Support » Everything else WordPress » Infosecurity article about Network Solution’s issue

  • As some of you surely know, Network Solutions (a webhosting company) recently blamed WordPress due to a internal system failure that caused some malicious attack which produced the fall of hundred of client’s WordPress websites.

    Well, Infosecurity has been published an article which -among other things- says that “The attack […] affected fully patched versions of the WordPress blog.”… Patched versions?

    Ok, the problem was originated from a security hole that allowed anyone to view the files of another users. Network Solutions argues that “WordPress stores the database conection info in plain text”, while Infosecurity say that “This should not normally be a problem, if file access permissions are set properly” and continues: “However, many users installed the software in a way that left the file readable by anyone“.

    “Fully patched versions of WordPress”… “Installed the software in a way that left the file readable by anyone”… So, has Network Solutions a kind of “easy-install-one-click-fantastic” method which allowed full access to the attacker?. I think this company still has many questions to answer, specially when it argues that “We have confirmed that multiple sites, including several Network Solutions hosted WordPress sites, were targeted by an unauthorized user to modify content without the owner’s knowledge […]”…

    Including?… Including what?? Only the Network Solution’s hosted sites was affected by this attack! Please, stop to blame to avoid problems with your clients, stop to based your issues on slanders! Be serious, be an ethical company! and show some respect to the others and to yourself.

    References:

    Network Solutions public annoucement:
    http://forums.networksolutions.com/nshosting-announcements-f83-incident-regarding-nshosting-wordpress-t7111.html

    the same network Solutions public annoucement before be replaced by the above:

    Beginning last week a WordPress vulnerability has been the target of attacks on multiple WordPress websites on hosting platforms around the web. We have a blog post with additional details about the vulnerability and how to secure your WordPress site.

    http://blog.networksolutions.com/2010/alert-wordpress-blog-network-solutions/

    At this time we have implemented a fix that has removed the offending code, updated database credentials, and set a more secure permission for the WordPress config file.

    If you have followed all of the above instructions/tips and are still having an issue with getting WordPress to work correctly due to this vulnerability please contact customer service at 1.888.391.4357

    Infosecurity article:
    http://www.infosecurity-us.com/view/8709/network-solutions-fixes-wordpress-installations/

    Matt article:
    http://wordpress.org/development/2010/04/file-permissions/

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Infosecurity article about Network Solution’s issue’ is closed to new replies.