Ahem. We interrupt your regularly-scheduled affiliate marketing with this announcement: if you've got any servers anywhere running the Web framework Ruby On Rails, you need to patch them or take the Ruby on Rails (RoR) application offline NOW.
RoR was quite popular a few years ago, and is still heavily used in webapps, so I can imagine a few members here might have the odd server running it - I know I did.
It turns out there's a critical - take-control-of-your-server critical - bug in the Rails code. Obviously, that's particularly important if you have, say, an old test project running on the same server as your tracking server or landing pages. A lot of sites have already been compromised, as it's easy to do a mass attack - this one's out in the wild and being used by the bad guys right now.
More details here and the Hacker News discussion.
The advice right now is either apply the patches - here's an article on how to do that - or take those RoR applications offline right the hell now if you don't need them.
Sadly there's not a lot of info that's written at a sub-hardcore-techie level yet - if you've got an RoR server but can't make head or tail of the situation, post here and I'll try to help.
Yea, i got notified by Heroku about this few hours ago. Updated immediately, the vulnerability is pretty serious.