http://blog.sucuri.net Protect Your Interwebs Sat, 21 Jan 2012 23:06:42 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://blog.sucuri.net/2012/01/dreamhost-security-issue-prompts-ftp-password-resets.html/comment-page-1#comment-3028 Dreamhost hacked, mass password-reset issued | ZDNet Sat, 21 Jan 2012 23:06:42 +0000 http://blog.sucuri.net/?p=3106#comment-3028 [...] Blog, the company has detected a security breach at one of their database servers. According to a blog post at DreamHost Status Blog, the company has detected a security breach in one of their database [...] [...] Blog, the company has detected a security breach at one of their database servers. According to a blog post at DreamHost Status Blog, the company has detected a security breach in one of their database [...]

]]> http://blog.sucuri.net/2010/02/godaddy-store-your-passwords-in-clear-text-and-may-try-to-ssh-to-your-vps-without-permission.html/comment-page-1#comment-3025 Experiences with using GoDaddy, Linux Web Hosting | The (Unorganized) Musings of a Computer Scientist Sun, 15 Jan 2012 05:05:19 +0000 http://blog.sucuri.net/?p=61#comment-3025 [...] I first tried to accomplish goal #2 — the first thing I learned was that SSH functionality is an ‘opt-in’ program. In other words, you have to explicitly ‘activate’ the feature (instructions on how to do this are here: How to Enable SSH Access to your GoDaddy Hosting Account). Before I went ahead and pushed the Button, I did a Google search on any security implications of allowing SSH access (sorry, it’s the Computer Security in me!). Luckily, nothing glaring popped out in the search results — though, the following article did provide an amusing read: GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission. [...] [...] I first tried to accomplish goal #2 — the first thing I learned was that SSH functionality is an ‘opt-in’ program. In other words, you have to explicitly ‘activate’ the feature (instructions on how to do this are here: How to Enable SSH Access to your GoDaddy Hosting Account). Before I went ahead and pushed the Button, I did a Google search on any security implications of allowing SSH access (sorry, it’s the Computer Security in me!). Luckily, nothing glaring popped out in the search results — though, the following article did provide an amusing read: GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission. [...]

]]> http://blog.sucuri.net/2011/10/timthumb-php-mass-infection-aftermath-part-i.html/comment-page-1#comment-3023 » Wordpress Security Best Practices & Plugins Sat, 14 Jan 2012 01:35:02 +0000 http://blog.sucuri.net/?p=2852#comment-3023 [...] the vulnerability on TimThumb was released (0-day) last year in early August it is estimated that a couple of million wordpress sites got compromised. This vulnerability would allow the arbitrary upload of files to a [...] [...] the vulnerability on TimThumb was released (0-day) last year in early August it is estimated that a couple of million wordpress sites got compromised. This vulnerability would allow the arbitrary upload of files to a [...]

]]> http://blog.sucuri.net/2011/06/wp-phpmyadmin-wordpress-plugin-delete-it-now.html/comment-page-1#comment-3021 WordPress.org repository will not show plugins older than 2 years Fri, 13 Jan 2012 18:25:51 +0000 http://blog.sucuri.net/?p=2231#comment-3021 [...] older than 5.2, and 95% of websites are using some version of mySQL 5.David Dede from Sucuri.net tells us as an example of ‘security’ that a plugin called “wp-phpmyadmin” was [...] [...] older than 5.2, and 95% of websites are using some version of mySQL 5.David Dede from Sucuri.net tells us as an example of ‘security’ that a plugin called “wp-phpmyadmin” was [...]

]]> http://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma-hack.html/comment-page-1#comment-3018 Wordpress News - The Best WordPress Tips and Tutorials of 2011Wordpress News Fri, 06 Jan 2012 12:01:30 +0000 http://blog.sucuri.net/?p=1518#comment-3018 [...] Cleaning up an infected website – Part I: WordPress and the Pharma Hack [...] [...] Cleaning up an infected website – Part I: WordPress and the Pharma Hack [...]

]]> http://blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html/comment-page-1#comment-3016 TimThumb.php Sicherheits-Update Thu, 05 Jan 2012 12:42:34 +0000 http://blog.sucuri.net/?p=2390#comment-3016 [...] vor. Nahezu jeder, der eine Version vor dem 1. August 2011 installiert hat, ist verwundbar. Unter Timthumb Security Vulnerability – List of Themes findet man eine unvollständige Auflistung freier Themes, in denen TimThumb zum Einsatz kommt. [...] [...] vor. Nahezu jeder, der eine Version vor dem 1. August 2011 installiert hat, ist verwundbar. Unter Timthumb Security Vulnerability – List of Themes findet man eine unvollständige Auflistung freier Themes, in denen TimThumb zum Einsatz kommt. [...]

]]> http://blog.sucuri.net/2012/01/wordpress-3-3-xss-vulnerability-patched-3-3-1-released.html/comment-page-1#comment-3015 A Free wordpress newsletter » WordPress 3.3.1 is available, ready for your upgradin’ Thu, 05 Jan 2012 03:13:46 +0000 http://blog.sucuri.net/?p=3003#comment-3015 [...] just what the security issue was, though I do trust the folks at Sucuri when they refer to it as not a “serious vulnerability.” Even so, you should go ahead and update your sites today. Go on, you know you want [...] [...] just what the security issue was, though I do trust the folks at Sucuri when they refer to it as not a “serious vulnerability.” Even so, you should go ahead and update your sites today. Go on, you know you want [...]

]]> http://blog.sucuri.net/2012/01/wordpress-3-3-xss-vulnerability-patched-3-3-1-released.html/comment-page-1#comment-3014 wp-coder.net » WordPress 3.3.1 is available, ready for your upgradin’ Thu, 05 Jan 2012 03:04:41 +0000 http://blog.sucuri.net/?p=3003#comment-3014 [...] just what the security issue was, though I do trust the folks at Sucuri when they refer to it as not a “serious vulnerability.” Even so, you should go ahead and update your sites today. Go on, you know you want [...] [...] just what the security issue was, though I do trust the folks at Sucuri when they refer to it as not a “serious vulnerability.” Even so, you should go ahead and update your sites today. Go on, you know you want [...]

]]> http://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma-hack.html/comment-page-1#comment-3012 WordPress: The Best of 2011 and Future Predictions | Wptuts+ Mon, 02 Jan 2012 18:01:58 +0000 http://blog.sucuri.net/?p=1518#comment-3012 [...] Tutorial Link [...] [...] Tutorial Link [...]

]]> http://blog.sucuri.net/2011/04/automattic-wordpress-compromise-security-incident.html/comment-page-1#comment-3010 2011: Year of the Data Breach « CCSK Guide Wed, 28 Dec 2011 12:02:17 +0000 http://blog.sucuri.net/?p=1940#comment-3010 [...] Automattic & WordPress (April 14, 2011) – Attackers were able to hack a number of servers run by Automattic, the company responsible for maintenance and augmentation of WordPress code. With root-level access, the attackers stole the WordPress source code, the majority of which is open source, but some is proprietary. It’s suspected that partner code was also accessed. [...] [...] Automattic & WordPress (April 14, 2011) – Attackers were able to hack a number of servers run by Automattic, the company responsible for maintenance and augmentation of WordPress code. With root-level access, the attackers stole the WordPress source code, the majority of which is open source, but some is proprietary. It’s suspected that partner code was also accessed. [...]

]]>