Incidents

PHP hack

If you drop by phpbb.com, you’ll be greeted by this notice, which has been there for 5 days now:

So yes, there is a problem – a big one, because it turns out there’s a vulnerability in the realization of “register_globals” in PHP. Hosting providers are starting to fix the bug; last night Masterhost, the biggest Russian hosting provider, sent the following message to all its clients…

Уведомляем Вас, что в понедельник 9 февраля 2009 г. будет
изменена конфигурация серверов виртуального хостинга.
Директива PHP register_globals будет отключена, согласно
рекомендациям разработчиков PHP и специалистов по
безопасности. Изменение затронет следующие площадки и домены:
xxx, xxx, xxx
Если Ваши сайты используют последние версии популярных CMS
(таких как Joomla, WordPress, Drupal, Bitrix и т.д.), то
изменение пройдет незаметно и не скажется на
работоспособности ресурсов. Рекомендуем при возможности
произвести обновление Ваших скриптов. Если это сделать
невозможно или у Вас возникают любого рода сомнения, то Вы
можете обезопасить себя и включить register_globals для
сайта, добавив в директорию www файл .htaccess со следующей
директивой:
php_flag register_globals on
Информация о директиве register_globals на сайте
разработчиков PHP:
http://ru.php.net/manual/ru/ini.core.php#ini.register-globals

Translation:

This is to inform you that on 9th February 2009 the configuration of virtual hosting servers will be modified. The PHP register_globals directive will be disabled in line with recommendations from PHP developers and security specialists. The changes will affect the following sites and domains:
XXX
If your sites are using the most recent versions of popular CMS (such as Joomla, WordPress, Drupal, Bitrix etc.) then you won’t notice the changes taking place and they won’t affect resource productivity. We recommend that you update your scripts when possible. If this is not possible or if you are in any doubt, you can secure yourself by enabling register_globals for the site by adding the .htaccess file to the www directory with the following directive:
Php_flag register_globals on
There is information about the register_globals directive on the PHP developers’ site:
http://ru.php.net/manual/ru/ini.core.php#ini.register-globals

The moral of this story? Check your sites, update your sites, tell your IT guys. And while you’re doing this, we’ll be keeping an eye out for the next Big Chinese Hack – the exploit for this vulnerability was released more than two weeks ago, but most hosting providers are still unpatched; a lot of Internet resources are going to take a beating over the next few days and weeks, and botnets are going to be increasing (again) in size. All the more so with the approach of February 14th, traditionally a time when the bad guys mobilize…

PHP hack

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox