litespeed hacked?

brrr

Well-Known Member
#2
That doesn't seem like a terribly sophisticated script.

It would be rather strange & disappointing if it does indeed let someone suck up a permissions restricted file off a LSWS server, and perhaps set up the attacker to do even more.
 
Last edited:

MikeDVB

Well-Known Member
#3
Perhaps this is an old bug that was fixed and only affects those that haven't upgraded?

I've tested this on 4.0.13 and 4.0.14 on x86 and x64 and it's not working.
 

DanEZPZ

Well-Known Member
#4
There's another version floating about which does work.

This needs patching immediately. If the mods want the link to the other version, PM me.
 

AndrewT

Well-Known Member
#7
The one on WHT.

Do you have a rule for this other exploit? Or maybe you can PM me the link to it and I can see if we can get one working.
 

cmanns

Well-Known Member
#9
The one on WHT.

Do you have a rule for this other exploit? Or maybe you can PM me the link to it and I can see if we can get one working.
I'm interested too, just enabled mod_security first time ever ;-) :D

Due to monthly cost - or yearly I'm shocked this hasn't been patched up yet or announced by LiteSpeed, though I do understand it's weekend should someone give then a ring a ding?
 
Last edited:

anewday

Well-Known Member
#12
Uh oh. So, there's only one mod_security rule?

Are there any serious bugs in 4.0.14? It still haven't been activated in the auto upgrader in the web console.
 

cmanns

Well-Known Member
#14
Uh oh. So, there's only one mod_security rule?

Are there any serious bugs in 4.0.14? It still haven't been activated in the auto upgrader in the web console.
I've not had a single issue that I can point out that is with 4.0.14, I used 4.0.13 for a few days or so when we fire'd up LiteSpeed on our cpanel box may 29th and back around Feb, .14 just seemed better :D
 

Lauren

LiteSpeed Staff
Staff member
#18
All platform builds have been updated.

If you are unable to upgrade at this moment, please add mod_security rules to block this exploit suggested by khunj on webhostingtalk

Just add this to 'Request Filter' at the server level:

Name : NULLBYTE
Action: deny,log
Eabled: yes
Rules Definition: SecRule REQUEST_URI "\x00"

Restart LS.
4.1RC build will be updated later.
 

AndrewT

Well-Known Member
#19
Upgraded all servers and it seems to resolve the issue. Though the web console now seems to think 4.0.13 is the latest and should be installed.
 
Top