From the guys at wordpress We've fixed a pretty critical vulnerability in WordPress' core HTML sanitation library, and because this library is used lots of places it's important that everyone update as soon as possible. I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for.… Continue reading WordPress mass update script 3.04 – Urgent
Due the severity of the proftp bug, and the mixed systems and versions in the VPSs, we many customers have switched to use vsftp, others just started using sftp, regardless that we have the following notes for customers willing to enable proftpd again: The bug affects versions >= 1.3.2rc3, for more information: http://bugs.proftpd.org/show_bug.cgi?id=3521 Here is… Continue reading Proftpd exploitable versions
A stack overflow bug has been identified in ProFTPd. This bug allows users to gain remote access (usually root) to an attacker. This bug requires immediate attention and potentially a restore to the last backup image of your server. Information on the bug can be found here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4221 We have been handling the issue per… Continue reading Disabling exploitable proftpds
Currently we are being inundated with scans and exploits looking for new machines to take over, most of these are using insecure phpmyadmin installs. If you are unsure if your box has been hacked then the things to look for are similar to this...
It has come to our attention that we have had a decent number of alerts about machines scanning on our networks in the last day. All of them have been running hacks from /tmp named things like /tmp/dd_ssh etc. These files are owned and run by the apache user, and on further investigation all put… Continue reading Old versions of PHPMyAdmin and Automated Scanning
If you use any pre-packaged software, it always pays to sign up to their mailing list or security advisory list. This means if any exploits or updates happen, you are on the ball and up to date. Today we had an email from a customer whos front page had been replaced. I noticed it was… Continue reading Has your VPS been hacked?
WordPress is a great application. e.g. we are using it here for this brand new blog. The irony is that the first post on this blog is a security alert on a WordPress exploit. There is a good summary of the issue at http://it.slashdot.org/story/09/08/12/1353211/WordPress-Exploit-Allows-Admin-Password-Reset Are you running WordPress? We do not install it on accounts… Continue reading Is your WordPress install exploitable?