-
Jboss Exploits
There is a JBoss exploit out in the wild. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0738 and https://access.redhat.com/kb/docs/DOC-30741 for details.
-
WordPress mass update script 3.04 – Urgent
From the guys at wordpress We’ve fixed a pretty critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible. I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for.…
-
Proftpd exploitable versions
Due the severity of the proftp bug, and the mixed systems and versions in the VPSs, we many customers have switched to use vsftp, others just started using sftp, regardless that we have the following notes for customers willing to enable proftpd again: The bug affects versions >= 1.3.2rc3, for more information: http://bugs.proftpd.org/show_bug.cgi?id=3521 Here is…
-
Disabling exploitable proftpds
A stack overflow bug has been identified in ProFTPd. This bug allows users to gain remote access (usually root) to an attacker. This bug requires immediate attention and potentially a restore to the last backup image of your server. Information on the bug can be found here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4221 We have been handling the issue per…
-
Exploited VPS? phpmyadmin?
Currently we are being inundated with scans and exploits looking for new machines to take over, most of these are using insecure phpmyadmin installs. If you are unsure if your box has been hacked then the things to look for are similar to this…
-
Old versions of PHPMyAdmin and Automated Scanning
It has come to our attention that we have had a decent number of alerts about machines scanning on our networks in the last day. All of them have been running hacks from /tmp named things like /tmp/dd_ssh etc. These files are owned and run by the apache user, and on further investigation all put…
-
Has your VPS been hacked?
If you use any pre-packaged software, it always pays to sign up to their mailing list or security advisory list. This means if any exploits or updates happen, you are on the ball and up to date. Today we had an email from a customer whos front page had been replaced. I noticed it was…
-
Is your WordPress install exploitable?
WordPress is a great application. e.g. we are using it here for this brand new blog. The irony is that the first post on this blog is a security alert on a WordPress exploit. There is a good summary of the issue at http://it.slashdot.org/story/09/08/12/1353211/WordPress-Exploit-Allows-Admin-Password-Reset Are you running WordPress? We do not install it on accounts…