My name is Nicholas and I work at (mt) Media Temple. I want to try help eliminate any confusion in this dialogue. Our most recent statement on security can be found here:
Having shared that, I want you to know that (mt) is here for you. We want nothing more than to help any affected customers overcome this and move on to greener pastures. Please open a support request via the AccountCenter and we will dig in. I realize that we cannot always be quite as timely as we would like, but efficiency and accuracy are very important to us in regard to addressing customer requests.
If you look to the right of those pages, you can see a wide variety of exploits that Sucuri.net has identified and attempted to classify. This should give you additional perspective on some of the other threats that are out there, and the number of threats on the internet is increasing all the time.
With any new "exploit" that is discovered (both internally and externally), we have our security team perform a detailed analysis. So far, our research has consistently allowed us to conclude that there is no issue with our infrastructure that could be linked to these exploits.
Also, it is important to note that the WordPress application itself is not considered to be the vulnerability either. Instead, it is just one of the primary targets of the "payloads" of these exploits. It seems that WordPress has been targeted because of its immense popularity, and because blogs tend to have a built-in audience and readership. Since the malicious parties want their "exploit" to go "viral" and spread like wildfire, blogs are a good target. For this and other reasons, it is always very important to keep all of your software and plug-ins up-to-date.
As was noted in this thread, improper file permissions can expose your wp-config.php, and thus, your database login credentials, to malicious parties. Once they can get into your DB server via a legitimate login, they can insert backdoor WP users, which can then be used to insert malicious code of all different flavors into databases/blog posts/etc. This is true of ANY Linux-based server, and for some shared servers out there, it can have additional ramifications. Let me repeat that: ***Having proper file permissions is imperative in order to keep data safe, particularly in regard to online content.***
Here is an article about Unix/Linux file permissions that may be helpful: http://en.wikipedia.org/wiki/Filesystem_permissions
How do permissions relate to the (gs) Grid-Service infrastructure?
Up until not too long ago, a (gs) Grid-Service user did have the ability to "chmod" his/her "domains" folder "wide open", meaning 777. There are rare cases where a user might want this openness, in particular if he/she wanted to have inter-domain access on a single (gs). To clarify:
1) Each new (gs) Grid-Service has always been provisioned with proper permissions in place.
2) The user could then CHOOSE permissions that were not as strict.
In a recent move to prevent non-savvy users from causing themselves additional headaches, (mt) Media Temple rolled out a full-scale "Access Control List", or ACL on the (gs) Grid-Service. More on that can be found here:
What this has done is made it so that any user on the (gs) Grid-Service can change file permissions to the most relaxed of settings, and other customers on the same (gs) cluster would not be able to see data that had been improperly opened up.
Having said that, it is still important to maintain proper file permissions to prevent the outside world from seeing sensitive information. If you were to make your wp-config.php world-readable, you are just asking for your WP install to become compromised, and sadly, this is an all-too-common occurrence.
To further assist our customers, we have also worked with Sucuri.net to offer a discount on their services, so that if you are not quite confident in your ability to secure your site, you have a third-party option:
In reference to one of the most recent comments... performing the removal of a script injection would not have any impact on the speed or performance of the blog (other than it would most likely help to secure it and prevent any unexpected page redirection).
So, sorry for the long post, but it is paramount to our operations and yours that the proper information is out there. In conclusion:
1) The (mt) Media Temple infrastructure is secure. We are always performing additional internal analysis to ensure that our systems remain secure.
2) We have added ADDITIONAL file system protection to the (gs) Grid-Service to help users who may not be Linux-savvy. Proper file system permissions are still always recommended.
3) These types of exploits are happening on other servers and other hosts.
4) We are actively doing everything we can to provide information, suggestions, and some degree of cleanup to our customers. We are also actively investigating any new exploits that come to our attention.
Please view our special security hub for more information, and note that we will be actively updating it with any new developments:
If you have additional questions, please submit a support request via the (mt) AccountCenter or give us a call at 877-578-4000.
(mt) Media Temple