dremeda

dremeda

18p

20 comments posted · 0 followers · following 1

486 weeks ago @ Naked Security - Large US hosting provi... · 2 replies · +1 points

From what I've seen, most cases are due to outdated versions of software (over 70% in fact).

In this specific case, I'd be willing to bet the vector had something to do with directory traversal in multi-domain accounts, and/or FTP user issues.

This is most likely how it started spreading, and then used outdated, known to be exploited versions of WordPress (& other software) to exploit, infect, and reinfect.

495 weeks ago @ 9seeds, LLC - OMG, we're a year old! · 0 replies · +1 points

Congrats to you fellas! You guys #kickass

I'm looking forward to WordCamp Las Vegas action in a few weeks, and some Fizzy Pops sprinkled in the mix!

Cheers,
Dre

497 weeks ago @ Sucuri Security - GoDaddy hacked - Fixin... · 0 replies · +3 points

You guys sent them emails and called them to ensure they were aware of your recommendation? How were they notified?

This is the fundamental awareness issue hosts like GoDaddy don't get. You mass market about awesome hosting, but you sure don't share the same emphasis and passion around educating non-technical people about the inherit security risks involved with hosting and managing a website securely.

Quit with the scripted replies and get realistic. You're devaluing your customers by explicitly publishing inaccurate attack information, who are you fooling? Lastly, continually blaming customers after the fact is not going to earn you brownie points either.

More reason for standards around security controls, information security awareness, and remediation practices in the web hosting world. It would benefit consumers and hosting providers alike.

Regards,
Dre Armeda
Sucuri Security
My recent post GoDaddy hacked – Fixing the “headers already sent” error

497 weeks ago @ Sucuri Security - GoDaddy sites hacked -... · 0 replies · +1 points

Anytime! Hope everything gets resolved quickly.

Enjoy your weekend!

Dre Armeda
Sucuri Security
My recent post GoDaddy sites hacked – myblindstudioinfoonlinecom and Hilary Kneber

497 weeks ago @ Sucuri Security - GoDaddy sites hacked -... · 3 replies · +1 points

Hi Todd, can you expand on the problem? We're still receiving reports from GoDaddy customers that their domains are infected.

Thanks,
Dre Armeda
Sucuri Security

My recent post GoDaddy sites hacked – myblindstudioinfoonlinecom and Hilary Kneber

497 weeks ago @ Sucuri Security - GoDaddy sites hacked -... · 0 replies · +1 points

Hi, sorry that you're having some difficulties with your host right now. We'll do everything we can to help you and others during these malware outbreaks.

I think the point that needs to be made is that this type of stuff happens. The problem we see across the industry is disclosure and resolution practices differ and in some cases fail tremendously.

Security controls, mitigation, and remediation practices need to be standardized across the hosting industry to provide a minimum level of protection to end users across the spectrum of mass marketed products you see advertised.

We do not give hosting recommendations here at Sucuri but a bit of Google research will net great results on the WordPress ready hosting services who seem to best mitigate risks.

Hope that helps!

Dre Armeda
Sucuri Security
My recent post GoDaddy sites hacked – myblindstudioinfoonlinecom and Hilary Kneber

497 weeks ago @ Sucuri Security - GoDaddy sites hacked -... · 3 replies · +3 points

Todd for clarification purposes, are you implying this is a PHP issue the community should be aware of? Care to disclose the details?

Thanks,
Dre Armeda
Sucuri Security

My recent post GoDaddy sites hacked – myblindstudioinfoonlinecom and Hilary Kneber

501 weeks ago @ Sucuri Security - Gmail blacklisted by S... · 0 replies · +2 points

Hi Neil, please read the full article before posting, thanks!
My recent post Gmail blacklisted by Spamhaus

502 weeks ago @ Sucuri Security - Pharma hack and their ... · 0 replies · +1 points

Hi Steve, we're no longer offering free scans to NS customers. NS has created their own solution to help with security issues. If you have any questions please contact NS.

Thanks.
My recent post Pharma hack and their C&C Command & control server

502 weeks ago @ Sucuri Security - Pharma hack and their ... · 1 reply · +1 points

Nathan, thanks for the comment. We're not posting anything not already publicly available. In fact, we've cleaned 100's of 1000's of sites infected with this specific exploit. Most of these sites are either indexed on Google with this garbarge or easily found via complaints on Twitter.

The idea here is to try and explain what is going on as we get more details. If we can get out (specifically to hosting providers) information which leads to killing this thing off, or at minimum slowing it down, then we're on the right track. For now, we'll continue to posting relevant information as often as possible.

Hope this helps.

Dre