Feb 22

In recent news, a number of Linux web hosting servers have been infected with a rootkit that has comprised the Secure Shell Daemon (SSHD). User login details are being captured and sent to servers controlled by cyber criminals. It has been reported that the cyber criminals are then logging into the comprised servers using the captured account details and using the servers to send spam or turn them into botnet nodes.

Based on what I have read at this point in time, the exploit mechanism used to install the rootkit has not been clearly identified. Some web hosts are temporarily disabling remote SSH access as a preventive measure.

If you are using Linux-based Web Hosting, you hosting server is likely to be infected if any of the following files exist:

/lib64/libkeyutils.so.1.9

/lib/libkeyutils.so.1.9

Most infected servers have been running cPanel and CentOS, but there are also reports of infections on servers running DirectAdmin, Plesk and non-RHEL based Linux distributions.

If your hosting server is infected, you should:

  1. Immediately log out of any SSH sessions
  2. Change your password using cPanel or any alternative online mechanism offered by your service provider
  3. Notify your web host’s support staff

Do not log into your hosting server via SSH until support staff tell you it is safe to do so.

For more information, check out the following:

CloudLinux – SSHD Rootkit
Web Hosting Talk – SSHD Rootkit Rolling around

Feb 22

Details about this incident are incomplete, but it appears that Yahoo!Xtra in New Zealand experienced a security incident resulting from using an old version of WordPress that had not been updated in a long time.

According to reports, the exploit was performed using a Cross-Site Scripting (XSS) vulnerability in swfupload.swf – a JavaScript & Flash Upload Library – which was fixed in WordPress 3.3.2, released in April 2012.

This is another lesson to everyone on why you should ensure that you regularly update your WordPress installation and all your plugins.

For more information, here are some links:

SmartCompany – Yahoo! hacked in New Zealand through WordPress vulnerability

Seclists – Re: XSS vulnerability in swfupload in WordPress

ThreatPost – Yahoo Mail Breach Linked to Old WordPress Vulnerability

Feb 22
  • AussieWPExpert: The Categories Images Plugin allow you to associate images with any WordPress category or taxonomy – http://t.co/GFpxnDbuKA
  • AussieWPExpert: WordPress plugin that creates landing pages for your site. Checks conversion rates and runs A/B split tests – http://t.co/9lzEzAGGBp
  • AussieWPExpert: WordPress plugin resizes all uploaded images to specific max width & height. Useful for saving disk space – http://t.co/lBEd9QOBEt
  • AussieWPExpert: Yahoo!Xtra NZ Email Accounts Compromised Through Exploit in Old WordPress Installation – http://t.co/ZcOhUBW3AY
  • AussieWPExpert: SSHD Exploit Targeting Servers Running CloudLinux, CentOS & cPanel http://t.co/YPlYicFQR9
  • AussieWPExpert: This WordPress plugin sets a minimum length for user comments. Helps prevent comment spam and useless post comments: http://t.co/T76i23VM
  • AussieWPExpert: This plugin extends WordPress's oEmbed functionality to enable embedding videos & external content into comments: http://t.co/oL6KQisD
  • AussieWPExpert: Smart Company: "Sign-up form stuff up" – avoid 3 simple mistakes when designing sign-up forms for newsletters/events: http://t.co/H3bmbOCz
  • AussieWPExpert: WP plugin Simple Trackback Validation w/Topsy Blocker reduces trackback spam by validating the IP address & permalink http://t.co/gBwNHF80
  • AussieWPExpert: Google's guide to making AJAX applications crawlable by search engines, so they can be properly indexed: http://t.co/XrKdzEQI
  • AussieWPExpert: Tutorial: Creating a Plugin to Add Votes to Your WordPress Comments Using AJAX – http://t.co/ZKplpUsC

Feb 15
  • AussieWPExpert: How to enable support for the plugin Jetpack Comments in the Thesis Theme for WordPress – http://t.co/6xTIyTHK
  • AussieWPExpert: The HotSpots WP plugin draws a heat map of mouse clicks overlaid on your site, helping to analyse user behaviour – http://t.co/n2ffTLf3
  • AussieWPExpert: Lifehacker: A Non-Designer’s Guide to Typefaces and Layout – http://t.co/BahYctSx
  • AussieWPExpert: WordPress PHP code snippet for themes – transform h2 tags to h3 tags on the index page – potentially useful for SEO – http://t.co/aRyh7uOs
  • AussieWPExpert: 1stWebDesigner: The Ultimate Guide to WordPress 3.0 Comment Form Customization – http://t.co/ivcIHo0e
  • AussieWPExpert: WP development tip: Use wp_enqueue_scripts(), not wp_print_styles(), to enqueue scripts and styles for the frontend – http://t.co/VrvTPuH4
  • AussieWPExpert: ManageWP: 8 WordPress plugins to help beautify your blog content – http://t.co/VJ2ZEpFF
  • AussieWPExpert: How an Australian Internet marketer used twitter to predict the Triple J Hottest 100 songs for 2012 – http://t.co/baqs4YHY
  • AussieWPExpert: WordPress PHP code snippet that implements a shortcode to display RSS Feeds, e.g. within a post or page – http://t.co/K3ri8ZlV
  • AussieWPExpert: APN settings for mobile networks around the world, to set up your smartphone to access the Internet when traveling: http://t.co/TprAjpyu

css.php