New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
danwin1210.me hacked / imap_open exploit
Reference: https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/
So, it seems there is a nasty PHP imap_open exploit in the wild:
https://github.com/Bo0oM/PHP_imap_open_exploit
https://antichat.com/threads/463395/#post-4254681
https://www.reddit.com/r/netsec/comments/9wzwgw/0day_bypassing_disabled_exec_functions_in_php_via/
Will you be affected? Probably, if you run WHMCS, Hostbill or any other software which use imap_open function (mail import via IMAP).
Mitigation:
disable function in php.ini:
disable_functions = exec,imap_open<...>
And: remove php-imap if you don't use it at all.
!secOPS should verify my posted crap!
Thanked by 1niceboy
Comments
Started losing millions
Billions baby, it's billions!
@deank what is you doing baby?! where is mr Endis when you need him?
Shared hosting is just pure trash and should never be used or provided.
Why? Shared hosting is good for static and simple dynamic websites, mail usage. Don't be so radical.
Because it will always have issues like this. Any kind of even remotely decent security/separation is impossible. Not to mention the complete lack of privacy from the host and whoever gets "root" on there.
I wouldn't use shared hosting nowadays for anything else except static sites and mail services.
Dark web hosting provider hacked again -- 7,600 sites down
Source: https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/
"Winzen said that an attacker accessed the DH backend and deleted all hosting-related databases. The attacker then deleted Winzen's database account and created a new one to use for future operations.
Winzen discovered the hack the next morning, at which time most of the data was already lost. The service doesn't keep backups by design."
Yikes
Easy to say when you know how to configure a server yourself. What are others supposed to do?
Read, Google and learn to do it your self like everyone else did. If you are here on this forum, you are smart enough to do the research and setup a server your self -- That said, you can't fix stupid or lazy -- so of course if you never go and try or do the research, you will never learn.
This stuff isn't the rocket science people like to make it out to be. Really, it is just learning patience and having the motivation to read, test and push through even the boring stuff that doesn't interest you.
my 2 cents.
Cheers!
Sure, but what about non LET members? Some people just want to host small private or cooperate websites without going too deep because they are not into it like we are.
Personally I also use webspace to play around with first ideas. And if I think the stuff is good or could be good I am going to deploy it on my centminmod machine which is tweaked to my needs.
There will be always demand for simple webspace hosting.
Yeah I'm talking about non-techies. People who don't know what a low end box is.
Some people are good writers, good at creating original content, etc. for them shared hosting is ideal.