Venetsian Jakimov

Entrepreneur, Website Developer and SEO Expert

Die Hard 4 - the Real Version!

Yep, today we did a major security upgrade on one of our servers due to one serious CMS security fault which allowed "unauthorized person" to write on other user‘s accounts and add stuff. This so called hacker was actually a worm virus that was spreading thru Linux Server networks and eventually came to us.

Hopefully we found it quite quickly (10 minutes after first contact) and disinfected the system, but that didn‘t fix the whole issue because the security exploit allowed it to infect it again 5 minutes later. That made us push this major update and isolate each account so that this problem would be fixed, but actually fixing one thing made tons of other issues.

Now the sad thing about my work is that when you fix one thing, you have to break something else and this simply sux. In this case most CMS systems require PHP global variables to be OFF, but some require them to be ON. The thing that made my day like a living hell is that 50% of our clients use global registers on the CMS systems and the other 50% can‘t run their CMS‘es due to this register ....

So what happened? We were in "fix it"/"break it" situation where no solution really worked properly. Yes we got the worm but we made tons of angry clients that don‘t have a single clue that we saved their data!

At the end I ended up all day explaining what happened and trying to fix "websites" from showing the 500 error -- internal server error -- (when a .htaccess file runs PHP flag and the server security configuration does not allow each user to manipulate it). That made us move clients around servers and cause a bit of downtime.

Fortunately for me, my shift is now over and I‘m going home! The only thing I can say is - "It sucks to be the server administrator" ;-(