Snowman
27-12-2004, 12:08 PM
THIS IS AN IMPORTANT SECURITY ALERT, PLEASE READ THOUROUGHLY.
It has come to our attention that there is a major security issue with some php and perl scripts running on our servers, in particular with phpBB versions 2.0.10 and older.
Other scripts affected include:
AdvancedGuestBook < 2.3.1
Coppermine < 1.3.2
InvisionBoard < 1.2
MamboOpenSource < 4.5.1a
PHP-Nuke < 7.6
PhpWiki < 1.37
PostNuke < 0.750
Xoops < 2.0.7.3
e107 < 0.617
osCommerce < 2.2ms2
phpBB < 2.0.11
These scripts are completely insecure and are causing the rapid spread of a php based worm which could critically affect our servers. Because of this critical nature of this problem we will be suspending all older versions of these scripts in tonights maintenance schedule on all servers. Affected customers/resellers will be notified by mail as soon as possible on the issue.
All insecure FormMail scripts will also be suspended.
We have the ability to update all these scripts automatically, but will not be choosing that option as it would overwrite any modifications you have made to the various scripts. So we ask that all customers please update their scripts immediately to the latest versions. If you dont know how to update them or would prefer us to do them (subject to the above warning) please submit a support ticket to the helpdesk and we will be glad to help.
Any scripts using the command wget will be affected as this command has been indefinately blocked to help prevent the worms attack.
As a second part of this upgrade all servers will be having Apache and PHP upgraded.
The new PHP version will be 4.3.11
There are no known issues with the new version of PHP, but some older scripts may be affected.
I apologise for the lack of notification on this upgrade but in the interests of a secure server we must act on this immediately.
A seperate post on the actual scheduled upgrade will be posted with specific information for you server.
It has come to our attention that there is a major security issue with some php and perl scripts running on our servers, in particular with phpBB versions 2.0.10 and older.
Other scripts affected include:
AdvancedGuestBook < 2.3.1
Coppermine < 1.3.2
InvisionBoard < 1.2
MamboOpenSource < 4.5.1a
PHP-Nuke < 7.6
PhpWiki < 1.37
PostNuke < 0.750
Xoops < 2.0.7.3
e107 < 0.617
osCommerce < 2.2ms2
phpBB < 2.0.11
These scripts are completely insecure and are causing the rapid spread of a php based worm which could critically affect our servers. Because of this critical nature of this problem we will be suspending all older versions of these scripts in tonights maintenance schedule on all servers. Affected customers/resellers will be notified by mail as soon as possible on the issue.
All insecure FormMail scripts will also be suspended.
We have the ability to update all these scripts automatically, but will not be choosing that option as it would overwrite any modifications you have made to the various scripts. So we ask that all customers please update their scripts immediately to the latest versions. If you dont know how to update them or would prefer us to do them (subject to the above warning) please submit a support ticket to the helpdesk and we will be glad to help.
Any scripts using the command wget will be affected as this command has been indefinately blocked to help prevent the worms attack.
As a second part of this upgrade all servers will be having Apache and PHP upgraded.
The new PHP version will be 4.3.11
There are no known issues with the new version of PHP, but some older scripts may be affected.
I apologise for the lack of notification on this upgrade but in the interests of a secure server we must act on this immediately.
A seperate post on the actual scheduled upgrade will be posted with specific information for you server.