Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
danwin1210.me hacked / imap_open exploit
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

danwin1210.me hacked / imap_open exploit

LTnigerLTniger Member
edited November 2018 in General

Reference: https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/

So, it seems there is a nasty PHP imap_open exploit in the wild:

https://github.com/Bo0oM/PHP_imap_open_exploit
https://antichat.com/threads/463395/#post-4254681
https://www.reddit.com/r/netsec/comments/9wzwgw/0day_bypassing_disabled_exec_functions_in_php_via/

Will you be affected? Probably, if you run WHMCS, Hostbill or any other software which use imap_open function (mail import via IMAP).

Mitigation:

disable function in php.ini:

disable_functions = exec,imap_open<...>

And: remove php-imap if you don't use it at all.

!secOPS should verify my posted crap!

Thanked by 1niceboy

Wordpress Hosting - Home made!

Comments

  • Started losing millions

  • quick said: Started losing millions

    Billions baby, it's billions!

    Wordpress Hosting - Home made!

  • @deank what is you doing baby?! where is mr Endis when you need him?

  • Shared hosting is just pure trash and should never be used or provided.

  • rm_ said: Shared hosting is just pure trash and should never be used or provided.

    Why? Shared hosting is good for static and simple dynamic websites, mail usage. Don't be so radical.

    Thanked by 1level6

    Wordpress Hosting - Home made!

  • rm_rm_ Member
    edited November 2018

    LTniger said: Why?

    Because it will always have issues like this. Any kind of even remotely decent security/separation is impossible. Not to mention the complete lack of privacy from the host and whoever gets "root" on there.

  • @LTniger said:

    rm_ said: Shared hosting is just pure trash and should never be used or provided.

    Why? Shared hosting is good for static and simple dynamic websites, mail usage. Don't be so radical.

    I wouldn't use shared hosting nowadays for anything else except static sites and mail services.

  • hostnamastehostnamaste Member, Provider

    Dark web hosting provider hacked again -- 7,600 sites down

    Source: https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/

    HostNamaste.com - A Reliable Indian Hosting Company You Can Trust.

    OpenVZ VPS, KVM VPS and Budget Dedicated Servers in Los Angeles, Dallas, Jacksonville, France, India and Russia.

  • hostnoobhostnoob Member

    "Winzen said that an attacker accessed the DH backend and deleted all hosting-related databases. The attacker then deleted Winzen's database account and created a new one to use for future operations.

    Winzen discovered the hack the next morning, at which time most of the data was already lost. The service doesn't keep backups by design."

    Yikes

    @rm_ said:

    LTniger said: Why?

    Because it will always have issues like this. Any kind of even remotely decent security/separation is impossible. Not to mention the complete lack of privacy from the host and whoever gets "root" on there.

    @Malin said:

    @LTniger said:

    rm_ said: Shared hosting is just pure trash and should never be used or provided.

    Why? Shared hosting is good for static and simple dynamic websites, mail usage. Don't be so radical.

    I wouldn't use shared hosting nowadays for anything else except static sites and mail services.

    Easy to say when you know how to configure a server yourself. What are others supposed to do?

    Favourite host in general: Ramnode (affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr ($50 free credit for new accounts, affiliate link)

  • TheLinuxBugTheLinuxBug Member
    edited April 1

    hostnoob said: Easy to say when you know how to configure a server yourself. What are others supposed to do?

    Read, Google and learn to do it your self like everyone else did. If you are here on this forum, you are smart enough to do the research and setup a server your self -- That said, you can't fix stupid or lazy -- so of course if you never go and try or do the research, you will never learn.

    This stuff isn't the rocket science people like to make it out to be. Really, it is just learning patience and having the motivation to read, test and push through even the boring stuff that doesn't interest you.

    my 2 cents.

    Cheers!

    Have an Allwinner H3 device? Android? Check out H3Droid! | Lichee Pi Zero - The 6$ SBC | #SYSarm - Get It! | Atomic Pi - $35 x86 SBC
    21+ Years IT Experience in Linux/Windows Hosting, Administration and Development Services

  • BarisBaris Member

    @TheLinuxBug said:

    hostnoob said: Easy to say when you know how to configure a server yourself. What are others supposed to do?

    Read, Google and learn to do it your self like everyone else did. If you are here on this forum, you are smart enough to do the research and setup a server your self -- That said, you can't fix stupid or lazy -- so of course if you never go and try or do the research, you will never learn.

    This stuff isn't the rocket science people like to make it out to be. Really, it is just learning patience and having the motivation to read, test and push through even the boring stuff that doesn't interest you.

    my 2 cents.

    Cheers!

    Sure, but what about non LET members? Some people just want to host small private or cooperate websites without going too deep because they are not into it like we are.

    Personally I also use webspace to play around with first ideas. And if I think the stuff is good or could be good I am going to deploy it on my centminmod machine which is tweaked to my needs.

    There will be always demand for simple webspace hosting.

  • hostnoobhostnoob Member

    @TheLinuxBug said:

    hostnoob said: Easy to say when you know how to configure a server yourself. What are others supposed to do?

    Read, Google and learn to do it your self like everyone else did. If you are here on this forum, you are smart enough to do the research and setup a server your self -- That said, you can't fix stupid or lazy -- so of course if you never go and try or do the research, you will never learn.

    This stuff isn't the rocket science people like to make it out to be. Really, it is just learning patience and having the motivation to read, test and push through even the boring stuff that doesn't interest you.

    my 2 cents.

    Cheers!

    Yeah I'm talking about non-techies. People who don't know what a low end box is.

    Some people are good writers, good at creating original content, etc. for them shared hosting is ideal.

    Favourite host in general: Ramnode (affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr ($50 free credit for new accounts, affiliate link)

Sign In or Register to comment.