Website Security Risk!

Just a quick note here, sort of a public service announcement. If your site is on a host that uses cPanel, you could be wide open to this security bug.

If you don't know, check. This affects a lot of sites, and I hope yours isn't one of them. I've heard that a lot of sites on GoDaddy have been hit, which indicates this is pretty widespread.

According to Red Hat customer portal... the bash code injection vulnerability CVE-2014-6271 could allow for arbitrary code execution, allowing an attacker to bypass imposed environment restrictions. Certain services and applications allow remote unauthenticated attackers to exploit this vulnerability by providing environment variables. As the Bash shell is the most commonly used shell today, the risk of impact from this vulnerability if left unchecked could be severe.

For additional information check the links below,

Resource #1 Click Here

Resource #2 Click Here

Resource #3 Click Here

Contact your hosting company if you have any concerns about your website security and don't forget to backup your site ASAP.

P.S. It is a "very good idea" to have a backup and recovery system in place for your websites.