04 January 2013

Another pet died across the holidays

I wrote before about un-maintained and orphaned WordPress sites being exploited.  That same frantic user from two months ago, called again.  The TL;DR summary is:
  • cPanel administration with multiple accounts in a single host without protections 
  • OS Updates not being run
  • WordPress updates not being run
  • Random add-on's being used without an awareness of security issues
  • No SELinux (disabled)
An exploit un-gzip-ping a hostile payload from cache was used, and the machine taken over

The absence of good sysadmin skills, well packaged content, and updates 'for the loss' ...