Ruby on Rails represents a widespread framework which allows developing web apps on the Ruby language. The Ruby on Rails app’s vulnerability is actively used by hackers with the view of compromising web servers and creation of a botnet.
Although avoiding the existing problem of vulnerability the developers of the Ruby on Rails have already launched a security patch in January. The problem is that some Rails installations have not yet been updated by server admins.
Security consultants are surprised that it has already been happening for so long to exploit the vulnerability, but what is more surprising is that users still run the vulnerable installation of Ruby on Rails.
This vulnerability is exploited for remote execution of the code on the Linux machines. This code loads malicious C source code from a remote server and then compiles it locally and executes.
If the procedure fails to compile, the system loads already compiled version of malware. The bot connects to the IRC (Internet Relay Chat) server and joins a specific channel through which it receives commands from the attackers. The malware’s precompiled version is also loaded in the event of the compromised systems fail.
According to security experts’ reports despite the limited capacity of vulnerability, it is dangerous and allows you to turn the Linux machines into bot. There is already evidence that systems of some web hosting are affected.
The hackers more and more often compromise web servers to be a part of botnets. For instance not so long ago Apache servers were infected with Linux/Cdorked malware.
The only way for users to avoid the risk to be hacked is to install at least versions 2.3.15, 3.0.19, 3.1.10 or 3.2.11 containing the CVE-2013-0156 patch. However the safest decision is updating to the latest Rails versions available.
- .NET Development
- Banking & Finance
- Communities & Social networks
- Custom App Development
- Development process
- Digital Marketing
- Drupal Development
- E-commerce & Retail
- IT Blog
- IT News
- IT Outsourcing
- Java Development
- Media & Entertainment
- Medicine & Healthcare
- Product engineering
- Project & Resources planning
- QArea inside
- Software Testing
- Start-up Development
- Technology & Innovation
- Travel & Hospitality
- Useful Tips
- Web Design
Best Frontend Programming Languages to Create Beautiful and Fast InterfacesRead more
Capability Maturity Model Integration – QArea's big journeyRead more
QArea is a Unique Services Provider in 2019 CEE AwardsRead more
Ultimate Development Trends in 2018 to Reward Your Business in 2019Read more
Why You Should Write Your Next Microservice Using GolangRead more
7 Reasons to Truly Love MicroservicesRead more
The Best Languages for MicroservicesRead more
QArea's Year: Summing Up 2018Read more