免费国外空间,国外免费空间,'s Archiver

idc886 发表于 2011-10-29 14:27

DH又封杀织梦站,包括织梦5.7版。 还有DH空间上phpwind论坛站也出了问题。如何解决?

[b][color=red]上次6月份 DH封杀织梦站分析:[/color][/b]

[url=http://www.idc866.com/thread-12878-1-1.html]DH空间全面封杀织梦站。 DreamHost上用织梦建站全挂了。如何解决!如何重做[/url]

[url=http://www.idc866.com/thread-12878-1-1.html]http://www.idc866.com/thread-12878-1-1.html[/url]






收到邮件:  DreamHost Security Alert - Insecure Software
2011年10月28日(星期五) 上午8:16


Hello,

During a scan of our servers we have identified that your DreamHost account is hosting an insecure website which may be targeted for malicious purposes or has already been compromised.

You appear to have an insecure version of the popular DedeCMS software on our server. Due to an increase in attacks against this software we have been forced to disable insecure versions until the webmasters are able to address this matter and upgrade their sites the a secure version. The current version of DeDeCMS is 5.7 released on 2011-10-15.
/home/ch***6/ch****.cn (Insecure Version: V57)


We have disabled any insecure sites found until you are able to address this matter, this is for the safety of our servers and the customers you share them with.  We will require that you take a few minutes to address this matter and secure your account from further abuse.

Please note that re-enabling these insecure sites may result in the disablement of your account.

If you have any questions, please feel free to contact our support staff (make your subject line include ATTN: Security) and we will be more than happy to assist you with securing your sites.

Sincerely,
The DreamHost security team



GG翻译:

您好,

在我们的服务器进行扫描,我们已经确定了DreamHost的帐户是承载一个不安全的网站,这可能是有针对性的恶意目的或已经失密。

你似乎有一个我们的服务器上的流行DEDECMS软件的不安全版本。由于增加对这个软件的攻击,我们已被迫停用不安全的版本,直到网站管理员能够解决这个问题,并提升他们的网站的安全版本。当前版本的DEDECMS5.7于2011年10月15日发布。
/ home/ch***/ch***.cn(不安全的版本:V57)


我们已停用发现任何不安全的网站,直到你能够解决这个问题,这是我们的服务器和您分享他们的客户的安全。我们会要求您需要几分钟的时间解决这个问题,并取得进一步滥用您的帐户。

请注意,重新启用这些不安全的网站,可能会导致您的帐户的伤残。

如果您有任何疑问,请随时联系我们的支持人员,使您的主题行包括联系人:安全,我们将乐意协助您确保您的网站。

此致
DreamHost的安全团队

idc886 发表于 2011-10-29 14:28

[b][color=blue]现像:[/color][/b]
FTP里网站目录被改为 长长的目录
ch***.cn_DISABLED_BY_DREAMHOST__INSECURE



[b][color=blue]分析:[/color][/b]
这个站,我们是使用的织梦程序 5.7版。。  上次更新时间是 8.15版本。  
[b]并且关闭了 会员注册、删除了 member 目录。[/b]
所以说网站是绝对安全的。  



[b][color=blue]检测:[/color][/b]
来信也是提示 用的 5.7,但是提示织梦的最新版本是 10.15版本。
可能DH 是以检测 那个版本文件来判断的。

前段时间用的(Version: V56),DH来信说要升级到DeDeCMS is 5.7.
看来DH,也一直没闲着。 这次是5.7,还要升级到最新。




[color=blue][b]解决:[/b][/color]
自行把 FTP里目录改回原来的,并且在后台执行在线升级。。升级到10.15版本。
(我们原版本是5.7版8.15日的   可后台在线直接升级)
升级后,再写信告诉他们,说已升级到最新版,请检测!让他们检测去。

这次,还删除了那个 织梦程序的版本号文件。。看下次还提示不。



[b][color=blue]总结:[/color][/b]
用织梦程序,就要使用最新的版本。后台有更新提示,就要及时更新。
免得DH又所网站目录改了,或帐户被停了,就损失大了。

[b]注:[/b]在线后台更新还简单。要是跨版本更新,还得换所有文件,和模板等。有些麻烦。




[b][color=blue]更新后回复了一封简单的信,看他们还给我回复不:[/color][/b]

/home/ch****/ch****.cn
已更新到 最新版本。
DeDeCMS is 5.7 released on 2011-10-15.
请检验!
谢谢!

GG释成英文发过去:
/ home/ch****/ch***.cn
Updated to the latest version.
DeDeCMS is 5.7 released on 2011-10-15.
Please test!
Thank you!

idc886 发表于 2011-10-29 14:28

DH空间上phpwind论坛站也出了问题了 如何解决。

2011年9月12日(星期一) 几个PW论坛站也出现了问题。。。


Hello,

We have received a report of what appears to be a pharmacy redirect page that has been uploaded to your account. It would appear that malicious have found a way to upload spam pages as well as backdoors to your site(s) at the following location(s):

/home/cy****/z****.com/attachment/Mon_1004/oldtemp.php

We have disabled the page(s) in question (via removing their permissions, e.g.. chmod) until you are able to address this matter.
We also identified the following files that are known to be backdoors (likely this is how the attackers gained access) or spam pages on your site:
/home/cy****/z****.com/attachment/Mon_1004/1111.htm
/home/cy****/z****.com/attachment/Mon_1004/werzvxc.htm
…………………………………………………………………………还有很多。

The existence of these pages on your website(s) is likely a sign you have been compromised, and we empathize with your problem, getting a site hacked really is no fun (but we hope this notification helps prevent this matter from being any worse.) Investigating similar attacks we have found that this specific type of compromise is connected with sites that have insecure permission on foldres and may be running insecure 3rd party software (including plugins and/or themes) under your account. I would highly recommend that you:

- Update any 3rd party software under the account, including content management systems, gallery software, weblogging tools, etc. Be sure to use current, secure versions and keep them up-to-date.
- Update any plugins and/ot themes on your sites (Recent attacks against websites have targetted vulnerable software such as timthumb.php which is included in wordpress themes, seperate from the core files)
- Check your website(s) files for any signs of tampering (file timestamps show recent editing) or files you did not upload yourself and remove them. Looking at the reported files above should give you a good starting point.
- Check your website(s) files for any 777 directories, (e.g.. a directory that allows anyone on the server to write or edit the files in the directory; these permissions will look like rwxrwxrwx via the command line)
- Change your FTP password(s). Be sure they are at least 8 characters in length and do not contain English words. Random numbers and letters work best.

If you have any questions, please feel free to reply to this email or contact our support staff (make your subject line include ATTN: Security) and we will be more than happy to assist you with securing your sites.
Sincerly,
The DreamHost security team

idc886 发表于 2011-10-29 14:48

DH空间上phpwind论坛站也出了问题了

[b][color=#0000ff]现像:[/color][/b]
从来信上看,网站被入侵了。
虽然网站FTP目录未被改。网站还是可以访问的,但问题还是要去解决。

网站目录里被上传了 oldtemp.php 这个文件,
好几PW论坛个站都是被上传了这个文件。几个DH帐户下的PW站都被上传了。

虽然被上传的文件被DH设为000属性。但网站存在安全问题。





[b][color=blue]分析:[/color][/b]
这次是只针对 PW论坛  的入侵,可能是利用 PW论坛漏洞吧。
不过 PW论坛 是7.3版本,  好久未做更新了。

看DH来信说,可能FTP密码被破,但我们设FTP密码是绝对安全(英文大小写加数字)
如果是FTP密码被破,那同FTP下其它网站也会被上传木马的。这次只 PW论坛站。

[b]注:为了安全,账户密码、FTP密码、MYSQL密码 都要搞成不同的哦。切记。[/b]





[b][color=blue]检测:[/color][/b]
因为那个 oldtemp.php   文件被改为 000属性了。
我们无法 下载下来分析这个文件。

且DH空间从7月份起日志文件一直未更新了,
所以无法下载日志来分析 他们利用这个文件做了什么。





[color=blue][b]解决:[/b][/color]
这次应该是程序被入侵了。因为只PW论坛出这问题。
把所有使用PW论坛的程序,更新到最新版本解决。
并且删除原来的所有文件,以免还有被上传的木马。

就是从PW 7.3版 升级到8.7版本,要经过好几次升级,PW升级又慢。麻烦。
PW网站现在都升级成 8.7版本。  看他还被入侵不!

wodo 发表于 2011-10-29 20:16

不是用织梦做采集站的人太多资源占用大人家不让用了吧:lol

雨夜里 发表于 2011-10-29 20:59

呵呵 据说最新版也有BUG啊~  用了没安全感~

idc886 发表于 2011-10-30 23:28

收到 DH回复了:

Hello,

Thanks for taking care of this quickly. If you have updated the software
there, you may reenable the site. You can do this by just renaming the
directory back to its original name. If we find a further problem we will
let you know.

On Fri, 28 Oct 2011, you wrote:

-------------------------------------- GG翻译

您好,

感谢照顾这个很快。如果你有更新的软件
有,你可以重新启用该网站。您可以通过刚刚重命名
目录回原来的名称。如果我们找到一个更深层次的问题,我们将
让你知道。

在周五,2011年10月28日,你写的:

页: [1]


Powered by Discuz! Archiver 7.2  © 2001-2012 Comsenz Inc.