Jboss Exploits

There is a JBoss exploit out in the wild.  See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0738 and https://access.redhat.com/kb/docs/DOC-30741 for details.

WordPress mass update script 3.04 – Urgent

From the guys at wordpress We’ve fixed a pretty critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible. I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for.… Continue reading WordPress mass update script 3.04 – Urgent

Proftpd exploitable versions

Due the severity of the proftp bug, and the mixed systems and versions in the VPSs, we many customers have switched to use vsftp, others just started using sftp, regardless that we have the following notes for customers willing to enable proftpd again: The bug affects versions >= 1.3.2rc3, for more information: http://bugs.proftpd.org/show_bug.cgi?id=3521 Here is… Continue reading Proftpd exploitable versions

Disabling exploitable proftpds

A stack overflow bug has been identified in ProFTPd.  This bug allows users to gain remote access (usually root) to an attacker.  This bug requires immediate attention and potentially a restore to the last backup image of your server. Information on the bug can be found here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4221 We have been handling the issue per… Continue reading Disabling exploitable proftpds

Exploited VPS? phpmyadmin?

Currently we are being inundated with scans and exploits looking for new machines to take over, most of these are using insecure phpmyadmin installs. If you are unsure if your box has been hacked then the things to look for are similar to this…

Old versions of PHPMyAdmin and Automated Scanning

It has come to our attention that we have had a decent number of  alerts about machines scanning on our networks in the last day. All of them have been running hacks from /tmp named things like /tmp/dd_ssh etc. These files are owned and run by the apache user, and on further investigation all put… Continue reading Old versions of PHPMyAdmin and Automated Scanning

Is your WordPress install exploitable?

WordPress is a great application.  e.g. we are using it here for this brand new blog. The irony is that the first post on this blog is a security alert on a WordPress exploit. There is a good summary of the issue at http://it.slashdot.org/story/09/08/12/1353211/WordPress-Exploit-Allows-Admin-Password-Reset Are you running WordPress?  We do not install it on accounts… Continue reading Is your WordPress install exploitable?