[Security] e107 Vulnerabilities


Wednesday, August 4th, 2010 - General

We have spent the last few weeks working to write a set of comprehensive script version checkers. The purpose of this is so that we can check the accounts on our servers and use it to notify our clients when they have outdated software.

As it has been pointed out in our Security Guide series, Keeping Scripts Up-To-Date is one of the best things you can do to insure that your website stays safe from hackers and other malicious users.

While these script version checkers still are not complete and are still going through quality assurance, we have found that a lot of e107 scripts are being exploited on our servers. As such, we will be using our e107 script version checker to find and identify accounts that have outdated e107 scripts and we will be sending out notices to those accounts. While we would have liked to have waited until this system was completely finished, we believe identifying outdated e107 scripts now is in everyone’s best interest.

If you receive one of these notices, please take the necessary steps to update your e107 script so that it does not lead to your account being compromised.

Because we are seeing so many e107 based accounts being exploited and compromised, we will have to disable those accounts that continue to run and use an outdated e107 script on their website. These websites that get exploited cause undue strain and affect the overall quality of our servers.

Scott