  • Compliance assurance: Many of these tools help ensure that your network aligns with various regulatory and industry standards, reducing the risk of non-compliance penalties.
  • Real-time monitoring: By providing real-time network monitoring, these tools allow for immediate detection and mitigation of issues, thereby reducing network downtime and improving performance.
  • Resource optimization: Network scanning can identify underutilized resources, aiding in more efficient resource allocation and cost savings.
  • Improved network management: With a thorough understanding of the network infrastructure, administrators can make more informed decisions regarding network planning and expansion.

Who should use network scanning software?

Network scanning software is beneficial for a variety of roles and industries, including:

  • Network administrators: These professionals can use network scanning tools to monitor and manage the health of the network, consistently optimizing its performance.
  • IT security professionals: These tools are crucial for IT security staff in identifying potential vulnerabilities and mitigating security risks.
  • Managed Service Providers (MSPs): MSPs can utilize network scanning tools to manage and monitor their clients’ networks, ensuring they are secure and comply with relevant regulations.
  • Regulated industries: Businesses within industries that must adhere to strict data security standards, such as healthcare, finance, and e-commerce, can benefit significantly from these tools to ensure compliance and protect sensitive data.

What are the types of network scanning?

Network scanning can be categorized into several types based on their function:

  • Port scanning: This type identifies open ports and services available on a network host. It can help detect potential security vulnerabilities.
  • Vulnerability scanning: This process involves identifying known vulnerabilities in the network, such as outdated software or misconfigurations, that could be exploited.
  • Network mapping: This type of scanning identifies the various devices on a network, their interconnections, and topology.
  • Performance scanning: This form of scanning monitors network performance, identifying potential issues that could affect the speed or reliability of the network.
  • Compliance scanning: This type checks the network’s compliance with certain regulatory or industry standards, helping avoid potential legal issues.

Methodology

The selection, review, and ranking of the network scanning tools in this list was carried out through a comprehensive and structured methodology, which involved several key steps: namely, requirement identification, market research, feature evaluation, user reviews and feedback, ease of use, pricing, and scalability.

By combining these steps, we have aimed to provide a balanced and comprehensive overview of the top network scanning tools of 2023, thereby enabling potential buyers to make an informed decision that best suits their specific needs and circumstances.

Bottom line: Managing vulnerabilities with network scanning tools

Network scanning tools are essential for any organization striving to maintain a secure and efficient IT environment. From identifying vulnerabilities to ensuring compliance and enhancing overall network performance, these tools play a pivotal role in successful network management.

The eight tools discussed in this article offer a variety of features and capabilities, catering to different needs and business sizes. However, choosing the right tool should be guided by an organization’s unique requirements, budget, and the tool’s ability to scale alongside the growth of the business.

By doing so, businesses can foster a more secure, compliant, and reliable IT network, boosting operational efficiency and business resilience.

Knowing your network’s vulnerabilities is just the beginning. Here are the best vulnerability management tools to keep your data locked up safe.

Source :
https://www.enterprisenetworkingplanet.com/security/network-scanning-tools/

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

stván Márton May 31, 2023

On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges via a user meta update.

Wordfence PremiumWordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on May 22, 2023. Sites still using the free version of Wordfence will receive the same protection on June 21, 2023.

We contacted WPDeveloper on May 20, 2023, and received a response the next day. After providing full disclosure details, the developer released a patch on May 22, 2023. We would like to commend the WPDeveloper development team for their prompt response and timely patch, which was released in just one day.

We urge users to update their sites with the latest patched version of ReviewX, which is version 1.6.14 at the time of this writing, as soon as possible.

Vulnerability Summary from Wordfence Intelligence

Description: ReviewX <= 1.6.13 – Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug: reviewx
Affected Versions: <= 1.6.13
CVE ID: CVE-2023-2833
CVSS Score: 8.8 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Lana Codes
Fully Patched Version: 1.6.14

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the ‘rx_set_screen_options’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role via the ‘wp_screen_options[option]’ and ‘wp_screen_options[value]’ parameters during a screen option update.

Technical Analysis

ReviewX is a plugin that primarily enables customers to add ratings and reviews to WooCommerce stores, but it is also possible to use it with custom post types.

The reviews are listed on the WordPress admin page, which includes a screen option for how many reviews should be displayed per page for the admin user. Unfortunately, this feature was implemented insecurely, allowing all authenticated users to modify their capabilities, including granting themselves administrator capabilities.

Upon closer examination of the code, we see that the ‘rx_set_screen_options’ function, which updates a user’s per-page screen option, is hooked to the ‘admin_init’ action.

971add_filter( 'admin_init', 'rx_set_screen_options');

This hook is triggered on every admin page without any post type or page restrictions. This means that the ‘rx_set_screen_options’ hooked function is invoked on all admin pages, allowing users who otherwise do not have access to the plugin to also access the function, as the function itself does not contain any restrictions.

This makes it possible for any authenticated user with an account, such as a subscriber, to invoke the ‘rx_set_screen_options’ function.

972973974975976977978979980981982983984985986987988989990functionrx_set_screen_options() {    if( isset( $_POST['wp_screen_options'] ) && is_array( $_POST['wp_screen_options'] ) ) {        check_admin_referer( 'screen-options-nonce', 'screenoptionnonce');        $user= wp_get_current_user();        if( ! $user) {            return;        }                $option= $_POST['wp_screen_options']['option'];        $value= $_POST['wp_screen_options']['value'];                if( sanitize_key( $option) != $option) {            return;        }        update_user_meta( $user->ID, $option, $value);    }}

The function includes a nonce check, but it uses a general nonce that is available on every admin page where there is a screen option.

The most significant problem and vulnerability is caused by the fact that there are no restrictions on the option, so the user’s metadata can be updated arbitrarily, and there is no sanitization on the option value, so any value can be set, including an array value, which is necessary for the capability meta option.

This made it possible for authenticated users, such as subscribers, to supply the ‘wp_capabilities’ array parameter with any desired capabilities, such as administrator, during a screen option update.

As with any Privilege Escalation vulnerability, this can be used for complete site compromise. Once an attacker has gained administrative user access to a WordPress site they can then manipulate anything on the targeted site as a normal administrator would. This includes the ability to upload plugin and theme files, which can be malicious zip files containing backdoors, and modifying posts and pages which can be leveraged to redirect site users to other malicious sites.

Disclosure Timeline

May 20, 2023 – Discovery of the Privilege Escalation vulnerability in ReviewX.
May 20, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.
May 21, 2023 – The vendor confirms the inbox for handling the discussion.
May 21, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.
May 22, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability.
May 23, 2023 – A fully patched version of the plugin, 1.6.14, is released.
June 21, 2023 – Wordfence Free users receive the same protection.

Conclusion

In this blog post, we detailed a Privilege Escalation vulnerability within the ReviewX plugin affecting versions 1.6.13 and earlier. This vulnerability allows authenticated threat actors with subscriber-level permissions or higher to elevate their privileges to that of a site administrator which could ultimately lead to complete site compromise. The vulnerability has been fully addressed in version 1.6.14 of the plugin.

We encourage WordPress users to verify that their sites are updated to the latest patched version of ReviewX.

Wordfence PremiumWordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on May 22, 2023. Sites still using the free version of Wordfence will receive the same protection on June 21, 2023.

If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

Did you enjoy this post? Share it!

Source :
https://www.wordfence.com/blog/2023/05/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin/

Dell SonicWALL TZ400 and Firebox BOVPN Virtual Interface Integration Guide – Tunnel Interface

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This integration guide describes how to configure a BOVPN virtual interface tunnel between a WatchGuard Firebox and a Dell SonicWALL® TZ400.

Integration Summary

The hardware and software used in this guide include:

  • WatchGuard Firebox M400
    • Fireware v12.8.2.B668649
  • Dell SonicWALL TZ400
    • SonicOS Enhanced Version 6.5.4.11-97n

Topology

This diagram shows the topology for a BOVPN virtual interface connection between a Firebox and a Dell SonicWall TZ400.

Screen shot of the Topology diagram

Configure the Firebox

To configure a BOVPN virtual interface connection on the Firebox:

  1. Log in to Fireware Web UI.
  2. Select VPN > BOVPN Virtual Interfaces.
    The BOVPN Virtual Interfaces configuration page opens.
  3. Click Add.
Screen shot of the General Settings tab
  1. In the Interface Name text box, type a name to identify this BOVPN virtual interface.
  2. From the Remote Endpoint Type drop-down list, select Cloud VPN or Third-Party Gateway.
  3. From the Gateway Address Family drop-down list, select IPv4 Addresses.
  4. In the Credential Method section, select Use Pre-Shared Key.
  5. In the adjacent text box, type the pre-shared key.
  6. From the drop-down list, select String-Based .
  7. In the Gateway Endpoint section, click Add.
    The Gateway Endpoint Settings dialog box opens.
Screen shot of the Local Gateway tab
  1. From the Physical drop-down list, select External.
  2. From the Interface IP Address drop-down list, select Primary Interface IPv4 Address.
    The Primary Interface IP Address is the primary IP address you configured on the selected external interface.
  3. Select By IP Address.
  4. In the adjacent text box, type the primary IP address of the External Firebox interface.
  5. Select the Remote Gateway tab.
Screen shot of the Remote Gateway tab
  1. Select Static IP Address.
  2. In the adjacent text box, type the IP address of your SonicWALL WAN connection.
  3. Select By IP Address.
  4. In the adjacent text box, type the IP address of your SonicWALL WAN connection.
  5. Click OK.
Screen shot of the completed Gateway Endpoint settings
  1. In the Gateway Endpoint section, select Start Phase 1 tunnel when it is inactive.
  2. Select Add this tunnel to the BOVPN-Allow policies.
  3. Select the VPN Routes tab.
Screen shot of the VPN Routes tab
  1. Click Add.
Screen shot of the VPN Route Settings
  1. From the Choose Type drop-down list, select Network IPv4.
  2. In the Route To text box, type the Network IP address of a route that will use this virtual interface.
  3. Click OK.
Screen shot of the completed VPN Route settings
  1. Select the Phase 1 Settings tab.
Screen shot of the Phase 1 settings
  1. From the Version drop-down list, select IKEv2.
  2. Keep all other Phase 1 settings as the default values.
  3. Keep Phase 2 Settings as the default values.
Screen shot of the Phase 2 settings
  1. Click Save.

For more information about BOVPN virtual interface configuration on the Firebox, see BOVPN Virtual Interfaces

Configure the Dell SonicWALL TZ400

Zone and Interface Settings

  1. Log in to the Dell SonicWALL TZ400 Web UI at https://<IP address of TZ400>. The default IP address is 192.168.168.168.
  2. Configure interfaces and zones. For information about how to configure interfaces and zones, see the Dell SonicWALL TZ400 documentation.
Screen shot of the Dell SonicWALL interface settings
Screen shot of the Dell SonicWALL zone settings

IPSec VPN Settings

To configure IPSec VPN settings:

  1. Select Manage > Policies > Objects > Address Objects.
  2. To add a new object, click Add.
Screen shot of the Dell SonicWALL address object settings
  1. In the Name text box, type the object name. In our example, the name is WGINT.
  2. From the Zone Assignment drop-down list, select VPN.
  3. From the Type drop-down list, select Network.
  4. In the Network text box, type the network address.
  5. In the Netmask/Prefix Length text box, type the netmask.
  6. Click Add.
  7. Click Close.
Screen shot of the Dell SonicWALL address object settings
  1. Select Manage > Connectivity > VPN > Base Settings.
  2. In the VPN Policies section, click Add.
Screen shot of the Dell SonicWALL General tab
  1. From the Policy Type drop-down list, select Tunnel Interface.
  2. From the Authentication Method drop-down list, select IKE using Preshared Secret.
  3. In the Name text box, type a descriptive name for this VPN. In our example, the name is VPN with WG.
  4. In the IPsec Primary Gateway Name or Address text box, type the peer IP address.
  5. Select Mask Shared Secret.
  6. In the Shared Secret and Confirm Shared Secret text boxes, type the pre-shared secret key.
  7. From the Local IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the SonicWALL outgoing public IP address.
  8. From the Peer IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the WatchGuard Firebox public IP address.
  9. Select the Proposals tab.
Screen shot of the Dell SonicWALL Proposals tab.
  1. In the IKE (Phase 1) Proposal section, from the Exchange drop-down list, select IKEv2 Mode.
  2. From the DH Group drop-down list, select Group 14.
  3. From the Encryption drop-down list, select AES-256.
  4. From the Authentication drop-down list, select SHA256.
  5. In the Ipsec (Phase 2) Proposal section, from the Protocol drop-down list, select ESP.
  6. From the Encryption drop-down list, select AES-256.
  7. From the Authentication drop-down list, select SHA256.
  8. Select the Enable Perfect Forward Secrecy check box.
  9. From the DH Group drop-down list, select Group 14.
  10. For all other settings, keep the default values.
  11. Click OK.
Screen shot of the Dell SonicWALL base settings
  1. Keep all default settings in Advanced VPN Settings.
Screen shot of the Dell SonicWALL base settings

Route Policy Settings

To configure Route Policy settings:

  1. Select Manage > System Setup > Network > Routing.
  2. In the Route Policies section, click Add.
Screen shot of the Dell SonicWALL route policy settings
  1. In the Name text box, type the object name. In our example, the name is policy.
  2. From the Source drop-down list, select X2 subnet. In our example, the X2 subnet is 192.168.13.0/24.
  3. From the Destination drop-down list, select WGINT.
  4. From the Service drop-down list, select Any.
  5. From the Interface drop-down list, select VPN with WG.
  6. For all other settings, keep the default values.
  7. Click OK.
Screen shot of Dell SonicWALL route policies

Test the Integration

  1. Log in to the Firebox Web UI.
  2. Select System Status > VPN Statistics.
  3. Verify the VPN tunnel is active.
  4. Log in to the Dell SonicWALL TZ400 Web UI.
  5. Verify the VPN tunnel is active.
  6. Verify the hosts behind the Firebox and behind the SonicWALL can successfully ping each other.

    Source :
    https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/dell_sonicwall_BOVPN_virtual_interface.html

Dell SonicWALL TZ400 and Firebox Branch Office VPN Integration Guide – Site To Site

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This integration guide describes how to configure a Branch Office VPN (BOVPN) tunnel between a WatchGuard Firebox and a Dell SonicWALL® TZ400.

Integration Summary

The hardware and software used in this guide include:

  • WatchGuard Firebox M400
    • Fireware v12.8.2.B668649
  • Dell SonicWALL TZ400
    • SonicOS Enhanced Version 6.5.4.11-97n

Topology

This diagram shows the topology for a BOVPN connection between a Firebox and a SonicWALL TZ400.

Screen shot of the topology diagram

Configure the Firebox

To configure a Branch Office VPN (BOVPN) connection on the Firebox:

  1. Log in to Fireware Web UI.
  2. Select VPN > Branch Office VPN.
    The Branch Office VPN configuration page opens.
  3. In the Gateways section, click Add.
Screenshot of the General Settings tab
  1. In the Gateway Name text box, type a name to identify this BOVPN gateway.
  2. From the Address Family drop-down list, select IPv4 Addresses.
  3. In the Credential Method section, select Use Pre-Shared Key.
  4. In the adjacent text box, type the pre-shared key.
  5. From the drop-down list, select String-Based .
  6. In the Gateway Endpoint section, click Add.
    The Gateway Endpoint Settings dialog box opens.
Screen shot of the Local Gateway settings
  1. From the External Interface drop-down list, select External.
  2. From the Interface IP Address drop-down list, select Primary Interface IPv4 Address.
    The Primary Interface IP Address is the primary IP address you configured on the selected external interface.
  3. Select By IP Address.
  4. In the adjacent text box, type the primary IP address of the External Firebox interface.
  5. Select the Remote Gateway tab.
Screen shot of the Remote Gateway settings
  1. Select Static IP Address.
  2. In the adjacent text box, type the IP address of your SonicWALL WAN connection.
  3. Select By IP Address.
  4. In the adjacent text box, type the IP address of your SonicWALL WAN connection.
  5. Keep the default settings for all other options.
  6. Click OK.
Screen shot of the completed Gateway Endpoint configuration
  1. In the Gateway Endpoint section, select the Start Phase 1 tunnel when Firebox starts check box.
  2. Select the Phase 1 Settings tab.
Screen shot of the Phase 1 settings
  1. From the Version drop-down list, select IKEv2.
  2. Keep all other Phase 1 settings as the default values.
  3. Click Save.
Screen shot of the Gateways and Tunnels lists
  1. In the Tunnels section, click Add.
Screen shot of the Advanced settings
  1. From the Gateway drop-down list, select the gateway that you configured.
  2. In the Addresses section, click Add.
Screen shot of the Addresses tab
  1. In the Local IP section, from the Choose Type drop-down list, select Network IPv4.
  2. In the Network IP text box, type the local IP segment. This the local network protected by the Firebox.
  3. In the Remote IP section, from the Choose Type drop-down list, select Network IPv4.
  4. In the Network IP text box, type the remote IP segment. This the local network protected by the Dell SonicWALL device.
  5. Click OK.
Screen shot of the Phase 2 settings
  1. Keep the default Phase 2 Settings.
  2. Click Save.

Configure the Dell SonicWALL TZ400

Zone and Interface Settings

  1. Log in to the Dell SonicWALL TZ400 Web UI at https://<IP address of TZ400>. The default IP address is 192.168.168.168.
  2. Configure interfaces and zones. For information about how to configure interfaces and zones, see the Dell SonicWALL TZ400 documentation.
Screen shot of the SonicWALL network interface settings
Screen shot of the SonicWALL zone settings

IPSec VPN Settings

To configure IPSec VPN settings:

  1. Select Manage > Policies > Objects > Address Objects.
  2. To add a new object, click Add.
Screenshot of sonicwall. picture3, address object settings
  1. In the Name text box, type the object name. In our example, the name is WGINT.
  2. From the Zone Assignment drop-down list, select VPN.
  3. From the Type drop-down list, select Network.
  4. In the Network text box, type the network address.
  5. In the Netmask/Prefix Length text box, type the netmask.
  6. Click Add.
  7. Click Close.
Screenshot of sonicwall, pictuer4, the address objects page
  1. Select Manage > Connectivity > VPN > Base Settings.
  2. In the VPN Policies section, click Add.
Screenshot of sonicwall, picture5, vpn policy, general settings
  1. From the Policy Type drop-down list, select Site to Site.
  2. From the Authentication Method drop-down list, select IKE using Preshared Secret.
  3. In the Name text box, type a descriptive name for this VPN. In our example, the name is VPN with WG.
  4. In the IPsec Primary Gateway Name or Address text box, type the peer IP address.
  5. Select Mask Shared Secret.
  6. In the Shared Secret and Confirm Shared Secret text boxes, type the pre-shared secret key.
  7. From the Local IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the SonicWALL outgoing public IP address.
  8. From the Peer IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the WatchGuard Firebox public IP address.
  9. For all other settings, keep the default values.
  10. Select the Network tab.
Screenshot of sonicwall, picture6, vpn policy, network settings
  1. In the Local Networks section, select Choose local network from list. From the adjacent drop-down list, select X2 Subnet.
  2. In the Remote Networks section, select Choose destination network from list. From the adjacent drop-down list, select WGINT.
  3. Select the Proposals tab.
Screenshot of sonicwall, picture7, vpn policy, proposal settings.
  1. In the IKE (Phase 1) Proposal section, from the Exchange drop-down list, select IKEv2 Mode.
  2. From the DH Group drop-down list, select Group 14.
  3. From the Encryption drop-down list, select AES-256.
  4. From the Authentication drop-down list, select SHA256.
  5. In the Ipsec (Phase 2) Proposal section, from the Protocol drop-down list, select ESP.
  6. From the Encryption drop-down list, select AES-256.
  7. From the Authentication drop-down list, select SHA256.
  8. Select the Enable Perfect Forward Secrecy check box.
  9. From the DH Group drop-down list, select Group 14.
  10. For all other settings, keep the default values.
  11. Select the Advanced tab.
Screenshot of sonicwall, picture8, vpn policy, advanced settings.
  1. In the Advanced Settings section, select the Enable Keep Alive check box.
  2. For VPN Policy bound to, from the adjacent drop-down list, select Interface X1.
  3. For all other settings, keep the default values.
  4. Click OK.
Screenshot of sonicwall, picture9, vpn, base settings, currently active VPN tunnels.
  1. Keep all default settings in Advanced VPN Settings.
Screenshot of sonicwall, picture9, vpn, base settings, currently active VPN tunnels.

Test the Integration

  1. Log in to the Firebox Web UI.
  2. Select System Status > VPN Statistics.
  3. Verify the VPN tunnel is active.
  4. Log in to the Dell SonicWALL TZ400 Web UI.
  5. Verify the VPN tunnel is active.
  6. Verify the hosts behind the Firebox and behind the SonicWALL can successfully ping each other.

Source :
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/dell_sonicwall_BOVPN.html

CrowdSec Engine 1.5 is officially here!

MAY 23, 2023

The biggest release since 1.0, CrowdSec Engine 1.5 brings you new features, major enhancements, and more control of your security management. Discover all that is new in 1.5 and how to get started in this article.

We launched a private preview of the CrowdSec Engine 1.5 to our community members in March to allow them to test it out and give us feedback. After a few months of testing, it was clear that the CrowdSec Engine 1.5 was ready for its debut by the end of May. So here it is, new features, major enhancements and more ways to manage your security. Check out all the updates and what’s new below. You can also read about the increased performance and faster response times when processing high volumes of logs that our community members experienced with the CrowdSec Engine 1.5. 

“We are delighted to announce the launch of CrowdSec Engine 1.5 today. Following our last release in February 2022, we have been busy listening to our users to deliver a new version with significant enhancements, including the ability to receive “orders” from the console. We have also developed several new features, including compliance and post-exploitation scenarios to the engine. We are also hugely grateful to the CrowdSec community that has been busy testing the release over the last few months to ensure a smooth and successful roll-out for all our users. ” – Thibault Koechlin, Chief Technology Officer, CrowdSec

Polling API Integration

With the polling API, the Console can now send orders to the CrowdSec instances. Allowing users to manage their decisions (banned IPs at a given time). Let’s dive into what that means. 

Real-time decisions management

The new Polling API gives you the ability to complete real-time decision management within the console. For users with many instances, you can now ban IPs on all of your instances at once, all from the comfort of a single page, rather than running an automation script to update all instances. A great timesaver for SecOps teams.

Teaser: Secure and custom configure the fleet of instances from the Console

In the future, the polling API feature will allow users to set up parsers and scenarios directly from the CrowdSec Console.

New Blocklist API and Premium Blocklists

We recently announced the external IP blocklists which allow all of our users to subscribe to at least 2 (new) additional blocklists created by the CrowdSec team, in addition to our community fuelled blocklist to better protect your instances.  

Viktoria Rei Bauer (@ToeiRei on Discord, Twitch, and Twitter), CrowdSec Ambassador, saw a 190% increase in blocked IP addresses after implementing CrowdSec’s new Blocklist API and subscribing to 2 new blocklists. 

“My average number of IP blocks was 2,000 per day. The day isn’t even over and I’ve already blocked 6,000 IPs.”

The chart below shows the impact the blocklist subscription made to Rei’s CrowdSec pfSense deployment. The red line shows the implementation of the blocklists that resulted in a 183% increase of malicious IPs blocked, peaking at a 400% increase.

Kubernetes audit acquisition

The feature we presented at Kubehuddle UK 2022 is finally here:

Kubernetes Cluster Monitoring now gives our users the ability to monitor and protect their whole K8s cluster, and not just the services running on it.

S3 audit acquisition

CrowdSec now supports reading logs stored in S3 bucket, allowing you to process logs generated by AWS services (such as ALB access logs or Cloudfront logs).

Auditd support

Allows for the detection of “Post Exploitation Behaviors”, including:

  • base64 + interpreter (perl/bash/python)
  • curl/wget and exec
  • pkill execve bursts
  • rm execve bursts
  • exec from suspicious locations

CrowdSec CTI API helpers

You can now query CrowdSec’s Cyber Threat Intelligence (CTI) from your parsers and behavior scenario thanks to our new CTI API, allowing you to react to each threat differently according to each IPs reputation and classification.

This new CTI API allows CrowdSec and the CTI to be more interactive with each other, allowing users to query more information around a specific IP. For example, you can now query the machine’s usage, as well as the type of attack it relates to. CrowdSec is now able to query all this data in real-time, helping users to detect false positives, and also reducing alert fatigue. 

AWS Cloudtrail Scenarios

Thanks to 1.5’s new behavior detection capabilities, we were able to create an advanced AWS Cloudtrail scenario helping you to detect and better understand what’s happening on your cloud. Below you can see a list of activities you are now able to detect.

  • Detect AWS CloudTrail configuration change
  • Detect AWS Config configuration change
  • Detect AWS console authentication failure
  • Detect AWS IAM policy change
  • Detect AWS KMS key deletion
  • Detect login without MFA to the AWS console
  • Detect AWS NACL change
  • Detect AWS Network Gateway change
  • Detect AWS root account usage
  • Detect AWS route table change
  • Detect AWS S3 bucket policy change
  • Detect AWS Security Group change
  • Detect AWS API unauthorized calls
  • Detect AWS VPC change

Feature flag support

This new feature allows us to have some features within the Security Engine that are disabled by default but can be activated manually by the user.

This will facilitate the inclusion of beta features safely and give more chances to the community to preview what’s coming and help us test the features in a range of use cases. 

Detection Engine improvements

  • Conditional buckets: an improvement of our behavior detection system allows for more complex expression for the alert triggering mechanism
  • Event data stash: allows parsers to capture data for future enrichment. Adding the capability to detect advanced malicious behaviors

CAPI Whitelist

While the community blocklist is highly curated, and designed to avoid false positives, sometimes a shared IP used by both innocent and malicious actors will end up in it, so we’ve added the capability to create whitelists that can also be applied to the community-powered blocklist.

Conclusion

We would like to thank our community of users who have helped us reach this major milestone! Thanks to your feedback we have been able to create a release that truly caters to your needs and enhances your use of CrowdSec. 

Interested in using CrowdSec Engine 1.5? If you haven’t already, install the CrowdSec Security Engine and then, sign-up for the CrowdSec Console. We will also be hosting a live webinar to go over all the new features and enhancements! 

Source :
https://www.crowdsec.net/blog/crowdsec-engine-1-5-is-officially-here


ChatGPT vs. Bing Chat: Which AI chatbot should you use?

By Elena Alston · May 16, 2023

I’ve been using ChatGPT ever since OpenAI launched it in 2022. It’s helped me write meta descriptions for blog posts, create simple code snippets, and generate outlines. Heck, I’ve even used it to plan a trip to Portugal. 

Try Zapier’s new ChatGPT plugin

Learn more

But I’ve been keen to try out Microsoft’s new Bing AI chatbot to see if it lives up to the hype. With Bing Chat, you’re able to chat, compose content, generate images, and get summarized answers to complex questions—all in one interface. It’s supposed to be a far more advanced version of ChatGPT, so I was excited to see how their features stack up. 

Here are the main differences I discovered while comparing ChatGPT vs. Bing Chat. 

ChatGPT vs. Bing Chat at a glance

If you want free access to GPT-4 (OpenAI’s most advanced and more powerful language model), Bing Chat is currently the way to go. You can access GPT-4 via ChatGPT Plus, which is a paid subscription, but Bing Chat gives you free access via Microsoft Edge. Beyond that, here’s the main difference:

  • Bing Chat is built into Microsoft Edge, so it’s a more integrated, tailored way of searching for answers. That makes it a powerful research assistant.
  • ChatGPT—though a more isolated experience—can be accessed on any browser and has more powerful integrations and plugins. It’s better suited as a personal assistant than a research assistant.

I’ll walk through some of the core differences between ChatGPT and Bing Chat in depth in the coming sections, but here’s a quick breakdown of how they compare.

Bing ChatChatGPT
Language modelOpenAI’s GPT-4OpenAI’s GPT-3.5 (ChatGPT Plus: GPT-4)
PlatformIntegrated with Microsoft’s search engineStandalone website or API 
Internet accessCan perform web searches and offer links and recommendations Browsing feature for ChatGPT Plus users
Image generationCan generate creative content, including images using DALL·ECan only generate text
Best used asA research assistantA personal assistant
Usage limitsUsers get to ask 20 chats per session and 200 total chats per dayUnlimited conversations per day; ChatGPT Plus users get 25 GPT-4 messages every 3 hours 
PricingFreeFree; ChatGPT Plus available for $20/month

Bing Chat is part of search, while ChatGPT is an isolated interface

Both ChatGPT and Bing Chat use OpenAI’s language models, which means that, for the most part, they generate very similar results. 

The biggest difference between them is that Bing Chat is also powered by Microsoft’s Prometheus, a model that integrates Bing Search with the AI tool.     

Marketed as a “co-pilot” for the web, Bing Chat distills the latest information from across the web and summarizes it when answering your prompts. It even cites its sources and generates a list of relevant links (as well as pulling in visuals). This is what it looks like within the Bing Chat web interface.

Bing Chat telling the weather in London

ChatGPT, on the other hand, doesn’t pull in current results from the internet as it’s only been trained on information up until 2021. There’s a simple workaround, though: you can access OpenAI’s native web browser plugin, available on ChatGPT Plus. 

The Web Browsing option in ChatGPT

The web browser can look through web results and share them with you like Bing can, but I’ve found that it doesn’t integrate visuals like Bing does. The result is a more text-heavy experience, but no less effective. 

ChatGPT telling the weather in London

The downside is that when it comes to researching facts, news stories, or historical events, ChatGPT doesn’t always cite its sources. It doesn’t seem to have a problem citing weather reports, but for other information, it can be a bit hit or miss—unless you specifically instruct it to provide sources. (Which, by the way, I’d recommend, given its tendency to hallucinate.)  

Asking ChatGPT to cite its sources

In addition to being more reliable with its citations, Bing offers recommendations on what to search for next. 

Bing Chat's suggestions for what to search next

And, if you scroll down on the chat page, Microsoft will return you to its regular search page, with a link to the most recent question you asked the chat. 

Bing Chat showing your recent chats in the search

ChatGPT, on the other hand, feels more mechanical: it doesn’t offer follow-up recommendations, and the web browser you’re using ChatGPT with will have no memory of what you’ve been asking it. 

As a whole, Bing AI feels a lot more like a search tool that’ll summarize complex answers for you—giving you the sources if you want to dig deeper into any topic. All without having to search through multiple pages yourself. 

You get that same ease with ChatGPT, but it’s a much more isolated experience—it definitely feels like a chatbot, not a search tool. 

Bing is integrated into a web browser, which allows for more tailored outputs based on what you’re doing

Bing is integrated into a sidebar, called Discover, on the Microsoft Edge browser, and it includes a few features, called Chat, Composition, and Insights. 

The Discover sidebar in Microsoft Edge

Chat

You can chat with Bing Chat directly from the sidebar, without having to go to the Bing Chat webpage. The best part is that when you’re on a website full of information, it answers questions from that page contextually

Reading a complex article and want the key takeaways? Done. Need to understand a complex concept in simpler terms? Done. 

Bing Chat showing takeaways from the current web page you're on

This can be pretty helpful when you need an AI assistant while going through information-dense internet research. 

You can still do this with ChatGPT Plus—just feed it a link and ask it to summarize the information—but it’s not seamlessly integrated into the same page you’re on. 

ChatGPT summarizing an article based on a link

The difference just depends on how you like to search for information. But if you don’t mind doing your research in Microsoft Edge, Bing AI is hard to beat for a tailored AI experience.

Insights

Bing has an Insights tab that’ll give you even more information about the page you’re on. It surfaces things like a Q&A, key points, page topics, and related articles. 

The Bing Insights feature

Scroll all the way down, and you can also get a quick overview of analytics about the website you’re visiting (like domain name, hosting service, and even traffic rank). This is something that ChatGPT doesn’t have, as it’s primarily focused on text generation. 

Composition

With ChatGPT, you have to be extremely specific in your prompts; otherwise, the output will be pretty vague and most likely won’t tick all your boxes. 

ChatGPT offering a generic suggestion

Bing’s Composition feature steers you more toward getting the specific output you want, by giving you ready-made options. Inside the text box, you can write out your prompt, set the tone you’re after, select the format (blog post, email, etc.), and set the length. It feels more like an AI writing generator in that way.

Bing AI's composition feature

This is pretty handy if you’re not sure how to create prompts that will get you what you’re after, but you can just tell ChatGPT these same things in your prompt, and it’ll do a decent job. 

ChatGPT has more powerful integrations and plugins, transforming it into a highly efficient assistant

While Bing Chat is a powerful search tool and a more sophisticated web browser, ChatGPT offers a whole suite of plugins that let you combine AI with other apps to unlock more varied use cases. 

ChatGPT plugins

For example, with the Expedia plugin, I just tell ChatGPT about a trip I’m thinking of booking, and it’ll immediately surface the cheapest flights it can find via the travel site, along with the link, airport details, duration of flight, and most importantly, the pricing.  

Using the ChatGPT Expedia plugin

It’s so much easier than going through travel sites yourself, adjusting filters, and comparing sites side-by-side. (The hassle.)

Not only that, but the AI will also offer lodgings or other area-specific activities for you to explore. It’s a completely different ballgame compared to its web browser plugin, which refuses to offer any follow-up recommendations. 

ChatGPT offering more suggestions from the Expedia plugin

The best part is you can install a number of ChatGPT plugins to work in tandem. For example, you can ask the AI for a recipe recommendation, get an accurate count of calories (using the Wolfram plugin), and then ask it to create a shopping list (with the Instacart plugin). 

Using the Wolfram and Instacart plugins on ChatGPT

It’s practically like having a personal assistant—ideal for those who hate planning ahead for anything. (Ahem.)

Travel and food aside, you can also install the Zapier plugin to automate workflows directly inside the ChatGPT interface. Need the AI to write an email, then save it as a draft? It’ll do it within a matter of seconds. 

Zapier's ChatGPT plugin

ChatGPT also integrates with Zapier outside of the plugin, so you can connect it to thousands of other apps and access ChatGPT from the apps you use most. Here are some examples of tasks you can automate.

Create Notion tasks using ChatGPT conversations generated from new Slack reactions

Try it

  • Slack logo
  • ChatGPT logo
  • Notion logo

Slack, ChatGPT, Notion

Slack + ChatGPT + NotionMore details

Start a conversation with ChatGPT when a prompt is posted in a particular Slack channel

Try it

  • Slack logo
  • ChatGPT logo
  • Slack logo

Slack, ChatGPT

Slack + ChatGPTMore details

Zapier is the leader in no-code automation—integrating with 5,000+ apps from partners like Google, Salesforce, and Microsoft. Build secure, automated systems for your business-critical workflows across your organization’s technology stack. Learn more.

Bing AI can generate images using DALL·E, but ChatGPT is better at generating long-form content

One of the best—and most surprising—things about Bing is that it can generate images for you inside the chat function. That’s without you having to go through another AI image generator, so you can literally do everything—search, create copy, get images—all in the same interface. 

Bing Image Creator

Powered by OpenAI’s DALL·E, you can just ask it to create a pic, and it takes a matter of seconds to deliver. 

Imagine you’re a travel writer. This could be a workflow you follow: You ask Bing about popular spots in New York using the chat feature. Then you ask the composition feature to create a blog post about New York. After that, you can ask Bing to create a blog hero image. That’s not a super nuanced example, but you get the gist.

Bing Image Creator making a picture of New York in a cartoon style

In that regard, ChatGPT can’t really compare, as it’s purely text-based. 

But while we’re talking about strengths, ChatGPT is a lot better at providing longer-form content like articles or case studies. No matter how I tweaked the prompt, whenever I asked Bing to create a 1,000-word blog post, it repeatedly ignored those instructions and created a piece under 500 words. 

ChatGPT doesn’t have that problem. It’s a good listener. 

ChatGPT writing a long-form article

Bing Chat vs. ChatGPT: Which should you use?

Both ChatGPT and Bing can be handy writing tools and informative chatbots—but the better one depends on your actual use case. 

If you want a powerful research tool that’s integrated with a web browser (and which shines in terms of in-depth page insights, image generation, and citing reputable sources), Bing Chat is your best bet. 

If, however, you want to have an AI-powered personal assistant that can perform actions for you in different apps, there’s no contest: ChatGPT wins  because of its suite of plugins. 

The best way to know what works for you? Try them both out. 

Related reading:


Source :
https://zapier.com/blog/chatgpt-vs-bing-chat/

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

István Márton – May 22, 2023

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.

All Wordfence PremiumWordfence Care, and Wordfence Response customers, as well as those still using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting protection.

We contacted W3 Eden on April 25, 2023, and promptly received a response. After providing full disclosure details, the developer released a patch on May 1, 2023. We would like to commend the W3 Eden development team for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of Download Manager, version 3.2.71 at the time of this writing, as soon as possible.

Vulnerability Summary from Wordfence Intelligence

Description: Download Manager <= 3.2.70 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Plugin: Download Manager
Plugin Slug: download-manager
Affected Versions: <= 3.2.70
CVE ID: CVE-2023-2305
CVSS Score: 6.4 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Researcher/s: Lana Codes
Fully Patched Version: 3.2.71

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpdm_members’, ‘wpdm_login_form’, ‘wpdm_reg_form’ shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Technical Analysis

Download Manager is a plugin designed to allow WordPress users to manage, track and control file downloads. It provides a shortcode ([wpdm_members]) that lists the authors and the number of files they have added when added to a WordPress page. However, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. Examining the code reveals that the members method in the User class did not adequately sanitize the user-supplied ‘sid’ input, and then loads the members.php view file, where it also did not adequately escape ‘sid’ output. This makes it possible to inject attribute-based Cross-Site Scripting payloads via the ‘sid’ attribute.

1011classUser{
173174175176177178179180functionmembers($params= array()){    $sid= isset($params['sid']) ? $params['sid'] : '';    update_post_meta(get_the_ID(), '__wpdm_users_params'. $sid, $params);    ob_start();    includeTemplate::locate("members.php", __DIR__.'/views');    returnob_get_clean();}

The members method in the User class

101112<div class="w3eden"id="wpdm-authors<?php echo isset($params['sid'])?"-{$params['sid']}":""; ?>">    <?php $this->listAuthors($params); ?></div>

The members.php view file

There are two other shortcodes, a login form shortcode ([wpdm_login_form]) and a registration form shortcode ([wpdm_reg_form]), that add forms to a WordPress site. However, the insecure implementation of these two shortcode functions, similar to the previous example, also allows arbitrary web scripts to be inserted into these pages. Examining the code reveals that the functions of both forms do not adequately sanitize the user-supplied ‘logo’ input, and in the view files these ‘logo’ outputs are not adequately escaped.

1617classLogin{
8182838485868788functionform($params= array()){    global$current_user;    if(!isset($params) || !is_array($params)) $params= array();    if(isset($params) && is_array($params))        extract($params);

The form method in the Login class

6789101112<div class="w3eden">    <div id="wpdmlogin"<?php if(wpdm_query_var('action') == 'lostpassword') echo'class="lostpass"'; ?>>        <?php if(isset($params['logo']) && $params['logo'] != ''&& !is_user_logged_in()){ ?>            <div class="text-center wpdmlogin-logo">                <a href="<?php echo home_url('/'); ?>"><img alt="Logo"src="<?php echo $params['logo'];?>"/></a>            </div>        <?php } ?>

The login-form.php view file

1718classRegister{
87888990919293949596functionform($params= array()){    if(!get_option('users_can_register')) return\WPDM\__\Messages::warning(__("User registration is disabled", "download-manager"), -1);    if(!isset($params) || !is_array($params)) $params= array();        ...        if(!isset($params['logo'])) $params['logo'] = get_site_icon_url();

The form method in the Register class

345678910111213<div class="w3eden">    <div class='w3eden'id='wpdmreg'>        <?php        if(get_option('users_can_register')){            //LOGO            if(isset($params['logo']) && $params['logo'] != ''&& !isset($nologo)){ ?>            <div class="text-center wpdmlogin-logo">                <a href="<?php echo esc_url(home_url('/')); ?>"><img src="<?php echo $params['logo'];?>"/></a>            </div>            <?php } ?>

The reg-form.php view file

These make it possible for threat actors to carry out stored XSS attacks. Once a script is injected into a page or post, it will execute each time a user accesses the affected page. While this vulnerability does require that a trusted contributor account is compromised, or a user be able to register as a contributor, successful threat actors could steal sensitive information, manipulate site content, inject administrative users, edit files, or redirect users to malicious websites which are all severe consequences.

Disclosure Timeline

April 25, 2023 – Wordfence Threat Intelligence team discovers the stored XSS vulnerability in Download Manager and initiates responsible disclosure.
April 27, 2023 – We get in touch with the development team at W3 Eden and send full disclosure details.
May 1, 2023 – The fully patched version, 3.2.71, is released.
May 3, 2023 – The vendor notified Wordfence that they released the patch.
May 3, 2023 – Wordfence confirms the fix addresses the vulnerability.

Conclusion

In this blog post, we have detailed a stored XSS vulnerability within the Download Manager plugin affecting versions 3.2.70 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page. The vulnerability has been fully addressed in version 3.2.71 of the plugin.

We encourage WordPress users to verify that their sites are updated to the latest patched version of Download Manager.

All Wordfence users, including those running Wordfence PremiumWordfence Care, and Wordfence Response, as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.

If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

Did you enjoy this post? Share it!

Source :
https://www.wordfence.com/blog/2023/05/w3-eden-addresses-authenticated-stored-xss-vulnerability-in-download-manager-wordpress-plugin/

Top 20 Open Source Cyber Security Monitoring Tools in 2023

As cyber threats continue to evolve, security professionals require reliable tools to defend against security vulnerabilities, protect sensitive data, and maintain network security. Open source cyber security tools provide a cost-effective solution for individuals and organizations to combat these threats on-premises and with cloud security and mobile devices. Let’s consider the top 25 open-source cyber security monitoring tools in 2023 that help ensure continuous network and system performance monitoring.

Table of contents

What are the Top Cybersecurity Threats Today?

As cyber threats continue to evolve and become more sophisticated, organizations must stay informed and prepared to defend against a wide range of security risks.

Here are the top cybersecurity threats that businesses and individuals should be aware of today:

1. Phishing Attacks: Phishing attacks are a prevalent form of social engineering where cybercriminals use deceptive emails or websites to trick users into revealing sensitive information or installing malware. These attacks often target login credentials, financial information, and other personal data.

Altaro VM Backup

2. Ransomware: Ransomware is a type of malicious software that encrypts a victim’s files or locks their systems, demanding a ransom payment to restore access. Ransomware attacks can cause significant financial losses and operational disruptions for organizations.

3. Insider Threats: Insider threats refer to security risks posed by employees, contractors, or other individuals with authorized access to an organization’s systems and data. These threats can result from malicious intent or negligence, leading to data breaches or system compromises.

4. Supply Chain Attacks: Also known as third-party attacks or vendor risk, supply chain attacks target an organization’s suppliers, vendors, or partners to gain access to their systems and data. These attacks often exploit security vulnerabilities in the supply chain to compromise multiple organizations.

5. Distributed Denial of Service (DDoS) Attacks: DDoS attacks involve overwhelming a target’s network or system with a flood of traffic, rendering it inaccessible to legitimate users. DDoS attacks can cause severe downtime and service disruptions.

6. Advanced Persistent Threats (APTs): APTs are sophisticated, coordinated cyberattacks by well-funded threat actors or nation-state groups that target specific organizations for espionage, data theft, or sabotage. APTs often use advanced techniques and tactics to evade detection and maintain a long-term presence within a target’s network.

7. Zero-Day Exploits: Zero-day exploits are attacks that take advantage of previously unknown security vulnerabilities in software or systems. These vulnerabilities, also known as zero-day flaws, have no existing patches or fixes, making them particularly dangerous and challenging to defend against.

8. Internet of Things (IoT) Security: The increasing adoption of IoT devices and connected technologies has expanded the attack surface for cybercriminals. IoT devices are often vulnerable to cyber threats due to weak security measures, creating new risks for organizations and consumers.

9. Data Breaches: Data breaches occur when unauthorized individuals gain access to an organization’s sensitive data, such as customer information, financial records, or intellectual property. Data breaches can result in significant financial and reputational damage for organizations.

10. Cloud Security Threats: As more organizations migrate to cloud-based services, cloud security has become a critical concern. Threats in the cloud can arise from misconfigurations, weak authentication mechanisms, and vulnerabilities in cloud applications or infrastructure.

Benefits of Open-Source CyberSecurity tools

Open source cyber security monitoring tools offer numerous advantages over proprietary solutions, making them an attractive option for businesses, organizations, and individuals looking to enhance their security posture and perform effective security testing.

Here are some key benefits of using open-source tools for cyber security monitoring for monitoring services that pose security threats, even if you have another network monitoring system. Proper cybersecurity monitoring and access management are key to maintaining a secure environment.

Cost-Effectiveness

One of the most significant benefits of open-source cyber security tools is their cost-effectiveness. With no licensing fees or subscription costs, these free tools enable security teams to access powerful network monitoring solutions without breaking the bank.

This particularly benefits small businesses and startups with limited budgets, allowing them to allocate resources to other critical areas.

Customizability and Flexibility

Open-source network monitoring tools offer high customizability and flexibility, allowing security professionals to tailor the tools to their specific needs. This adaptability enables organizations to address unique security threats and vulnerabilities, ensuring a more robust security posture.

Additionally, the ability to integrate these tools with existing security infrastructure adds an extra layer of protection to network security.

Rapid Development and Updates

The open-source community is known for its rapid development and frequent updates. As new security threats and vulnerabilities emerge, open-source cyber security tools are often among the first to receive patches and updates.

This continuous monitoring and proactive response help organizations stay ahead of potential security risks and maintain a strong security posture.

Extensive Support and Collaboration

Open-source cyber security tools benefit from an extensive support network, comprising developers, users, and experts from around the world.

This collaborative environment fosters knowledge sharing, allowing security professionals to learn from one another and develop more effective security strategies.

Additionally, the availability of comprehensive documentation and online forums makes it easier for users to troubleshoot issues and enhance their understanding of network monitoring and security.

Improved Security and Transparency

With their source code openly available for inspection, open-source cyber security tools offer greater transparency than proprietary alternatives. This transparency allows security professionals and researchers to scrutinize the code for potential security vulnerabilities and ensure its integrity.

Moreover, the collaborative nature of the open-source community means that any identified issues are addressed quickly, further enhancing the overall security of these tools.

Platform Independence and Interoperability

Open-source network monitoring software often supports a wide range of operating systems, including Windows, macOS, and Linux, allowing organizations to deploy these tools across diverse environments.

This platform independence and interoperability help organizations ensure comprehensive network monitoring, regardless of the underlying infrastructure.

Top 25 Open Source Cyber Security Monitoring Tools in 2023

Note the following free cyber security monitoring tools in 2023 and the open-source list of solutions you can take advantage of and no free trial needed.

1. Wireshark: Network Protocol Analyzer

Wireshark is a widely-used network protocol analyzer that enables security teams to troubleshoot, analyze, and monitor network traffic in real-time to detect security issues. It is a defacto standard network monitoring tool.

command line interface data packets open source platform data breaches packet capture web apps network packets computer security experts solarwinds security event manager security scanning

By dissecting network protocols, Wireshark provides valuable insights into potential security risks and network vulnerabilities, allowing professionals to identify and resolve issues efficiently with the Wireshark network monitoring solution.

You can monitor a wide range of protocols, including TCP/IP, simple network management protocol, FTP, and many others. If you are looking for a network monitor this is it.

2. Snort: Network Intrusion Detection and Prevention System

Snort is a powerful open-source intrusion detection and prevention system (IDPS) that monitors network traffic and detects potential security threats.

It provides real-time traffic analysis, packet logging, and alerting capabilities, making it an essential tool for security auditing and network monitoring.

3. OSSEC: Host-Based Intrusion Detection System

OSSEC is a comprehensive host-based intrusion detection system (HIDS) that offers log analysis, file integrity checking, rootkit detection, and more.

It supports various operating systems, including Linux, Windows, and macOS, and helps security professionals monitor and analyze network protocols for potential security vulnerabilities.

4. Security Onion: Intrusion Detection and Network Security Monitoring Distribution

Security Onion is a Linux distribution specifically designed for intrusion detection, network security monitoring, and log management.

With a suite of powerful open-source tools, including Snort, Suricata, and Zeek, Security Onion provides a robust solution for security teams to monitor networks and detect security breaches.

5. Nmap: Network Scanning and Discovery Tool

Nmap is a versatile network scanning and discovery tool that helps security professionals identify network devices, open ports, and running services.

It is an essential network monitoring software for vulnerability management, penetration testing, and network inventory management.

6. Kismet: Wireless Network Detector, Sniffer, and Intrusion Detection System

Kismet is a wi fi security tool that detects, sniffs, and analyzes wireless networks. By monitoring wireless network traffic, Kismet identifies potential security risks, network vulnerabilities, and unauthorized users, making it an invaluable tool for wireless network security.

7. Suricata: High-Performance Network Intrusion Detection and Prevention Engine

Suricata is an open-source, high-performance network intrusion detection and prevention engine that provides real-time network traffic analysis, threat detection, and alerting.

Suricata enables security professionals to maintain network integrity and security by employing advanced threat defense and anomaly detection techniques.

8. Zeek (formerly Bro): Network Analysis Framework for Security Monitoring

Zeek, previously known as Bro, is a powerful network analysis framework that offers real-time insight into network traffic.

With its flexible scripting language and extensible plugin architecture, Zeek provides comprehensive visibility into network activity, enabling security teams to detect and prevent security threats.

9. OpenVAS: Vulnerability Scanning and Management Solution

OpenVAS is a comprehensive vulnerability scanning and management solution that helps security professionals identify, assess, and remediate security vulnerabilities.

With its extensive plugin library, OpenVAS ensures continuous monitoring and up-to-date vulnerability information, making it a critical tool for vulnerability management.

10. ClamAV: Open-Source Antivirus Engine

ClamAV is an open-source antivirus engine that detects trojans, viruses, and other malicious software.

It offers a command-line scanner, a graphical user interface (GUI) for Windows operating system, and integration with mail servers, ensuring that your systems are protected from security threats.

11. Fail2Ban: Log-Parsing Application to Protect Against Brute-Force Attacks

Fail2Ban is a log-parsing application that monitors log files for malicious activity, such as repeated failed login attempts. Fail2Ban bans the offending IP address when a potential attack is detected, effectively protecting your network from brute-force attacks and unauthorized access.

12. AlienVault OSSIM: Open-Source Security Information and Event Management Platform

AlienVault OSSIM is an open-source security information and event management (SIEM) platform that provides real-time event correlation, log analysis, and threat intelligence.

By integrating multiple security tools, OSSIM helps security teams maintain a unified user interface and enhance their overall security posture.

13. Cuckoo Sandbox: Automated Malware Analysis System

Cuckoo Sandbox is an open-source automated malware analysis system that enables security professionals to analyze suspicious files and URLs in a safe, isolated environment.

It provides detailed reports on malware behavior, including network traffic analysis, file system changes, and API traces, helping security teams identify and mitigate security risks.

14. Logstash: Log Processing and Management Tool

Logstash is part of the Elastic Stack (ELK Stack) and offers log processing and management capabilities.

It collects, parses, and stores log data from various sources, making it an essential tool for security professionals to monitor and analyze network activity, detect security breaches, and maintain system performance.

15. pfSense: Open-Source Firewall and Router Distribution

pfSense is an open-source firewall and router distribution based on FreeBSD. It offers a powerful and flexible network security, traffic shaping, and VPN connectivity solution.

With its extensive features and customization options, pfSense is ideal for securing web servers and internal networks.

16. ModSecurity: Open-Source Web Application Firewall

ModSecurity is an open-source web application firewall (WAF) providing real-time security monitoring and access control. It detects and prevents web attacks, protects sensitive data, and helps security professionals maintain compliance with industry standards and regulations.

17. AIDE (Advanced Intrusion Detection Environment): File and Directory Integrity Checker

AIDE is a file and directory integrity checker that monitors system files for unauthorized changes. It detects modifications, deletions, and additions, allowing security teams to maintain system integrity and prevent security breaches.

18. Graylog: Open-Source Log Management Platform

Graylog is an open-source log management platform that centralizes and analyzes log data from various sources.

Graylog helps security professionals detect security threats, identify network vulnerabilities, and maintain network security by providing comprehensive visibility into network activity.

19. Wazuh: Security Monitoring and Compliance Solution

Wazuh is a free, open-source security monitoring and compliance solution that integrates host-based and network-based intrusion detection systems, file integrity monitoring and security policy enforcement.

Wazuh’s centralized management and powerful analytics capabilities make it an essential tool for security teams to detect and respond to security threats.

20. T-Pot: Honeypot Platform

T-Pot is a platform combining multiple honeypots into a single, easy-to-deploy solution for cyber security monitoring. By simulating vulnerable systems and services, T-Pot attracts attackers and collects threat data, providing valuable insights into current attack trends and techniques.

Honorable mentions

Samhain: Host-Based Intrusion Detection System

Samhain is a host-based intrusion detection system (HIDS) that provides file integrity checking and log file monitoring. It detects unauthorized modifications, deletions, and additions, helping security professionals maintain system integrity and prevent security breaches.

SELKS: Network Security Management ISO with Suricata

SELKS is a live and installable network security management ISO based on Debian, focusing on a complete and ready-to-use Suricata IDS/IPS ecosystem. It offers a user-friendly interface and powerful analytics tools, making it an ideal choice for security teams to monitor networks and detect potential security threats.

Squid: Open-Source Web Proxy Cache and Forward Proxy

Squid is an open-source web proxy cache and forward proxy that improves web performance and security. By caching frequently-requested web content and filtering web traffic, Squid helps reduce bandwidth usage, enhance user privacy, and protect against web-based security threats.

YARA: Pattern-Matching Tool for Malware Researchers

YARA is a pattern-matching tool designed for malware researchers to identify and classify malware samples. By creating custom rules and signatures, YARA enables security professionals to detect and analyze malicious software, enhancing their understanding of current malware trends and techniques.

Arkime (formerly Moloch): Large-Scale, Open-Source, Indexed Packet Capture and Search System

Arkime is a large-scale, open-source, indexed packet capture and search system that provides comprehensive visibility into network traffic. It enables security professionals to analyze network protocols, detect security vulnerabilities, and identify potential security threats, making it an essential tool for network monitoring and security auditing.

Tips to Improve Your Cybersecurity Posture

Improving your cybersecurity posture is essential for safeguarding your organization from various cyber threats. Here are some practical tips to help enhance your cybersecurity defenses:

  1. Implement Regular Security Audits: Conducting routine security audits can help identify potential weaknesses in your organization’s cybersecurity infrastructure.
  2. This includes checking for outdated software, misconfigured settings, and other vulnerabilities that may expose your systems to attacks.
  3. Keep Software and Systems Updated: Regularly update your software, operating systems, and firmware to protect against known vulnerabilities and exploits.
  4. This includes applying security patches and updates as soon as they become available.
  5. Use Strong Authentication Mechanisms: Implement multi-factor authentication (MFA) for all critical systems and applications.
  6. MFA adds an extra layer of security by requiring users to provide additional verification, such as a one-time code or biometric authentication, in addition to their password.
  7. Encrypt Sensitive Data: Encrypt sensitive data both in transit and at rest to prevent unauthorized access. This includes using secure communication protocols, such as HTTPS and TLS, and implementing encryption solutions for data storage.
  8. Establish a Strong Password Policy: Enforce a robust password policy that requires users to create complex, unique passwords and update them regularly. Additionally, consider using a password manager to help users manage and store their passwords securely.
  9. Educate Employees on Cybersecurity Best Practices: Provide ongoing security awareness training to educate employees about common cyber threats, safe online practices, and how to recognize and report potential security incidents.
  10. Implement Network Segmentation: Divide your network into smaller segments, isolating critical systems and data from less secure areas. This can help prevent the spread of malware and limit the damage in case of a security breach.
  11. Regularly Backup Important Data: Regularly back up essential data and store copies offsite or in the cloud. This ensures that you can quickly recover from data loss or ransomware attacks.
  12. Utilize Endpoint Security Solutions: Deploy comprehensive endpoint security solutions to protect devices connected to your network.
  13. This includes antivirus software, firewalls, intrusion detection and prevention systems, and device management tools.
  14. Monitor and Analyze Network Traffic: Use network monitoring tools to analyze network traffic, detect anomalies, and identify potential security threats. Regular monitoring can help detect and respond to security incidents more effectively.
  15. Develop a Cybersecurity Incident Response Plan: Create a detailed incident response plan outlining the steps to take in a security breach. Regularly review and update the plan, and ensure that all employees are familiar with the procedures.
  16. Collaborate with Security Professionals: Engage with cybersecurity experts or managed service providers to help develop and maintain a strong security posture.
  17. This can provide access to specialized knowledge and resources to stay up-to-date with the latest threats and best practices.

Frequently Asked Questions (FAQs)

1. What are the best open-source cyber security monitoring tools available in 2023?

This blog post covers the top 25 open-source cyber security monitoring tools in 2023, including Wireshark, Snort, OSSEC, Security Onion, Nmap, Kismet, Suricata, Zeek, OpenVAS, ClamAV, and more.

These tools provide comprehensive network monitoring, threat detection, and vulnerability management capabilities to help organizations maintain a robust security posture.

2. Why choose open-source cyber security monitoring tools over proprietary alternatives?

Open-source cyber security monitoring tools offer several advantages: cost-effectiveness, customizability, rapid development and updates, extensive support, improved security, and platform independence.

These benefits make open-source tools attractive for organizations looking to enhance their network security and protect sensitive data.

3. How can I improve my organization’s cybersecurity hygiene?

In addition to utilizing open-source cyber security monitoring tools, organizations can improve their cybersecurity hygiene by implementing security awareness training, regularly updating software and systems, employing strong password policies, using multi-factor authentication, monitoring network traffic, and conducting regular security audits and penetration testing.

4. What is the importance of continuous monitoring in cybersecurity?

Continuous monitoring plays a crucial role in identifying and addressing security threats and vulnerabilities in real-time.

By regularly analyzing network traffic, security professionals can detect potential issues, respond to incidents promptly, and ensure the safety and integrity of their digital assets.

5. How can I protect my web applications from security threats?

Web application security can be improved by using tools such as ModSecurity, an open-source web application firewall (WAF) that provides real-time application security monitoring and access control.

Regularly updating web applications, conducting vulnerability assessments, and implementing secure coding practices can also help mitigate security risks.

6. What role do threat intelligence and threat data play in cybersecurity?

Threat intelligence and threat data help security professionals understand the latest trends, tactics, and techniques cybercriminals use.

Organizations can proactively address potential issues and maintain a strong security posture by staying informed about emerging threats and vulnerabilities.

7. Are open-source cyber security monitoring tools suitable for small businesses and startups?

Yes, open-source cyber security monitoring tools are ideal for small businesses and startups, as they offer cost-effective and powerful network monitoring solutions.

These tools enable organizations with limited budgets to access advanced security features without incurring high licensing fees or subscription costs.

Wrapping up

The ever-evolving landscape of cyber threats demands reliable and effective tools for security professionals to protect networks, systems, and sensitive data.

These Top 20 open-source cyber security monitoring tools in 2023 provide a comprehensive network monitoring, threat detection, and vulnerability management solution.

By incorporating these tools into your security strategy, you can enhance your overall security posture and ensure the safety and integrity of your digital assets.

Source :
https://www.virtualizationhowto.com/2023/05/top-20-open-source-cyber-security-monitoring-tools-in-2023/

Huge List Of PowerShell Commands for Active Directory, Office 365 and more

This is the ultimate collection of PowerShell commands for Active Directory, Office 365, Windows Server and more.

These commands will help with numerous tasks and make your life easier.

Table of Contents:

This section contains general commands for getting domain details.

View all Active Directory commands

get-command -Module ActiveDirectory

Display Basic Domain Information

Get-ADDomain

Get all Domain Controllers by Hostname and Operating

Get-ADDomainController -filter * | select hostname, operatingsystem

Get all Fine Grained Password Policies

Get-ADFineGrainedPasswordPolicy -filter *

Get Domain Default Password Policy

Gets the password policy from the logged in domain

Get-ADDefaultDomainPasswordPolicy

Backup Active Directory System State Remotely

This will back up the domain controllers system state data. Change DC-Name to your server name and change the Backup-Path. The backup path can be a local disk or a UNC path

invoke-command -ComputerName DC-Name -scriptblock {wbadmin start systemstateback up -backupTarget:"Backup-Path" -quiet}

Related: Windows CMD Commands

This section is all Active Directory user commands.

Get User and List All Properties (attributes)

Change username to the samAccountName of the account

Get-ADUser username -Properties *

Get User and List Specific Properties

Just add whatever you want to display after select

Get-ADUser username -Properties * | Select name, department, title

Get All Active Directory Users in Domain

Get-ADUser -Filter *

Get All Users From a Specific  OU

OU = the distinguished path of the OU

Get-ADUser -SearchBase “OU=ADPRO Users,dc=ad,dc=activedirectorypro.com” -Filter *

Get AD Users by Name

This command will find all users that have the word robert in the name. Just change robert to the word you want to search for.

get-Aduser -Filter {name -like "*robert*"}

Get All Disable User Accounts

Search-ADAccount -AccountDisabled | select name

Disable User Account

Disable-ADAccount -Identity rallen

Enable User Account

Enable-ADAccount -Identity rallen

Get All Accounts with Password Set to Never Expire

get-aduser -filter * -properties Name, PasswordNeverExpires | where {$_.passwordNeverExpires -eq "true" } | Select-Object DistinguishedName,Name,Enabled

Find All Locked User Accounts

Search-ADAccount -LockedOut

Unlock User Account

Unlock-ADAccount –Identity john.smith

List all Disabled User Accounts

Search-ADAccount -AccountDisabled

Force Password Change at Next Login

Set-ADUser -Identity username -ChangePasswordAtLogon $true

Move a Single User to a New OU

You will need the distinguishedName of the user and the target OU

Move-ADObject -Identity "CN=Test User (0001),OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" -TargetPath "OU=HR,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com"

Move Users to an OU from a CSV

Setup a csv with a name field and a list of the users sAmAccountNames. Then just change the target OU path.

# Specify target OU. $TargetOU = "OU=HR,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" # Read user sAMAccountNames from csv file (field labeled "Name"). Import-Csv -Path Users.csv | ForEach-Object { # Retrieve DN of User. $UserDN = (Get-ADUser -Identity $_.Name).distinguishedName # Move user to target OU. Move-ADObject -Identity $UserDN -TargetPath $TargetOU }

This section list commands used for getting Active Directory group information.

Get All members Of A Security Group

Get-ADGroupMember -identity “HR Full”

Get All Security Groups

This will list all security groups in a domain

Get-ADGroup -filter *

Add User to Group

Change group-name to the AD group you want to add users to

Add-ADGroupMember -Identity group-name -Members Sser1, user2

Export Users From a Group

This will export group members to a CSV, change group-name to the group you want to export.

Get-ADGroupMember -identity “Group-name” | select name | Export-csv -path C:\OutputGroupmembers.csv -NoTypeInformation

Get Group by keyword

Find a group by keyword. Helpful if you are not sure of the name, change group-name.

get-adgroup -filter * | Where-Object {$_.name -like "*group-name*"}

Import a List of Users to a Group

$members = Import-CSV c:itadd-to-group.csv | Select-Object -ExpandProperty samaccountname Add-ADGroupMember -Identity hr-n-drive-rw -Members $members

List of commands for getting Active Directory computers.

Get All Computers

This will list all computers in the domain

Get-AdComputer -filter *

Get All Computers by Name

This will list all the computers in the domain and only display the hostname

Get-ADComputer -filter * | select name

Get All Computers from an OU

Get-ADComputer -SearchBase "OU=DN" -Filter *

Get a Count of All Computers in Domain

Get-ADComputer -filter * | measure

Get all Windows 10 Computers

Change Windows 10 to any OS you want to search for

Get-ADComputer -filter {OperatingSystem -Like '*Windows 10*'} -property * | select name, operatingsystem

Get a Count of All computers by Operating System

This will provide a count of all computers and group them by the operating system. A great command to give you a quick inventory of computers in AD.

Get-ADComputer -Filter "name -like '*'" -Properties operatingSystem | group -Property operatingSystem | Select Name,Count

Delete a single Computer

Remove-ADComputer -Identity "USER04-SRV4"

Delete a List of Computer Accounts

Add the hostnames to a text file and run the command below.

Get-Content -Path C:ComputerList.txt | Remove-ADComputer

Delete Computers From an OU

Get-ADComputer -SearchBase "OU=DN" -Filter * | Remote-ADComputer

List of commands for getting group policy details.

Get all GPO related commands

get-command -Module grouppolicy

Get all GPOs by status

get-GPO -all | select DisplayName, gpostatus

Backup all GPOs in the Domain

Backup-Gpo -All -Path E:GPObackup

Office 365 PowerShell Commands

Commands for Office 365.

Connect To Exchange Online

This will pop up and ask for credentials

$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

Force Azure Sync

This is for the azure ad sync client.

Force delta sync (only sync changes

Start-ADSyncSyncCycle -PolicyType Delta Force a full sync Start-ADSyncSyncCycle -PolicyType Initial

Get A List of All Office 365 Users

Get-MsolUser | Select DisplayName, City, Department, ObjectID

Get Full mailbox details

Get-Mailbox email-address | fl

Get Calendar Permissions

Get-MailboxFolderPermission username:calendar

Enable Remote Mailbox (Hybrid Environment)

Use this command if you have an existing on-premise user that needs an office 365 mailbox. There are other ways to do this but this creates all the attributes in the AD account.

Replace the username and the tenant fields

Enable-RemoteMailbox username -RemoteRoutingAddress "username@tenant.mail.onmicrosoft.com"

Windows Server & Client Commands

Get all Services

get-service

Get all Processes

get-process

Display Network Adapters

Gets detailed about the network adapter installed such as name,  status, speed and mac address.

get-netadapater

Restart Remote Computers

Restart-Computer -ComputerName "Server01", "Server02", "localhost"

Get Last Boot Time

This takes a few lines

$os = Get-WmiObject win32_operatingsystem $uptime = (Get-Date) - $os.ConvertToDateTime($os.LastBootUpTime) Write-Output ("Last boot: " + $os.ConvertToDateTime($os.LastBootUpTime))

You can also run this single line to get last boot time

systeminfo | more

Start a Remote Session

Use this to start an interactive session with a remote computer

Enter-PSSession -ComputerName

Read the Content of a File (Open a file)

This example shows how to read the content of the windows firewall log file

Get-Content -Path "c:windowssystem32logfilesfirewallpfirewall.log"

Copy Files & Folders

Use this command to copy an entire folder to another folder. This will copy the folder and all the sub folder/files. The -verbose command will display the results to the console.

copy-item E:\WindowsImageBackup\exchange -destination \\server1\Backups\Exchange -recurse -verbose

Basic PowerShell Commands

Get Execution Policy

get-executionpolicy

Set Execution Policy to Unrestricted

set-executionpolicy unrestricted

Show PowerShell Version

$PSVersionTable

Get help for a command

Use this to get the help information for a command

get-help command-name

Search Get Help

Use this to search the help files. This is useful if you don’t know the command or want to see if one exists.

get-help *keyword*

Get Installed Modules

Use this command to display all the installed modules on a computer

get-installedmodule

List All Available Modules

This will list all available modules on the computer.

Get-Module -ListAvailable

Exporting results to CSV

Add export-csv to the end of commands

Get-ADUser username -Properties * | Select name, department, title | export-csv c:\user.csv

Display available commands

This will display all commands that are available based on the modules that are loaded.

get-command

Find New Modules

Replace *ntfs* with the keyword you want to search for. This searches modules at https://www.powershellgallery.com/

Find-Module *ntfs*

Install a New Module

Installs modules from https://www.powershellgallery.com/

I found a module called NTFSSecurity, to install it I run this command

install-module NTFSSecurity

Recommended Tool: SolarWinds Hybrid Systems Monitor

Monitor your physical and virtual servers with ease and troubleshoot more easily when downtime or other application performance issues occur.

What I like best about this tool is it’s easy-to-use dashboard and built-in alerting. See key metrics to help identify issues before users complain.

Monitor Active Directory, DNS, DHCP, and other critical IT systems, both locally and cloud hosted. Get automated email alerts and know which applications are having issues in your environment.

Source :
https://activedirectorypro.com/powershell-commands/

11 WordPress Email Deliverability Best Practices

Last updated on Mar 28, 2023 by David Abraham

Are you aware of the WordPress email deliverability best practices?

If you send any emails from a WordPress site, this is a really important topic. Email deliverability is affected by a variety of factors so this may seem tricky at first.

But the good news is, many of these factors are controllable. Following a few best practices can go a long way in helping you maintain high deliverability rates at all times.

We’ll be covering the top tips for improving WordPress email deliverability in this article. Let’s dive in!

How Do I Stop My Emails From Going to Spam in WordPress?

In WordPress, emails are usually delivered using the default PHP mailer. The problem is the PHP mailer function lacks authenticating elements in an email, which frequently leads to your emails being marked spam or blocked altogether.

The best way to stop your emails from ending up in spam is to use a Simple Mail Transfer Protocol (SMTP) plugin like WP Mail SMTP.  

SMTP plugins help provide crucial authentication details for domains linked to a WordPress site and are an excellent way to bypass most email deliverability challenges. 

In the next section, we’ll dive deeper to discover how SMTP helps and what some of the top email deliverability tactics are.

WordPress Email Deliverability Best Practices

In This Article

1. Use WP Mail SMTP

WP Mail SMTP

WP Mail SMTP is the best tool for fixing WordPress email deliverability challenges. 

Authentication is the biggest issue with WordPress emails. As we’ve mentioned, the default WordPress PHPMailer just isn’t effective at this.

What this means is that when you send emails from a domain on a WordPress site, mailbox providers have no way of telling if the emails are really coming from your domain. This is a problem because spammers and hackers have developed ways to impersonate legitimate domains.

But with WP Mail SMTP, you can connect your WordPress site to popular SMTP mailer services like Postmark, Sendinblue, SendLayer, and more. These mailer services add proper authentication details to your emails, so that the recipient’s email server can easily verify your legitimacy as the sender.

SMTP mailers also use DNS records like DMARC, SPF, and DKIM to further increase your legitimacy and offer protection from email spoofers.

In addition to being an excellent solution for improving your email deliverability, WP SMTP also offers useful tools such as email tracking and email logs that allow you to monitor your emails right from your WordPress dashboard.

If you’re looking for different SMTP plugins, check out our list of WP Mail SMTP alternatives.

2. Track Your Sender Reputation

Sender reputation is a crucial metric that mailers use in determining the trustworthiness of a domain. A bad sender reputation will typically mean your emails will get blocked or go to spam.

The good news is that you can track the sender reputation for your domain and take the necessary steps to protect it. Here’s how to check:

Grab your IP address and head over to the Talos Intelligence Reputation Lookup site. On the homepage, pop in your email domain’s IP address. If you’re not sure what this is, you may ask your hosting service.

talos intelligence reputation center

The tool will then generate a sender reputation report with a few different metrics, including your email reputation.

If your score is too low, you’ll know that you’ll likely have some email deliverability issues due to the poor sender reputation of your domain.

One thing you can do to fix this right away is to use a different domain for sending your emails.

But if your email reputation is good, then you’re unlikely to face any deliverability problems.

3. Ensure Your IP Address Isn’t on a Blocklist

Your IP address can end up on a blocklist for a number of reasons. One of them is simply using shared hosting.

You can check if your IP address is on a blocklist and then reach out to the service that has blocklisted your IP address and ask to have it removed. MxToolbox is an excellent tool for checking if you’ve been blocklisted and by whom.

mxtoolbox home

Once they’re sure that your website doesn’t pose any security threats, your IP address may be removed from the list.

4. Track Email Statistics

Tracking your email statistics is super important because it allows you to measure how well your emails are being received by your users.

If your emails are bouncing or aren’t getting opened at all, these could be pointers to an underlying problem that you’ll want to fix immediately.

Remember, things like low engagement rates, bounced emails, and users unsubscribing from your email lists can lead to a poor sender reputation.

Fortunately, it’s easy to track your email stats using WP Mail SMTP, which you should already be using to provide authentication for your domain. WP Mail SMTP provides tracking data on emails you’ve sent right within the WordPress dashboard.

Open and click rates for WordPress emails

The data you’ll garner this way will help you modify your email campaigns to improve engagement, which is a key factor influencing domain reputation.

In addition to WP Mail SMTP, here are some more email-tracking WordPress plugins that may be helpful.

5. Consider Using Subdomains for Different Types of Emails

In general, you’ll either be sending out transactional emails—things like receipts or thank you emails, or marketing emails.

It’s a good practice to create separate subdomains for these purposes. That’s because mailing servers treat subdomains as entirely separate domains, so the reputation of one doesn’t affect that of the other.

Using a subdomain prevents unsubscribes and spam reports from your marketing campaigns from affecting the deliverability of transactional emails sent from your too domain, which often contain crucial information.

Most mailers allow you to create subdomains. However, SendLayer stands out because it automatically creates a subdomain when you sign up, in order to help protect your root domain. So you won’t have to perform any extra steps to get a subdomain with SendLayer.

SendLayer

If you’re a beginner and would like a little more info, here’s a comprehensive guide to get started with email subdomains.

6. Only Send Emails to Users Who’ve Opted In

This point is really important. Sending emails to users who haven’t opted-in to receive those emails is a violation of the law in certain regions. 

And more importantly, when it comes to email deliverability, unsolicited emails tend to have a really high unsubscribe rate, which can get your domain blocklisted rapidly. Fortunately, this is straightforward when you use these WordPress Newsletter plugins

mailchimp signup form

Make sure that your emails are sending successfully when a user is registering on your site. See our guide on how to fix user registration emails for more info.

7. Practice Email Segmentation

We’ve just talked about only sending marketing emails to users who’ve specifically opted in to receive them.

Another thing you can do to keep the highest levels of user engagement is to send users marketing emails only about topics they’ve indicated an interest in. This is email segmentation.

By sending users emails that are more focused on their needs, you’ll likely have much better engagement and much lower unsubscribes.

8. Don’t Use a Shared Server

Shared hosting plans—where you share a server with other users are quite common, but they aren’t always a good idea. One reason for this is the fact that shared hosting plans are frequently used for spam. 

When too much spam comes from one source, that IP address usually gets blocked. To prevent this, most hosting services actually block SMTP on your email server. 

If you can afford it, using a virtual server is a much better setup for email deliverability and will help to cut out most email deliverability issues straightaway. 

Illustration showing shared server hosting and cloud hosting ser

But if you already have your site hosted on a shared server, here’s what to do when your hosting service blocks SMTP

9. Practice IP Warming

The quickest way to ruin your sending reputation is to send out loads of emails that then result in lots of people unsubscribing or reporting your emails as spam.

A better approach is a tactic called IP warming. Essentially, IP warming is where you gradually scale up the number and frequency of emails you send from a particular domain over an initial period.

This could be anywhere from a couple of weeks to a couple of months. IP warming is a particularly good idea for newer domains.

And there you have it! Use these WordPress email deliverability best practices and your emails will never end up in spam again.

10. Get Users to Whitelist Your Domain’s IP Address

In addition to getting your subscribers to opt into your email lists explicitly, one additional step you can take is asking them to whitelist the IP address of your sending domain.

Whitelist

Whitelisting is basically setting up your mailboxes’ spam filters to allow emails from specific domains. This is a straightforward process that can usually be done within a user’s mailbox settings.

11. Don’t Send Emails From a Fake Address

One common email delivery mistake is sending emails from a fake address, different from your real email domain.

You can typically set your emails up to display any from address you want, but if this is different from your real root email domain, you’re very quickly going to find the root domain blocklisted. The best practice is to use your legitimate email domain or any subdomains related to it.

And that is it for our guide to the top email deliverability best practices! Now you can get out there and apply these tips to watch your email deliverability soar!

Next, Check Out The Best WordPress Email Plugins

We’ve just shared our list of the top email deliverability tactics for WordPress sites. Next, you might be interested in learning what some of the top tools for WordPress email are.

Fix Your WordPress Emails Now

Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes a full White Glove Setup and offers a 14-day money-back guarantee.

If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.

Source :
https://wpmailsmtp.com/wordpress-email-deliverability-best-practices/