Media Temple, Web hosting provider for Adobe, ABC, Sony, NBC, Time, Volkswagen, and Starbucks, was hit with a sophisticated distributed denial-of-service (DDoS) attack Tuesday.

The outage began about 3:50 p.m. PDT, when Media Temple’s domain name servers were deluged by a flood of traffic coming from outside the U.S., and lasted a total of about two-and-a-half hours, according to a tech support representative at the Los Angeles-based company.

“Due to the sophistication of the attack, our normal DDoS firewall prevention techniques didn’t block the attack adequately, as the traffic appears to be legitimate,” the company reported at around 5:40 p.m. PDT.

The company said it had initially blocked all traffic from Asia, South America, and Mexico to reduce strain on the network, but later removed the blocks. As of 6:10 p.m. PDT the network was reported stable.

“Overall, network health is normalizing, however more work must be done to mitigate the effects of this incident and prevent future occurrences,” the company said, adding that it would provide an update at 10 p.m. PDT.

Company representatives did not immediately return a call seeking comment.

Update May 25 at 11:59 p.m. PT: A tech support representative at Media Temple said the outage lasted a total of about two-and-a-half hours.

Click here to read full article…

(WEB HOST INDUSTRY REVIEW) — A report published Monday on the Register said a new phishing scam has been uncovered, targeting the webmasters of legitimate websites by appearing to be their hosting providers and asking for their administrator login details.

The new scam, which was reported on Saturday by security researcher Gary Warner, via a post on his blog, targets the customers of a long list of hosting providers, including some of the most widely used hosting companies – Go Daddy, Hostgator and Yahoo! among them.

Customers of these and other hosting companies, a list of more than 90 in total, have received emails that vary somewhat in content, but ultimately ask, “due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.”

Clicking on a link in the email takes the user to a page that imitates the appearance of the widely-used hosting control panel cPanel. Should the customer enter their information, they are then forwarded to their hosting provider’s login page.

“The goal seems to really be capturing the FTP userids and passwords of webmasters,” writes Werner. “You can imagine what sorts of badness this campaign may lead to.”

As pointed out in the Register story, an increasingly popular tactic among phishers, and distributers of Malware, is corrupting trusted websites, often a step in the distribution of the viruses that create botnets then used to distribute spam.

The Register cites recently-launched security firm Dasient, a company that provides antivirus-type security scanning and repair for websites, as reporting that 640,000 websites were infected with code designed to launch malware attacks on visitors.

From the webmaster’s perspective, having a website corrupted with malware can lead to a site being added on blacklists that can be very difficult to make it away from. Those blacklists are used by Google and Firefox, as well as other tools, to warn users they may be entering unsafe websites.

Werner advises webmasters targeted by the attack to let their web hosting companies know they have been targeted. We would similarly advise web hosting companies named on Werner’s list to let customers know they might be targeted by this sort of phishing email, in much the way banks have been doing for several years.

Original article written by Liam Eagle, www.thewhir.com

Joomla has announced the immediate availability of its 1.5.11 security release.

Users of the platform have been urged to download the release to upgrade their system as soon as possible by Joomla.

Updating the Joomla Hosting platform could allow continued ease of the web hosting service, which allows a website to be up and running as soon as possible.

Ensuring security fixes are in place can support web developers and designers in efficiently building websites for clients and to provide an effective service.

Joomla last announced a security release 11 weeks ago and the Development Working Group claimed that it continues to provide frequent updates for the Joomla community.

Individuals and businesses who require a “full-fledge, stable, extendable system that will help you to build a powerful website” can use Joomla, a Tech Republic blog noted.

The publication added: “Joomla is perfect for enterprise deployment where every piece of content must be well tracked.”

“Standout features” of the content management system include a language manager - which can support multiple languages at once - and syndication and news feeds to allow RSS content to be added to a site.

Original article written by Dipika Patel of Global Gold

Last week, Brian Krebs of The Washington Post spoke with Joe Stewart, a senior security researcher at Atlanta based SecureWorks, who probably has done more than any other researcher to make life more difficult and expensive for cyber crooks.

“…Stewart says the world needs a more concerted effort to identify — if not apprehend — top cyber criminal actors. He also said that ISPs need to be held more accountable when they ignore overt signs of persistent criminal activity on their networks.”

Read the full interview here: http://voices.washingtonpost.com/

Original article by Brian Krebs, The Washington Post