During a scan of our servers we have identified that your DreamHost account is hosting an insecure website which may be targeted for malicious purposes or has already been compromised.
You appear to have an insecure version of the popular DedeCMS software on our server. Due to an increase in attacks against this software we have been forced to disable insecure versions until the webmasters are able to address this matter and upgrade their sites the a secure version. The current version of DeDeCMS is 5.7 released on 2011-10-15.
/home/ch***6/ch****.cn (Insecure Version: V57)
We have disabled any insecure sites found until you are able to address this matter, this is for the safety of our servers and the customers you share them with. We will require that you take a few minutes to address this matter and secure your account from further abuse.
Please note that re-enabling these insecure sites may result in the disablement of your account.
If you have any questions, please feel free to contact our support staff (make your subject line include ATTN: Security) and we will be more than happy to assist you with securing your sites.
/home/ch****/ch****.cn
已更新到 最新版本。
DeDeCMS is 5.7 released on 2011-10-15.
请检验!
谢谢!
GG释成英文发过去:
/ home/ch****/ch***.cn
Updated to the latest version.
DeDeCMS is 5.7 released on 2011-10-15.
Please test!
Thank you!作者: idc886 时间: 2011-10-29 14:28 标题: DH空间上phpwind论坛站也出了问题了 如何解决。
2011年9月12日(星期一) 几个PW论坛站也出现了问题。。。
Hello,
We have received a report of what appears to be a pharmacy redirect page that has been uploaded to your account. It would appear that malicious have found a way to upload spam pages as well as backdoors to your site(s) at the following location(s):
We have disabled the page(s) in question (via removing their permissions, e.g.. chmod) until you are able to address this matter.
We also identified the following files that are known to be backdoors (likely this is how the attackers gained access) or spam pages on your site:
/home/cy****/z****.com/attachment/Mon_1004/1111.htm
/home/cy****/z****.com/attachment/Mon_1004/werzvxc.htm
…………………………………………………………………………还有很多。
The existence of these pages on your website(s) is likely a sign you have been compromised, and we empathize with your problem, getting a site hacked really is no fun (but we hope this notification helps prevent this matter from being any worse.) Investigating similar attacks we have found that this specific type of compromise is connected with sites that have insecure permission on foldres and may be running insecure 3rd party software (including plugins and/or themes) under your account. I would highly recommend that you:
- Update any 3rd party software under the account, including content management systems, gallery software, weblogging tools, etc. Be sure to use current, secure versions and keep them up-to-date.
- Update any plugins and/ot themes on your sites (Recent attacks against websites have targetted vulnerable software such as timthumb.php which is included in wordpress themes, seperate from the core files)
- Check your website(s) files for any signs of tampering (file timestamps show recent editing) or files you did not upload yourself and remove them. Looking at the reported files above should give you a good starting point.
- Check your website(s) files for any 777 directories, (e.g.. a directory that allows anyone on the server to write or edit the files in the directory; these permissions will look like rwxrwxrwx via the command line)
- Change your FTP password(s). Be sure they are at least 8 characters in length and do not contain English words. Random numbers and letters work best.
If you have any questions, please feel free to reply to this email or contact our support staff (make your subject line include ATTN: Security) and we will be more than happy to assist you with securing your sites.
Sincerly,
The DreamHost security team作者: idc886 时间: 2011-10-29 14:48 标题: DH空间上phpwind论坛站也出了问题了
Thanks for taking care of this quickly. If you have updated the software
there, you may reenable the site. You can do this by just renaming the
directory back to its original name. If we find a further problem we will
let you know.