Permissions Exploit Affecting Files On Some Websites

We have discovered an exploit that is effecting the files on some of the websites hosted on our Squid 15 server. We are currently looking into this issue and will update when we have more info.

Update 6:04PM PST: It appears that websites that have directory and file permissions set too high (777) were affected.

Update 6:23PM PST: We have isolated the modified files and are working to restore them from last night’s backup.

Update 6:59PM PST: We have isolated the source of the exploit. An old version of a script that a customer was using was exploited and allowed files that were set to 777 on the server to be overwritten. We have removed the exploit script from the customer’s website and are in the process of restoring the modified files from backup.

In the meantime, if you do not want to wait until the restore to finish and you have a recent backup of our websites files, you can try replacing the files that were modified. Also please make sure to change any files or directories with permissions that are set too high.

Update 8:27PM PST: The restore from backup is almost complete. Once done, we will restore them to their original location on the server, which will then should repair any damage done to the affected websites.

Update 9:40PM PST: The modified files have been restored from backup, so any broken websites should be fixed now. If you see any problems, please let us know through the Help Desk.

Please Note: Always make sure to keep your file permissions at a safe level in order to help prevent your website from being exposed to exploits like this one. Of course along with that make sure to keep all of your scripts updated.