litespeed hacked?

Discussion in 'General' started by Nokki, Jun 13, 2010.

  1. Nokki

    Nokki New Member

  2. brrr

    brrr New Member

    That doesn't seem like a terribly sophisticated script.

    It would be rather strange & disappointing if it does indeed let someone suck up a permissions restricted file off a LSWS server, and perhaps set up the attacker to do even more.
    Last edited: Jun 13, 2010
  3. MikeDVB

    MikeDVB New Member

    Perhaps this is an old bug that was fixed and only affects those that haven't upgraded?

    I've tested this on 4.0.13 and 4.0.14 on x86 and x64 and it's not working.
  4. DanEZPZ

    DanEZPZ New Member

    There's another version floating about which does work.

    This needs patching immediately. If the mods want the link to the other version, PM me.
  5. AndrewT

    AndrewT New Member

    I can confirm that it does work on 4.0.14. A mod_security rule appears to sufficiently block the attempts at this time.
  6. DanEZPZ

    DanEZPZ New Member

    What rule are you using? There are two versions of this exploit and the rule in the WHT thread only works for one.
  7. AndrewT

    AndrewT New Member

    The one on WHT.

    Do you have a rule for this other exploit? Or maybe you can PM me the link to it and I can see if we can get one working.
  8. MikeDVB

    MikeDVB New Member

    I've also now verified that this is indeed a legitimate vulnerability and exploit.
  9. cmanns

    cmanns New Member

    I'm interested too, just enabled mod_security first time ever ;-) :D

    Due to monthly cost - or yearly I'm shocked this hasn't been patched up yet or announced by LiteSpeed, though I do understand it's weekend should someone give then a ring a ding?
    Last edited: Jun 13, 2010
  10. DanEZPZ

    DanEZPZ New Member

    I just had an email from George saying it's being looked in to and they'll post a fix later today if they're able to replicate it.
  11. cmanns

    cmanns New Member

    Now I like to hear that :D
  12. anewday

    anewday Moderator

    Uh oh. So, there's only one mod_security rule?

    Are there any serious bugs in 4.0.14? It still haven't been activated in the auto upgrader in the web console.
  13. DanEZPZ

    DanEZPZ New Member

    It also affects 4.0.11,12 and 13 so it's not just a .14 thing.
  14. cmanns

    cmanns New Member

    I've not had a single issue that I can point out that is with 4.0.14, I used 4.0.13 for a few days or so when we fire'd up LiteSpeed on our cpanel box may 29th and back around Feb, .14 just seemed better :D
  15. Lauren

    Lauren LiteSpeed Staff

  16. anewday

    anewday Moderator

    Thanks for the quick fix.
  17. DanEZPZ

    DanEZPZ New Member

    Installed and tested and it seems to work perfectly, no longer an issue :)

    Thanks
  18. Lauren

    Lauren LiteSpeed Staff

    All platform builds have been updated.

    If you are unable to upgrade at this moment, please add mod_security rules to block this exploit suggested by khunj on webhostingtalk

    4.1RC build will be updated later.
  19. AndrewT

    AndrewT New Member

    Upgraded all servers and it seems to resolve the issue. Though the web console now seems to think 4.0.13 is the latest and should be installed.
  20. MikeDVB

    MikeDVB New Member

    Same. I've gotten dozens of notifications to upgrade to .13.

Share This Page