- This topic is empty.
-
AuthorPosts
-
May 24, 2006 at 1:11 pm #693067
Anonymous
InactiveThanks for posting this!
May 25, 2006 at 8:35 am #693153Anonymous
InactiveI am in the process of doing this upgrade across 17 servers and for those who have their own servers, I would advice doing this on a one server at a time basis to ensure there are no version conflicts with cPanel (or other hosting admin/mgmt) software.
Sometimes these updates dont always agree with other software.
– btw – this apache vulnerability is suppose to be internal (other sites on the server) rather than external (external hacks)
May 25, 2006 at 1:27 pm #693174Anonymous
InactiveOur server has now had to be taken offline permanently. Some of the minor issues were:
Any php script that had files with writeable permissions. eg. click trackers, banner rotators, download scripts etc. that need to write data to a file with permission 666.That stuff is vulnerable and causes minor mischief and nuisance, time consuming but minor nonetheless.
We managed to defeat the little bits but became the object of a concerted attack that some have suggested are E@astern E@uropean heavies moving into the game. Of note, all the attacks I can trace are certainly leaning that way.
We lost this round but will be back, it will take some time but time is on our side. There are newer vulnerabilities that allow, like what happened to us, available so please get everything up to date and bullet proof to avoid a not so nice scenario!
-
AuthorPosts