advises

SOUTHFIELD, MI – Future Hosting, a managed VPS and dedicated server hosting provider, advises Drupal hosting clients who have not patched their site recently to check for signs of compromise or malware infection. Drupal sites that have not been patched against the “Drupalgeddon2” vulnerabilities may have already been compromised.

The Drupal project released a series of patches to fix a remote code vulnerability at the end of March. Further patches will be released on April 25 and sites should be upgraded when the new patches are available.

“Future Hosting is home to thousands of Drupal sites and we’re seeing a constant flood of attacks using this vector,“ said Maulesh Patel, VP of Operations of Future Hosting, “The attacks are so widespread that it is unlikely that any unpatched Drupal site on the web will escape being compromised.”

More than a million websites are based on Drupal. The vulnerability can be used to gain complete access to a Drupal site’s code and data by sending a payload to a known URL — a process that is easy to automate. Patched sites are safe, but unpatched sites are being hacked by automated botnets.

Hosting clients with sites based on Drupal 7 should upgrade to at least Drupal 7.58. Sites based on Drupal 8.5.X should be updated to Drupal 8.5.3. Patches have been released for Drupal 8.4, but earlier 8.X versions are unsupported. Patches are available for Drupal 6 via the Drupal 6 LTS project.

Future Hosting advises that Drupal sites that have not already been patched should be checked for the presence of malware using a reliable malware scanning tool.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan.

Read more

Filed under Web Hosting News by on #

The cloudflare.solutions domain has been taken down after infecting thousands of WordPress sites with cryptocurrency mining and keylogging malware posing as script from trusted web services, according to a Sucuri blog post. The malware had infected at least 5,492 WordPress sites, SC Magazine reports.
The keylogging malware was added to malware distributed from fake Cloudflare website cloudflare.solutions which Sucuri wrote a blog about in April. It captures data entered by users, potentially including login and payment information. The malicious code is given away by two long hexadecimal parameters, which are the keyloggers, following cdnjs.cloudflare.com URLs, which are fake, according to the report.
Sucuri noted the obfuscation tricks being used by a CoinHive JavaScript Monero miner in another recent blog post, including the use of non-decimal notation for the host name, a fake jQuery name, and names related to Google Analytics.
The script resides in the function.php file of the WordPress theme, and both scripts were found on many sites by Sucuri, but it was not clear that they were present on all 5,492.
"You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts," advises Sucuri Senior Malware Researcher Denis Sinegubko. "Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly
Read more

Filed under Web Hosting News by on #