The Register® — Biting the hand that feeds IT

Feeds

Network Solutions mops up after mass WordPress breach

Administrators at web host Network Solutions say they've closed a hole that allowed attackers to commandeer a large number of sites so they tried to infect visitors with malware. The mass hack caused Network Solutions customers running WordPress to silently redirect visitors to networkads.net/grep, a site that attempted to …

This topic is closed for new posts.
ajb673
FAIL

database credentials

If Mr Dede new anything about web apps, and web sites in general, then surely he'd know that at some point you have to have database credentials available.

Network Solutions should be to blame for not setting the correct permissions on the users home directories so they can't be read by anyone else.

Mike Cardwell

Network Solutions shared hosting fail

Network Solutions should configure their shared hosting so only the user and apache has read access to the users homedir. Then even if the user does something stupid and leaves an important file globally readable, nobody else on the system will be able to read it.

chown username:apache ~username

chmod 710 ~username

I'm assuming that they're using suexec/mod_php or similar so users can't run cgi/php as the apache user.

These are *basic* things required to lock down shared hosting.

Mike Cardwell
Reply Icon

Bah

I meant suphp, not mod_php

Shashi Bellamkonda

ISsue fixed and more tips for Network Solutions customers

I work for Network Solutions and wanted to update your readers with some tips and finfo for our customers a new post that we put up on our blog for existing customers http://bit.ly/bscWFQ

Shashi

@shashib on Twitter

@netsolcares team member

Anonymous Coward
Anonymous Coward
Reply Icon

netsolcares?

You forgot the "joke alert" icon.

ChrisBell3rd
FAIL
Reply Icon

NS_WP issue NOT fixed Ticket#1-460208121

Shashi,

I personally met you at an all-day Network Solutions Small Biz conference in Washington, DC this past fall and made a decision after the event to have a developer to build my Wordpress website, but have it hosted with Network Solutions.

My site has been down since last Friday afternoon (5 days ago!) I've paid an engineer to get it back up using the information from periodic feeds coming from your company and the WP community. She has managed to get my site up for a few hours and then it crashes again (at least 7 times in the last 5 days.)

Your company is contributing to putting me out of business and negatively impacting my hard-earned professional credibility. I need help and I need someone from within your company to take ownership of the problem for resolution. I'm a small business owner, not a lawyer I've no intention of suing folks. I just need someone to fix my Network Solutions_Wordpress issue as your organization's previous counsel has not produced a permanent fix.

Shashi Bellamkonda
Reply Icon

Do you still need help

Hi Chris,

Definitely following your feedback and I know we met at the GrowSmartBiz conference. Let me know if you are still having issues listen at network solutions.com

Thanks,

Shashi

Davidj2
FAIL

chmod 750? Really?

Can't view site with wp-config.php at 750. Want to try 644 or something like that?

Mike Cardwell
Reply Icon

Re: chmod 750? Really?

Yes. 750. I said home directory. Why are you advocating setting rw-r--r-- permissions on a directory? For a start, you're missing x permissions, and secondly you're allowing global read access?

rwx-r-x--- or if possible rwx-r-----

Where the directory is owned by the website owner and Apache has group access.

If you set those permissions on the home directory, then it doesn't matter if the website owner accidently sets rw-rw-rw permissions on a file inside there, no other user on the server will be able to read or write it.

The only users that need access to a users home directory are the apache user, and the website owners user.

Anonymous Coward
FAIL

Seriously Network Solutions? Seriously??

I can't see how Wordpress is to be blamed. All PHP scripts have the database passwords in plain text (Joomla, Drupal, Wordpress, PHPbb3, etc.) It's been that way for years and years... A little more fact checking is needed on his part. Wordpress's installer didn't install wordpress insecurly, Network Solutions' installer installed wordpress insecurly.

I also can't see how the user that uses the Network Solutions as Network Solutions installer does not install is in a secure fashion.

From the sounds of things, it does not sound like Network Solutions had their servers set up in a secure manner and a lot of people had to go through this ordeal because of it. It's Security 101: Don't give users access to other users files.

I can't believe this hasn't happened to them sooner! Hope they can secure their servers properly before the attack moves to the Joomla, Drupal, PHPbb3 and other PHP scripts.

Can I have the WTF AND the Fail icon on this one?

*shakes head at Network Solutions*

The_Police!
FAIL

Hang on

Is it just me who found this erroneous sentence (last sentence of the article)?

"When you leave the to the door in the lock, does it help to lock the door?"

All your "When you leave the to the door" belong to us!

Anonymous Coward
Anonymous Coward

Networks Solutions admit WordPress is not the issue

http://blog.networksolutions.com/2010/wordpress-is-not-the-issue/

"This was not an issue with WordPress. Sorry to the WordPress community and customers for any misunderstanding. "

What is concerning that a company like Network Solutions apparently opened its mouth without thinking

This topic is closed for new posts.