Select Page

Security Point Blogs


Fix Bash vulnerability in CentOS, RedHat, CloudLinux, Ubuntu Servers

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for all popular Linux web hosting servers such as CentOS, RedHat, Fedora, CloudLinux, Ubuntu, Debian and OpenSuse.

 

Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers

See how we do it!

 

If you have a Linux web hosting server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable to hack. Linux web hosting servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Resolving Bash vulnerability in InterWorx servers : How to fix CVE-2014-6217 Bash “Shell Shock” vulnerability

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for InterWorx servers.

If you have a InterWorx server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable to hack. InterWorx servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Resolving Bash vulnerability in Parallels Virtuozzo Containers

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is not yet known to be available for Parallels Virtuozzo Containers and Parallels Cloud Servers.

If you have Virtuozzo or Parallels Cloud Server, the individual containers will have Bash; and if you haven’t expressly patched it, assume that your server is vulnerable to hack. Containers typically operate with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Resolving Bash vulnerability in DirectAdmin servers : How to fix CVE-2014-6217 Bash “Shell Shock” vulnerability

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for DirectAdmin servers.

If you have a DirectAdmin server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable to hack. DirectAdmin servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Resolving Bash vulnerability in Parallels Plesk Linux servers : How to fix CVE-2014-6217 Bash “Shell Shock” vulnerability

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for Parallels Plesk servers.

If you have a Plesk Linux server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable to hack. Plesk servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Resolving Bash vulnerability in cPanel/WHM servers : How to fix CVE-2014-6217 Bash “Shell Shock” vulnerability

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for cPanel/WHM servers.

If you have a cPanel/WHM server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable. cPanel/WHM servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Is WordPress getting hacked often? Here’s a guide to secure WordPress hosting in Virtualmin/Webmin servers

With WordPress powering 61% of CMS based websites, it has become a lucrative target for hackers. Google blacklisting for phishing and email blacklisting for spamming is quite common in WordPress hosting. A well maintained WordPress site is immune to hacking, but in shared hosting, the majority of WordPress websites will be un-patched, and vulnerable to hacking.

Through a few simple strategies, it is possible to make WordPress immune to hacking. Here’s a quick check list on how server management services prevented WordPress hacking in Virtualmin/Webmin servers. (more…)

Is WordPress getting hacked often? Here’s a guide to secure WordPress hosting in InterWorx servers

With WordPress powering 61% of CMS based websites, it has become a lucrative target for hackers. Google blacklisting for phishing and email blacklisting for spamming is quite common in WordPress hosting. A well maintained WordPress site is immune to hacking, but in shared hosting, the majority of WordPress websites will be un-patched, and vulnerable to hacking.

Through a few simple strategies, it is possible to make WordPress immune to hacking. Here’s a quick check list on how server management services prevented WordPress hacking in InterWorx servers. (more…)

Anti malware security for web hosting servers – Securing Apache in cPanel, Plesk or DirectAdmin to avoid website blacklist

In a previous post we gave an overview on how Bobcares help desk support services has been able to prevent website blacklisting in popular website reputation lists. But that’s not all. Even PC anti-virus suites can block websites if malicious code is found in them.

Search engines and PC anti-virus like Google, Bing, Norton Safe Web or McAfee SiteAdvisor blacklists a website if malware is detected in them. Most websites are infected with malware due to insecure web apps, login details disclosure or insecure web server configuration.

(more…)

How to prevent website blacklist in Google, Bing or McAfee SiteAdvisor

This site may harm your computer
The website ahead contains malware
Malware detected on domainname.com

Are these some of the errors your shared hosting customers usually complain about? Are you concerned about your server security?

You are not alone. Google alone blacklists 10,000 websites daily for malware infection. In a shared hosting environment containing varied web applications with varying levels of security, malware infection is quite easy to happen. Even just one website with an outdated web application can cause that website to be blacklisted. (more…)