You know I’m looking out for you, right?
I just got an email this morning about a newly discovered vulnerability in the code that runs more than half the sites on the Interwebs.
This pertains specifically to WordPress sites, but ANY website that uses PHP scripting is potentially vulnerable.
So this may or may not affect you directly. And chances are it won’t, if the forces of good beat back the forces of evil.
But you should know about it just the same.
If you don’t manage your website personally, I recommend you forward this to the person who does.
Here’s the Executive Summary:
A researcher found a vulnerability in PHPMailer, a commonly used software script that sends email from web-connected servers.
The vulnerability allows this script to be run remotely without authorization. In other words, someone potentially could hack your site and start using your server to start sending spam, or worse, to send mail with virus attachments to your customers — or anyone else, for that matter.
If that happens, your site could be shut down by your web hosting company.
It could also mean an expensive repair job by an often hard-to-find uber-techie to wipe the malicious files from your server.
If you happen to be on a shared server, it potentially means your site could get shut down if someone else’s site on the same machine gets hacked, even if you do everything right!
What should you do?
As I write this, there are no known viruses or other malware currently exploiting this security hole, so there’s no reason to panic.
It’s safe to assume, however, that since this is now public knowledge, some a-hole out there is working feverishly to come up with something that WILL exploit it, as fast as their Cheetos-stained little fingers can type.
I can assure you that the WordPress community is also working feverishly, to come up with a fix for this vulnerability.
The advice offered by the good guys is to make sure your WordPress site is running the latest release of WordPress, and as soon as the next update comes out — which could be any day now — to update it again.
To make this easier on yourself (or your web admin), turn on the auto-update feature in your WordPress dashboard.
If your site is NOT built on WordPress, you should check to find out if it uses PHPMailer in any way, and if it does, confirm your server has the latest version of PHP and PHPMailer installed.
And, similarly, as soon as any updates are released for PHP and/or PHPMailer, be sure to install them.
For more details and links to the nitty-gritty details, go to the blog at www.wordfence.com.
To get alerts like this emailed directly to your mailbox so you can stay ahead of the curve, subscribe to The Internet Examiner, your source of Online Marketing Intelligence for Local Business Owners.