Using PHP v5 becomes dangerous in 6 weeks

 In Articles, Exploits, Malware, News, Threat Intelligence

WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, these sites are in a precarious position and will become exploitable as new PHP 5 vulnerabilities emerge without security updates.

What is End-Of-Life or ‘EOL’ in Software?

When a software product reaches EOL, it is no longer supported by software developers. That means that, even if someone finds a security hole in the software, the developers will not fix it.

If a development team is productive, they will release many versions of the software they work on over time. It becomes impractical to support every version of the code ever released. So a compromise needs to be made.

This compromise is that the development team will only support their software for a certain amount of time. After that time has elapsed, the development team suggests that the user community upgrade to a newer version of the same software, which usually does things better than the old versions and is fully supported.

Is PHP Version 5  going to be EOL soon?

Yes. PHP version 5 will be declared End-Of-Life on January 1st, 2019. That is, in approximately 6 weeks at the time of writing.

If you think you still have time, you are sorely mistaken. Malicious actors have already started probing websites that are running PHP v5.6 and older by testing for shell upload vulnerabilities.

Shell upload vulnerabilities allow an attacker to upload a malicious PHP file and execute it by accessing it via a web browser. The “shell” is a PHP script that allows the attacker to control the server – essentially a backdoor program, similar in functionality to a trojan for personal computers. If the attacker can upload this page/shell to a web site, they can control the application server. Shell upload vulnerabilities are very easy to find and exploit in PHP. File uploads are usually handled by the move_uploaded_file() function, so searching for calls to that function can reveal code that might be potentially vulnerable.

Through Mjolnir’s leading Threat Intelligence platform, our investigators are tracking malicious actors probing and making lists of vulnerable websites.

We performed a search for the last 60 days to identify all the attacks where c100.php was queried. Our findings show an uptick from 14 October 2018 on the frequency of attacks, which perfectly coincides with articles such as PHP 5 End of Life is upon us; why you should care  appearing in the news. As the malicious actors learn of the impending security weakness, they have started flexing muscles so to speak. Check the graph below:

c100.php Mjolnir Security End of Life PHP 5

The targeted websites look concentrated in the United States, which does not mean that they are the biggest victim. Most of the world’s websites are hosted within Data Centers physically present in the United States.

c100.php Mjolnir Security End of Life PHP 5

 

If you are unsure of your current websites’s php version or are interested in learning more on how you can be protected, get in touch with us!

The full list of targeted countries is here:

Country Count
United States 77896
Germany 11982
United Kingdom 5108
France 4973
Netherlands 4540
Japan 4381
Canada 2298
Poland 1903
Russian Federation 1754
Australia 1708
Spain 1632
Denmark 1546
Sweden 1453
Italy 1319
Turkey 1124
Ireland 1091
Singapore 886
Virgin Islands (british) 825
Hong Kong 793
Switzerland 751
Czech Republic 713
South Africa 488
Brazil 450
India 433
Romania 401
Austria 391
Indonesia 389
Norway 369
Hungary 364
Finland 350
United Arab Emirates 320
Ukraine 291
Viet Nam 282
Belgium 258
Thailand 219
Estonia 209
Lithuania 206
Slovak Republic 180
Portugal 179
New Zealand 163
Bulgaria 159
Korea (south) 157
Malaysia 157
China 151
Israel 149
Iran 139
Argentina 124
Slovenia 101
Luxembourg 95
Chile 87
Croatia 83
Cyprus 81
Greece 68
Latvia 65
Taiwan 58
Cayman Islands 57
Belarus 46
Serbia 39
Seychelles 36
Mexico 34
Iceland 31
Kazakhstan 22
Colombia 17
Morocco 14
Philippines 14
Moldova 13
Bosnia And Herzegovina 9
Bangladesh 8
Ecuador 8
Egypt 8
Panama 7
Nepal 7
Belize 6
Puerto Rico 6
Pakistan 6
San Marino 6
Nigeria 6
Venezuela 5
Bahamas 5
Saudi Arabia 5
Cameroon 4
Honduras 4
Macedonia 4
Costa Rica 4
Kenya 4
Afghanistan 4
Sri Lanka 3
Iraq 3
Georgia 3
Cambodia 3
Saint Kitts And Nevis 3
Bhutan 3
Barbados 2
Liechtenstein 2
Mongolia 2
Isle Of Man 2
Rwanda 2
Azerbaijan 2
Syria 2
Tunisia 2
Cape Verde 2
Occupied Palestinian Territory 2
Armenia 2
Kyrgyzstan 2
Zimbabwe 2
Malta 2
Uruguay 2
Tanzania 1
Burkina Faso 1
Kuwait 1
Laos 1
Monaco 1
Mauritius 1
Qatar 1
Dominican Republic 1
Lebanon 1
Albania 1
Guatemala 1
Madagascar 1
Uganda 1
Lesotho 1
Dominica 1
Libya 1
Botswana 1
Bolivia 1
New Caledonia 1
Algeria 1
Uzbekistan 1

Read more on shell vulnerabilities here: https://blog.securityinnovation.com/blog/2014/01/preventing-shell-upload-vulnerabilities-in-php.html

Recent Posts

Start typing and press Enter to search