|
W2-S Server Status
|
SYSTEM STATUS AND HOSTING NEWS
|
|
13 Jan 2010
Wed | | Spoof "mailing service" emails alert
Please be aware that recently there has been a sharp increase in fake emails suggesting that your "mailing service" has had a security upgrade. These emails then usually ask the user to click on a link to apply the new settings. The link itself is spoofed to look like it is from your own domain (or ours), usually in the form of http://your-domain.com/owa/service_directory/settings.php?email=you@your-domain.com, but is actually linking to an externally compromised host that we have no control over. The emails usually end along the lines of "Best regards, your-domain.com Technical Support," where your-domain.com is your actual domain.
Please note these emails are fake and designed to trick the user into logging on to a phishing site or compromise your computer. Please delete these emails and DO NOT click on the link or submit any login information to a 3rd party. If you think you have submitted your login details via one of these emails please change your email and FTP passwords as soon as possible via your site's control panel and contact us.
All genuine emails sent by W2-S Internet Services come from w2s.net and usually refer to you personally by name and will have the proper contact details in the email's signature. | | 7 Sep 2009
Mon | | Wordpress exploit affecting all versions pre 2.8.4
If you are using Wordpress you must make sure you upgrade it to 2.8.4 *IMMEDIATELY* or remove it from your site entirely. Details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress
Last night a number of people on Twitter and blogs mentioned that their Wordpress sites were acting up. Specifically that permalinks were broken and showing up with weird code.
There are two clues that your WordPress site has been attacked:
1) There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are "eval" and "base64_decode." (Check your permalinks in Admin > Settings > Permalinks).
2) A "back door" was created by a "hidden" Administrator. Check your site users for "Administrator (2)" or a name you do not recognize. You will probably be unable to access that account.
Wordpress has identified that there are hackers out there, hacking sites that aren't using the most-current version of Wordpress (versions below 2.8.4 as of 05/09/2009 -- there are rumours that 2.8.5 is due to be released imminently so keep an eye out for that too).
If you have not yet been hacked, UPGRADE NOW! Immediately. Stop reading this, really, and go upgrade. Again, details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress
If you have been hacked, sorry, you're going to be busy! Upgrading alone will not fix a hacked site. Mashable.com's alert said: "You'll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It's a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too."
Not sure how to do that? It's not that difficult, but it is very time-consuming.
I cannot stress how important it is to get your Wordpress installation up-to-date, a number of our customers have reported problems in the last 48 hours, the source of these problems have been to do with out of date Wordpress installs. Remember: If your scripts are out-of-date then your site is insecure and could be hacked at any moment. | |
Privacy Policy | Service Level Agreement | Acceptable Use Policy | Terms & Conditions
© 1998 - 2010 Timo Newton-Syms / W2-S Internet Services
|
= Service is available and running.
= Possible problems. Refresh to check again.
