Blind SQL injection vulnerability found in WordPress SEO plugin by Yoast

Yoast-Wordpress-SEO-Plugin

 

Over a million websites that use WordPress SEO by Yoast are at risk due to a blind SQL injection vulnerability found.  WPScan Vulnerability Database released an advisory after it had disclosed the vulnerability to the plugin’s author.

“The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.

The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.”

Yoast quickly responded with a patch and released the version 1.7.4:

“Fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue.”

Immediate Update Recommended

GreenGeeks real-time security scanning is already protecting our customers from this vulnerability. While GreenGeeks has real-time monitoring in place to catch such vulnerabilities and pro-actively protect our customers from exploit, we strongly urge all of our customers to update their WordPress SEO plugin by Yoast immediately to avoid any potential issues in the future. Best practice is to ensure that all of your plugins and WordPress core files are up-to-date at all times.

 

The CryptoPHP backdoor & what you need to know

Researchers at Fox-IT released a white paper regarding an increasing threat to content management systems they’ve named CryptoPHP.

What is the CryptoPHP Backdoor?

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

Operators of CryptoPHP currently abuse the backdoor for illegal search engine optimization, also known as Blackhat SEO. The backdoor is a well developed piece of code and dynamic in its use. The capabilities of the CryptoPHP backdoor include:

  • Integration into popular content management systems like WordPress, Drupal and Joomla
  • Public key encryption for communication between the compromised server and the command and control (C2) server
  • An extensive infrastructure in terms of C2 domains and IP’s
  • Backup mechanisms in place against C2 domain takedowns in the form of email communication
  • Manual control of the backdoor besides the C2 communication
  • Remote updating of the list of C2 servers
  • Ability to update itself

What We’ve Done For Our Customers

GreenGeeks is always working to ensure maximum security for our customers.  Here’s what we’ve done since learning about the CryptoPHP backdoor.

  1. Checked all clients data. Affected clients were notified and we’re working with them to resolve. Only 0.001% sites on our network were affected.
  2. Added advanced real-time security rules to protect against new instances.
  3. Updated GGS real-time malware scanning tool to find out affected data more quickly
  4. Updated the list of known holes to check servers periodically.

What You Can Do to Protect Against These Kinds of Infections

  1. Download & use plug-in’s that are from reputable & verified sources.
  2. Ensure the latest versions of plugins & core CMS code is up to date.
  3. Download security scanning tools such as iThemes Security or WordFence

SSL 3.0 Poodle Vulnerability

SSL v3 Vulnerability

Google reported in a blog post today the discovery of a security vulnerability with SSL version 3.0. Our engineers were notified of this vulnerability before the announcement was made public and have made the necessary changes to disable access to SSL 3.0 on our core infrastructure.

Unlike the HeartBleed vulnerability, most of our users will not be impacted from this change. However, those that are using outdated web browsers (Internet Explorer 6 for example) will be unable to connect securely to our control panel and website.

If you’re using an outdated web browser, simply download the updated versions or download newer clients such as Mozilla Firefox or Google Chrome. These browsers utilize an enhanced security protocol known as TLS, which has the ability to automatically update keeping you secure in the future.

SSL Version 3.0 will be disabled on Firefox on November 25, but you do not have to wait for this to be released. You can download a plugin that will allow you to set the minimum SSL version. If you’re using Internet Explorer, simply go to Settings -> Internet Options -> Advanced Tab -> Uncheck SSLv3 under Security.

Our system engineers are working to disable SSL version 3.0 across all of our servers. This will be done in segments to ensure there is no impact your websites.

You can learn more about this issue by reading Google’s report

As always, you’re more than welcome to contact our support if you have any questions and/or concerns.

The Heartbleed bug and what you need to know


HeartbleedIn the last few days I am sure that you’ve heard about an Internet-wide security exploit called the Heartbleed bug. Security here at GreenGeeks is a top priority and we take it very seriously. Once learning about the exploit, technically referenced as CVE-2014-0160, we began to address it immediately.  We have created this article to help you understand a bit more about Heartbleed, how you can protect your information and what we’ve done to address it.

What is Heartbleed

The Heartbleed bug is a very serious security vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. It was nicknamed “Heartbleed” because the vulnerability could leak/bleed information and was involved in the Heartbeat function of OpenSSL. The weakness allows hackers to steal information that is normally protected by the SSL/TLS encryption used to secure the Internet. SSL encrypts information sent over networks such as web, email, IM, etc. With the bug, names, passwords, and any sensitive information could be “sniffed” resulting in stolen data directly from any website.

What is being done about the Heartbleed Bug?

The vulnerability was identified, given a reference of CVE-2014-0160 and was patched by the team at OpenSSL. This patch was made publicly available to service providers across the world, including GreenGeeks. We have patched, tested and verified that all of our systems are secured with this latest patch from OpenSSL.

As mentioned before, we take security very seriously and is a top priority for us. Upon discovering the exploit, we began immediate action to secure our servers. We believe that the likelihood of exploit is very minimal. As always, we will continue to be vigilant to ensure the safety and security of our systems.

Has GreenGeeks replaced their SSL’s?

Yes, upon discovery our team has quickly patched and replaced all SSL’s on our network.

Is My Server Vulnerable?

Anyone relying on OpenSSL was vulnerable. Upon discovery of the exploit, we patched our entire network and are now protected from the vulnerability.

Will the SSL I purchased from GreenGeeks be Updated?

Yes, while the risk of exploitation is extremely low, as a pre-caution we are working with our SSL provider to re-issue all SSL certificates that were purchased directly through us. This process is being done automatically for you and there is no involvement required.

What if I purchased an SSL certificate from a third-party provider?

Re-issuing the certificate is a choice you’ll have to make. If you feel that it’s worth your time, then it’s a good idea to get your SSL reissued. The likelihood of your keys being exploited are very low. If you decide to go ahead with the change, then please contact your SSL provider. Once you’ve received your new private key, certificate and CA bundle, our team will be more than happy to help you install the certificate. Alternatively, you can simply buy a new SSL certificate through us where we will handle similar situations such as this for you.

Has any of my information been compromised?

Anyone relying on OpenSSL was vulnerable. Upon discovery, we immediately patched our system. The chance that your keys were exploited are very minimal due to the lack of public exploit at the time of disclosure. We recommend that you always change your password regularly and can do so through our Account Manager.

You can test to see if you’re vulnerable by using the HeartBleed Checker

You can learn more about the Heartbleed Bug at heartbleed.com.

 

Phishing Scam Alert: Tariff Plan Changes

We have recently become aware of a phishing scam attempt on our customer’s Account Manager login credentials. If you have received the below e-mail, it is not from GreenGeeks. The e-mail is attempting to phish for your Account Manager username/password. If you have clicked on the link and continued to provide any information, you may have fell victim to the phishing scam. We recommend that you contact our support immediately or log into your account manager and changing your password.

Continue reading “Phishing Scam Alert: Tariff Plan Changes”

Protect Yourself with Secure Passwords

Changing cPanel Password

The first line of defense against cyber criminals (hackers) are passwords, but weak and easy to guess passwords aren’t much of a defense. It’s important to create strong passwords that are unique to each of your vital accounts. It’s also especially important to update the passwords often. Your GreenGeeks web hosting services comes standard with 24/7 monitoring of servers and includes advanced firewall systems to protect against most attacks, however a weak password is like leaving your front door unlocked. All the cyber criminals have to do to gain access to your precious stuff is to just try and open your door. Continue reading “Protect Yourself with Secure Passwords”

“My WordPress Blog Got Hacked!” – Prevent it!

“My WordPress Blog Got Hacked” is something that we as a hosting company hear all the time, which is unfortunate. What’s even more unfortunate is we as the web hosting provider often get blamed for it by our very own customers. I can’t really blame our customers for this either, I guess they just don’t know it can happen — So hopefully, this blog post will help bring some awareness and help prevent their blogs from being hacked.

It’s not uncommon for a WordPress site to get exploited, you’ll often see an image of some pirate or a bunch of statements claiming that you’re a sucker for getting hacked. Doesn’t really look all too professional when your visitors see this. If you feel that you’re the only one out there, you’re not. If you think that WordPress is the wrong CMS to use, that’s not the case. With a proper setup, you could avoid being defaced.

WordPress has put together an entire My WordPress Site was hacked FAQ page, dedicated to help WordPress users prevent their sites from being hacked and for those who have been hacked, preventing it from happening again. Check it out, it will be helpful in preventing your WordPress installation from being exploited.

I do want to point out a part of the FAQ, where it says to check with the hosting provider.

As far as the hosting environment goes, we take security very serious here at GreenGeeks. We have a multitude of security measures in place to prevent a wide-spread type of exploitation of scripts. So you’re safe there. We regularly update our servers, scan them for vulnerabilities and do what we are required to keep our customers safe.  The general rule of thumb for protecting yourself from being exploited is: Always upgrade to the latest version, don’t use unknown plug-ins and keep regular backups.