MDDHosting Forums: It is EXTREMELY IMPORTANT that you keep all of your scripts UP TO DATE! - MDDHosting Forums
Help
Page 1 of 1
It is EXTREMELY IMPORTANT that you keep all of your scripts UP TO DATE! Remove any you do not use, including plugins, and themes!
#1
MikeDVB 
- Forum Administrator
-
- Group: Staff Administrator
- Posts: 1,545
- Joined: 27-September 08
- Gender:Male
- Location:Central Indiana, USA
Posted 19 December 2011 - 02:54 PM
Hello,
--------
Updated Abridged Version:
--------
Many hosting customers do not realize the issues caused by running outdated scripts and insecure plugins, as most do not deal with compromised accounts on a regular basis. It's a misconception that the server has to be insecure for an account to be compromised. Any account running an outdated script, plugin, or theme can easily be exploited and then used for purposes not intended by the webmaster such as sending SPAM or outbound DoS attacks.
When a script is updated, it is not only done to release new features. There are often SQL injections and other issues that give attackers the opportunity to gain access to your script, your account, and your file system that are patched with new releases and updates. When an attacker uses one of these exploits - more often than not - they are not doing it just to destroy your site. An attacker will usually leave your site alone as not to attract attention, and then will upload malicious files such as a spam script or dos script.
Recently we have had a large number of accounts that have been compromised due to outdated or unused scripts, and the attackers are uploading attack scripts to the servers. As our servers have ultra-high-speed connections (1,000 megabit) this makes them a perfect tool for taking others offline - and means that our entire network and all of our customers suffer when an attacker uses one of our servers to perform outbound attacks.
You may think that it's not going to happen to you or that it's a rare occurrence, and I assure you that it's not. We have suspended no less than 10 accounts over the last 24 hours due to outbound attacks and compromised scripts. We do perform a full server security audit every time we investigate one of these cases to ensure the issue isn't something on our end, and those investigations have all come back clean.
Please check your account(s) and make sure that all of your scripts, plugins, and themes that you are using are UP TO DATE and that you've removed any that you are not actively making use of. Just because a plugin is "disabled" or a theme is not in use does not mean that it cannot be used against you by an attacker. Any accounts found to be sending outbound SPAM or DoS attacks can potentially be permanently suspended. If you've ever installed a script "just to test" or to mess around with it, it is VERY important that you remove that script or make sure that it's fully up to date.
We are taking this issue very seriously as it's been causing network outages to individual servers periodically as an attack crops up and we have to identify the source and disable the account. This is bad for the customer whose script is exploited, bad for others on the same servers we may have to temporarily disable the network while we find the culprit, and bad for our entire network as the traffic and packet flows can cause slowness and packet loss.
In the event that your account is compromised due to outdated software, you may want to look at the services offered by Sucuri Security.
If you have any questions at all about this, please let us know.
--------
Updated Abridged Version:
- Keep all of your scripts up-to-date at all times without exception. Examples of scripts: WordPress, Joomla, Magento, Drupal, etc...
- If you are not using a script, uninstall it. A script you are not actively using is likely to become severely outdated and, as such, become a severe secrity risk to your entire account.
- If you are running any plugins/hacks/modifications - keep them up to date. It's a common misconception that due to a plugin being "inactive" or "disabled" it cannot be used against you - and this is incorrect. If you are not going to use it, remove it or make sure you keep it up to date at least.
--------
Many hosting customers do not realize the issues caused by running outdated scripts and insecure plugins, as most do not deal with compromised accounts on a regular basis. It's a misconception that the server has to be insecure for an account to be compromised. Any account running an outdated script, plugin, or theme can easily be exploited and then used for purposes not intended by the webmaster such as sending SPAM or outbound DoS attacks.
When a script is updated, it is not only done to release new features. There are often SQL injections and other issues that give attackers the opportunity to gain access to your script, your account, and your file system that are patched with new releases and updates. When an attacker uses one of these exploits - more often than not - they are not doing it just to destroy your site. An attacker will usually leave your site alone as not to attract attention, and then will upload malicious files such as a spam script or dos script.
Recently we have had a large number of accounts that have been compromised due to outdated or unused scripts, and the attackers are uploading attack scripts to the servers. As our servers have ultra-high-speed connections (1,000 megabit) this makes them a perfect tool for taking others offline - and means that our entire network and all of our customers suffer when an attacker uses one of our servers to perform outbound attacks.
You may think that it's not going to happen to you or that it's a rare occurrence, and I assure you that it's not. We have suspended no less than 10 accounts over the last 24 hours due to outbound attacks and compromised scripts. We do perform a full server security audit every time we investigate one of these cases to ensure the issue isn't something on our end, and those investigations have all come back clean.
Please check your account(s) and make sure that all of your scripts, plugins, and themes that you are using are UP TO DATE and that you've removed any that you are not actively making use of. Just because a plugin is "disabled" or a theme is not in use does not mean that it cannot be used against you by an attacker. Any accounts found to be sending outbound SPAM or DoS attacks can potentially be permanently suspended. If you've ever installed a script "just to test" or to mess around with it, it is VERY important that you remove that script or make sure that it's fully up to date.
We are taking this issue very seriously as it's been causing network outages to individual servers periodically as an attack crops up and we have to identify the source and disable the account. This is bad for the customer whose script is exploited, bad for others on the same servers we may have to temporarily disable the network while we find the culprit, and bad for our entire network as the traffic and packet flows can cause slowness and packet loss.
In the event that your account is compromised due to outdated software, you may want to look at the services offered by Sucuri Security.
If you have any questions at all about this, please let us know.
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ Incremental R1Soft CDP Backups on all shared, semi-dedicated, and VPS services!
█ http://www.mddhosting.com/ - Follow us on Twitter!
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ Incremental R1Soft CDP Backups on all shared, semi-dedicated, and VPS services!
█ http://www.mddhosting.com/ - Follow us on Twitter!
#2
Myati
- Newbie
-
- Group: Members
- Posts: 2
- Joined: 19-December 11
Posted 19 December 2011 - 06:12 PM
Thank you for this warning and for making me aware of the problem. I am one of those affected today as the server where my website is hosted seems to have been temporarily compromised this morning with negative effects on the performance of the site and in the user experience of our visitors. Fortunately this was promptly solved and everything was back to normal within minutes.
I must also confess i was not aware of the problem with outdated scripts as this issue was never brought to my attention on my previous host. I do have only one script installed on my domain to handle email campaigns our company occasional does. I do not want to delete the script as it will be of use in the future but i also don't mind disabling it for the time being until the next time it is required (have no idea when this will be, last time I've used it was probably over a year and a half ago). How can i disable the script so that it is inaccessible to someone trying to set up an attack but while keeping it installed and easily enable it in the future when it is required? Can i just change the folder name where it is installed?
I must also confess i was not aware of the problem with outdated scripts as this issue was never brought to my attention on my previous host. I do have only one script installed on my domain to handle email campaigns our company occasional does. I do not want to delete the script as it will be of use in the future but i also don't mind disabling it for the time being until the next time it is required (have no idea when this will be, last time I've used it was probably over a year and a half ago). How can i disable the script so that it is inaccessible to someone trying to set up an attack but while keeping it installed and easily enable it in the future when it is required? Can i just change the folder name where it is installed?
#3
MikeDVB
- Forum Administrator
-
- Group: Staff Administrator
- Posts: 1,545
- Joined: 27-September 08
- Gender:Male
- Location:Central Indiana, USA
Posted 19 December 2011 - 06:14 PM
Password protecting the directory would work if it's in it's own folder.
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ Incremental R1Soft CDP Backups on all shared, semi-dedicated, and VPS services!
█ http://www.mddhosting.com/ - Follow us on Twitter!
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ Incremental R1Soft CDP Backups on all shared, semi-dedicated, and VPS services!
█ http://www.mddhosting.com/ - Follow us on Twitter!
#4
SarisIsop
- Member
-
- Group: Members
- Posts: 35
- Joined: 06-November 11
Posted 20 December 2011 - 08:57 AM
MikeDVB, on 19 December 2011 - 02:54 PM, said:
Please check your account(s) and make sure that all of your scripts, plugins, and themes that you are using are UP TO DATE and that you've removed any that you are not actively making use of.
All done.
#5
Myati
- Newbie
-
- Group: Members
- Posts: 2
- Joined: 19-December 11
Posted 20 December 2011 - 09:00 AM
MikeDVB, on 19 December 2011 - 06:14 PM, said:
Password protecting the directory would work if it's in it's own folder.
Thank you for the prompt assistance, the folder where the script is stored is now password protected.
Share this topic:
Page 1 of 1