Dreamhost官方竟知道DedeCMS的漏洞
起因是这样的,站长的插件网 http://plugin.www.vpsite.net 以前因为漏洞导致VPS被取消过N次,和官方沟通保证甚至发誓了多次的折腾后,不得已将采集功能能关闭,禁用了多个函数,终于没有出现短时间大量流量导致VPS被取消的情况了!但是问题就出来了,因为禁用函数过大,导致无法发布文章,这是次要的。重要的是,我在同一台VPS上放了一个PT小说站,http://book.www.vpsite.net ,因为是小偷程序,采集是必须的了。
所以没办法,我就将站长的插件网搬到dreamhost了,没想到问题就来了。搬上去还没到两个小时!官方发来了这样一封邮件:
Hello,
During a scan of our servers we have identified that your DreamHost account is hosting an insecure website which may be targeted for malicious purposes or has already been compromised.
You appear to have an insecure version of the popular DedeCMS software on our server. Due to an increase in attacks against this software we have been forced to disable insecure versions until the webmasters are able to address this matter and upgrade their sites the a secure version. The current version of DeDeCMS is 5.7 released on 2011-10-15.
We have disabled any insecure sites found until you are able to address this matter, this is for the safety of our servers and the customers you share them with. We will require that you take a few minutes to address this matter and secure your account from further abuse.
Please note that re-enabling these insecure sites may result in the disablement of your account.
If you have any questions, please feel free to contact our support staff (make your subject line include ATTN: Security) and we will be more than happy to assist you with securing your sites.
Sincerely,
The DreamHost security team
翻译成中文大概是:
在我们的服务器进行扫描,我们已经确定了DreamHost的帐户托管不安全的网站,该网站可针对恶意的目的,或已经失密。
你似乎有不安全的一个DEDECMS我们的服务器上的流行软件的版本。由于增加对这个软件的攻击,我们已被迫停用不安全的版本,直到管理员能够解决这一问题,并提升其网站的安全版本。的DEDECMS当前版本是5.7发布于2011年10月15日。
我们已禁用发现任何不安全的网站,直到你能够解决这个问题,这是我们的服务器和你分享他们与客户的安全。我们会要求您花几分钟来解决这一问题,并取得进一步滥用您的帐户。
然后网站打开显示不得不说,这是一个很神奇的事情,dedecms 有这么流行吗?dedecms 有这么严重的漏洞吗?