Author Archives: Quill

Over three-quarters of all installs are insecure, research shows

A recent article in the UK Register stated that more than 78 per cent of all PHP installations are running with at least one known security vulnerability, a researcher has found.

The researcher, Anthony Ferrara reached this disturbing conclusion by correlating statistics from web survey site W3Techs  against lists of known vulnerabilities in various versions of PHP.

What he found is that far too many PHP-powered websites (WordPress, Drupal,  Joomla, etc) are using insecure versions of the language. So much so he asserts it’s actually easier to find an insecure PHP setup on the internet than a secure one. “This is absolutely and unequivocally pathetic,” Ferrara wrote.

The two most popular PHP releases, according to W3Techs’ statistics, were versions 5.2.17 and 5.3.29. Together, they accounted for 24 per cent of the total – and both are insecure.

Curious to see how Darwin rated we submitted a considerable number of local companies’ Web sites through the interface.

We’re pleased to say that TheWebHostingMachine, Digital Mojo and Dash Media displayed up to date versions of PHP (above 5.3.29) across all their web sites that we submitted.

We’re not pleased to say that other suppliers’ web sites that we submitted unfortunately lined up with the global trend. Like Anthony Ferrara we found far too many web sites made by Darwin companies were running PHP 5.2.17 (four past its end of life date).

If you want to test your own web site, just go to and enter in your domain name.

Contact us if you think we can help you with your web site security.


Telstra issuing ‘tainted’ Fixed IPs

Small businesses need tobe aware that Telstra is now issuing businesses Fixed IP Addresses that were formerly part of a block of 262,142 Dynamic IPs. These IPs are blacklisted for commercial use by several respectable RBLs (Real time Black Listers) such as SpamHaus.

Many organisations such as banks, government departments and other more secure web sites precheck IP addresses using SpamHaus and other RBLs and will block internet access from this range of Fixed IPs.

This has happened to 2 of our clients last week. Each of them wasted countless hours trying to explain to Phillipino call centre staff, firstly what the problem was and then how Telstra needed to fix the problem. The first client was lucky and was allocated a new Fixed IP outside the ‘tainted’ range. However the second client was told that there were no other Fixed IPs available from Telstra. Unfortunately, as of the time of writing Telstra has not been in contact with SpamHaus and the other RBLs, they are simply applying to SpamHaus, etc to have each individual IP removed from the black-lists on a one by one basis. Which means; (1) any new IP allocated from the block of 262,142 Dynamic IPs will have exactly the same issues; and (2) the same time wasting process is going to occur each time.

Why is this happening? There are two parts to that answer.

The first is that Telstra like all ISPs worldwide, is running out of available IP addresses and needs to ‘draw down’ on blocks that were previously allocated only for dynamic use.  This happens as more and more businesses and individuals need Fixed IPs for more secure internet connections.

The second part is that as far back as 2006 ISPs notified the RBLs (of which there are now in excess of 300) that certain ranges of their IPs were Dynamic and other ranges were Fixed. This is mainly to stop spammers using Dynamic temporary IPs for sending emails; so the underpining logic for this separation makes good sense. Unfortunately, many of these ISPs, like Telstra, have lost their corporate memory and now forget to go back to the RBLs to inform them to update their database Lists. And yes, regrettably the updating process is entirely manual. There is no standard automated way that the RBLs can check that the IPs have changed purposes. Telstra and iiNet (and possibly otehrs) put the word “fixed” into the name associated with the IP (the PTR record) but unfortunately this is not an industry standard.

What does this mean for you? If you have been give an IP by Telstra in the range to then you should first got to and enter that IP into the “Enter an IP address” text area and click on the “Lookup” button. If you see a listing in red saying something like “ is listed in the PBL, in the following records:” and if you take the blue hyperlink “PBL1552428” and see “ is listed on the Policy Block List (PBL)“; then you have this problem.

You can try and contact Telstra and ask them to fix the issue, but unless you are talking to a senior technician they simply won’t understand what you are saying. So on the same page that indicated you had the a problem click on the “Remove IP from PBL” button. But be aware that that has only fixed your new IP at SpamHaus and you may encounter issues accessing other sites at organisations that reference different RBLs.