General Info

From nginx.org Hello! Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. A stack-based buffer overflow might occur in a worker process while…

From blog.sucuri.net

As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we have started to see attacks spring up across our network.

In our post you might remember this:

< !–mfunc echo PHP_VERSION; –>< !–/mfunc–>

In this example we explained how it was a very simple approach to displaying the version of PHP on your server. There were a lot of questions following that saying, well what’s so harmful in that. Etc… With little help from us the attackers go on to show us what they can do.

(more…)

There is a known issue with Googlebot right now in which Googlebots are resetting TCP connections before the handshake completes. This causes the bot to not connect and will leave…

Remote Code Execution Vulnerability Disclosed

From http://blog.sucuri.net

Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

(more…)

From http://blog.sucuri.net

For the last few months we have been tracking server level compromises that have been utilizing malicious Apache modules (Darkleech) to inject malware into websites. Some of our previous coverage is available here and here.

However, during the last few months we started to see a change on how the injections were being done. On cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one. This new backdoor is very sophisticated and we worked with our friends from ESET to provide this report on what we are seeing.

Detection

(more…)

From http://linuxapachemysqlphp5.blogspot.com Restart Apache Ubuntu service apache2 restart /etc/init.d/apache2 restart apache2ctl restart CentOS /etc/init.d/httpd restart service httpd restart /sbin/service httpd restart Debian service apache2 restart /etc/init.d/apache2 restart apache2ctl restart Suse…

From hostgator.com

There is a worldwide, highly-distributed WordPress attack that is ongoing. This attack is known to be using forged or spoofed IP addresses. We are actively blocking the most common attacking IP addresses across our server farm. The following steps can be used to secure (by password protection) wp-login.php for all WordPress sites in your cPanel account:

(more…)