Rackspace is the latest in a string of recent hosting provider caused hackings of client websites. Unfortunately some hosting providers continue to not take the basic steps to keep their customers secure from hack at the hosting provider level. One of the most basic security steps is keeping software updated, which Rackspace has failed to do so with at least one major software component. On January 27, phpMyAdmin, a widely used MySql database administration tool, released a security advisory warning of “critical” vulnerability in version of 2.11.x prior to version 2.11.10. The secure version of phpMyAdmin had been released month prior to the security advisorie’s release. Rackspace finally upgraded their installation of phpMyAdmin running on their Rackspace Cloud service on June 13 and that was only after “after customer reports brought” it to their attention. Up until then, they had not updated phpMyAdmin since version 2.11.3 was released, which was back in December of 2007. Rackspace claims that they have “reviewed and adjusted our procedures so that going forward we will do better to stay up to date with the latest security releases of phpMyAdmin”.
Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
- Hackers Hiding Malicious Code in Exif Data of Images
- Outdated Software Is Not Necessarily the Cause Of Your Website Being Hacked
- ManageWP Shows Lack of Concern for Security by Running Insecure Version of WordPress
- Keeping Track of the Update Status of Web Apps on the Websites You Manage
- Drupal Websites Not Receiving Security Updates in a Timely Manner
Web Software Updates
WordPress VersionWe are running WordPress 3.9.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Did We Make a Mistake?While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.