=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN552
_____________________________________________________________________

DATE                      : 23/12/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpMyVisites versions prior to 2.4.

======================================================================
http://www.phpmyvisites.us/
______________________________________________________________________


phpMyVisites version 2.4: Security release
16 december 2009 - 17:00

We are releasing phpMyVisites 2.4 to address a security issue that was
recently reported. The security issue is in the third party Clickheat
library. We release phpMyVisites 2.4 without the Clickheat plugin. We
urge every phpMyVisites user to update as soon as possible to
phpMyVisites 2.4 as the security issue is critical.

Is your web server contaminated?

It can be hard to tell as the crackers are using quite clever techniques.

    * If you have a file phpmv2/datas/thumbs.php, you are affected.
    * If you are on a dedicated server, try to execute ps faux and look
for SSH connections that are not supposed to be there (eg. sshd fakelogin@priv
fakelogin being a login that doesn't exist on your server or is not supposed
to exist).
    * Look in your website directories, are there new files, especially
suspicious looking files like numbers 8475875.php or styles.css.php or
fotter.php or s.php?
    * Are there new .htaccess that are not supposed to exist?
    * look at your actual website files (especially if written in php), do
they contain code that is not yours at the top or at the bottom? Things like
base64_decode, eval, gzinflate, are a sign that you are infected.
    * Note: do not only look in phpmv2/ files, also look in your website files
or any file on your server (to help, look at files that have a modification
time that is suspicious)

How to update phpMyVisites to 2.4?

Backup your phpmv2/config/ directory on your computer or on your server. Delete
your existing phpmv2 directory. Reupload the new phpmv2 directory from the 2.4
download. Now, reupload your backed up /config/ directory in the new phpmv2/
directory. Your phpMyVisites should work fine and is now secure!

We also recommend that you rollback your other websites and files on your server
to a clean backup. For better long term support, we highly recommend that you
start using Piwik which is the new project we are working on: new features being
added every month, and much more powerful! Piwik, the new version of the most
famous web analytics open source software! Visit piwik.org for more information
about the open source alternative to Google Analytics.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================