We have been getting number of attack reports from clients with Wordpress installs and further investigating we found a global attacks on wordpress.
Right now there is a very severe and global attack on all Wordpress sites on the Internet and almost all hosting providers are affected. The attack is a brute-force attack which is global and highly distributed, This attack is well organized and again very, very distributed; we have seen high number of spoofed IP addresses involved in this attack. As the IP’s are spoofed, blocking the IP’s does not help much.
If you need any asisstance in blocking this attacks please submit a 1x Hour of Support plan and we will help you right after!
Don’t hesitate to contact us if you have any questions or need further assistance.
Tags: attack, brute, bruteforce, Force, Wordpress, wordpress attack, wp bruteforce attack
A new Parallels Plesk Panel privilege escalation vulnerabilities have been discovered (VU#310500 and CVE-2013-0132, CVE-2013-0133)
- Plesk’s /usr/sbin/suexec binary (the binary may be present in additional locations, always with suexec in the filename) always allows the binary ‘cgi-wrapper’, bypassing restrictions on the ownership of the file to be called. Since cgi-wrapper’s function is to execute a PHP script based on environment variables (and suexec does not sanitize these environment variables) this allows execution of arbitrary PHP code with a user id above a minimum user ID value that is hardcoded in the suid binary. CVE-2013-0132
- The program /usr/local/psa/admin/sbin/wrapper allows the user psaadm to execute various administrative scripts with root privileges. Some of these scripts call external programs without specifying the full path. By specifying a malicious PATH environment variable, an attacker can cause the administrative scripts to call his own program instead of the intended system program. CVE-2013-0133
Parallels Plesk Panel versions 9.x-11.x with Apache web server running mod_php, mod_perl, mod_python, etc. is vulnerable to authenticated user privilege escalation. Authenticated users are users that have login to Parallels Plesk Panel (such as f.e. your customers, resellers, or your employees).
Patching the server with the latest MU’s is extremely mandatory.
We highly suggest purchasing our Full Security Audit plan to update/patch and confirm your server hasn’t been compromised.
Should you have further questions please don’t hesitate to contact our Customer Support Team available 24/7 !
Tags: New Plesk 2013 Vulnerability found on 8.x/9.x/10.x/11.x
MariaDB versus MySQL - Compatibility
MariaDB is a binary drop in replacement for MySQL
For all practical purposes, MariaDB is a binary drop in replacement of the same MySQL version (for example MySQL 5.1 -> MariaDB 5.1, MariaDB 5.2 & MariaDB 5.3 are compatible. MySQL 5.5 will be compatible with MariaDB 5.5). What this means is that:
Data and table definition files (.frm) files are binary compatible.
All client APIs, protocols and structs are identical.
All filenames, binaries, paths, ports, sockets, and etc… should be the same.
All MySQL connectors (PHP, Perl, Python, Java, .NET, MyODBC, Ruby, MySQL C connector etc) work unchanged with MariaDB.
There are some installation issues with PHP5 that you should be aware of (a bug in how the old PHP5 client checks library compatibility).
The mysql-client package also works with MariaDB server.
The shared client library is binary compatible with MySQL’s client library.
This means that for most cases, you can just uninstall MySQL and install MariaDB and you are good to go. (No need to convert any datafiles if you use same main version, like 5.1).
Reference : https://kb.askmonty.org/
Tags: compatibility, MariaDB, mySQL
Restoring a User’s Database Access For WHM version 11.36
If a database user loses access to databases, you may be able to restore the user’s grants to the database using the restoregrants utility.
Using Restoregrants to Restore the User’s Database Access
Execute one of the following commands from the command line:
/usr/local/cpanel/bin/restoregrants –cpuser=$cpuser –db={mysql, pg} –dbuser=$dbuser
or
/usr/local/cpanel/bin/restoregrants –cpuser=$cpuser –db={mysql, pg} –all
$cpuser The cPanel username which has lost access to databases.
{mysql, pg} The type of database: mysql for MySQL or pg for PostgreSQL.
$dbuser The database user whose privileges you wish to restore.
Tags: 11.36, Access. WHM, database, Restoring, Version
ERROR 2006: MySQL Server has gone away
When trying to load a large SQL dump, I get ERROR 2006: MySQL Server has gone away.
Version 5.0: http://dev.mysql.com/doc/refman/5.0/en/gone-away.html
Version 5.5: http://dev.mysql.com/doc/refman/5.5/en/gone-away.html
Most likely, you will need to restart mysqld with the -O max_allowed_packet=# option.
A communication packet is a single SQL statement sent to the MySQL server, a single row that is sent to the client, or a binary log event sent from a master replication server to a slave.
The largest possible packet that can be transmitted to or from a MySQL 5.1 server or client is 1GB.
Tags: ERROR 2006, mySQL, server
