Fanatical Support
Got Rackspace? Got WordPress? If so… you may just have a problem.
We’ve been getting calls today from Rackspace clients (hosting WordPress sites) that have been compromised similarly to the GoDaddy hack a few weeks back. The Unmask Parasites Blog has an excellent article on the attack posted on their, well, their blog.
There are some huge sites that have been hit, and some not-so-large as well (we personally were hit by an earlier attack). In the “Is Cloud the answer” debates, this will surely become an example of how a compromise in the cloud, can devastate an entire farm.
Update 6/19/2010
Shortly after this article was initially posted, Rackspace via their Rackcloud Twitter account posted the following message:
Reports, schmeorts.
Of course… details never came. I tweeted them myself (Oh no you didn’t… Oh yes I did):
Show me the money.
At this point, they haven’t replied to my request or posted any additional information on their twitter account. I think they moved on… the next day they were more interested in talking about how “Cassandra by Example translated to Japanese!”
Also, one day… one day I’ll spell check my tweets. Until then, read at your own grammatical risk.
Read more:
http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/
In response to “In the “Is Cloud the answer” debates, this will surely become an example of how a compromise in the cloud, can devastate an entire farm.”, I’d like to point out that there’s nothing about this attack specific to a “cloud” environment. If it did come through an outdated phpMyAdmin install as some think any environment with shared database servers (cloud, shared hosting, and many VPS providers) would be equally vulnerable. Even if you’re running it yourself on your own private servers forgetting to do your apt-get update/upgrade regularly would lead to the same vulnerability.
Pingback: Fred Posner
Pingback: Fred Posner
Pingback: Dom Wood