First Exploit Lessons Learned

Think back to your first encounter with an exploit. Did you gain a valuable lesson learned?

My buddy Keith Dawson did. And so did I from his malware encounter.

I’ve known and worked with Keith for many years. He is a fellow tech writer, who has worked for some of the same IT pubs that I have. In his blog post this week,  aptly called Pwned, he writes about discovering his first exploit. It was a piece of malware that lodged itself into several of his Web servers.

The malware took advantage of a vulnerability in Plesk, a popular website control panel that is used by many hosting providers. Plesk patched the vulnerability within a few days of its discovery back in February, but Dawson didn’t get the memo.

It turns out he wasn’t on the proverbial list to get the warning. He isn’t the actual customer  of Plesk – it’s his hosting provider who is the customer. And it was his hosting provider that ran the systems that were exploited.

Dawson was lucky. His pwned servers were part of a DDoS botnet for 71 days, but they never got called up.

This brings up a very important point. If you are using hosted services, be aware of what various bits of code are running on them. A Web server could have more than the vendor’s code running on it. Make sure you bring these bits of code, such as Dawson’s Plesk control panel, up to date.

Related Links

  • Pwned [A Recovering Physicist]