Personal home page hack

In case you drop through phpbb. Com, you’ll be greeted by means of this note, which has been there for five days now:

So sure, there is a problem – a big one, because it turns out there’s a vulnerability within the awareness of “register_globals” in php. Hosting providers are beginning to repair the bug; remaining nighttime Masterhost, the largest Russian internet hosting company, despatched the following message to all its purchasers…

Уведомляем Вас, что в понедельник 9 февраля 2009 г. будетизменена конфигурация серверов виртуального хостинга. Директива php register_globals будет отключена, согласнорекомендациям разработчиков Hypertext Preprocessor и специалистов побезопасности. Изменение затронет следующие площадки и домены:xxx, xxx, xxxЕсли Ваши сайты используют последние версии популярных CMS(таких как Joomla, WordPress, Drupal, Bitrix и т. д. ), тоизменение пройдет незаметно и не скажется наработоспособности ресурсов. Рекомендуем при возможностипроизвести обновление Ваших скриптов. Если это сделатьневозможно или у Вас возникают любого рода сомнения, то Выможете обезопасить себя и включить register_globals длясайта, добавив в директорию www файл . Htaccess со следующейдирективой:php_flag register_globals onИнформация о директиве register_globals на сайтеразработчиков personal home page:http://ru. Personal home page. Web/guide/ru/ini. Core. Personal home page#ini. Register-globals

Translation:

Here’s to inform you that on 9th February 2009 the configuration of digital internet hosting servers will be modified. The personal home page register_globals directive can be disabled based on recommendations from personal home page developers and safety specialists. The adjustments will have an effect on here websites and domains:XXXIf your websites are the use of the most recent models of established CMS (similar to Joomla, WordPress, Drupal, Bitrix and many others. ) then you definately received’t notice the changes taking place and that they won’t affect aid productivity. We recommend that you simply replace your scripts when viable. If here is not possible or if you’re in any doubt, that you may cozy yourself by means of enabling register_globals for the site with the aid of adding the . Htaccess file to the www listing with the following directive:Php_flag register_globals onThere is guidance in regards to the register_globals directive on the Hypertext Preprocessor developers’ web site:http://ru. Personal home page. Web/manual/ru/ini. Core. Hypertext Preprocessor#ini. Register-globals

The ethical of this story? verify your websites, update your sites, tell your IT guys. And whilst you’re doing this, we’ll be protecting a watch out for the subsequent large chinese language Hack – the take advantage of for this vulnerability turned into launched greater than two weeks in the past, however most internet hosting suppliers are nonetheless unpatched; lots of cyber web elements are going to take a beating over the next few days and weeks, and botnets are going to be expanding (again) in measurement. The entire extra so with the strategy of February 14th, traditionally a time when the unhealthy guys mobilize…

Leave a Reply