Security is one of the major concerns we tackle in our Outsourced hosting Support for web hosting companies. Server compromises can lead to financial loss and affect the business credibility.
With our expertise managing hundreds of cPanel servers for web hosts, we have been able to identify and address all the security loop holes that can happen in a cPanel server. (more…)
Web hosts can never shun server security! Majority of them have setup firewalls such as CSF/LFD to protect their cPanel servers by blocking IP addresses of attackers or malicious users.
But we’ve seen many cases where these firewall settings are not proper, blocking even valid users who try to access their websites. Users then approach web hosts, complaining about site unavailability.
Outgoing spam is a major head ache for many web hosts. Spammers use compromised websites or mail accounts to send thousands of spam mail within a few mins.
By the time the web host comes to know about it, the server IP would be blacklisted (eg. SpamHaus SBL), and legitimate mails would be bouncing left and right. (more…)
VMWare has issued a latest security advisory VMSA-2016-0013, which addresses two critical vulnerabilities of VMWare products – CVE-2016-5335 and CVE-2016-5336.
These are severe vulnerabilities that affect VMware Identity Manager and vRealize Automation software. (more…)
On 28th July Internet Systems Consortium announced a critical vulnerability (CVE-2015-5477) in all BIND DNS server versions from 9.1.0 to 9.9.7-P1 and 9.10.2-P2. It allows a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service (DoS) attack which will cause the BIND DNS server to crash. If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not patched, you should consider them vulnerable. (more…)
Qualys reported on 23rd July an important root privilege escalation vulnerability (CVE-2015-3246), and DoS attack vulnerability (CVE-2015-3245) for Linux servers using RedHat’s libuser package. Here’s how you can protect your CentOS and RedHat server from these vulnerabilities. (more…)
GHOST vulnerability of Glibc was disclosed on 27th Jan. As with any breaking news about vulnerabilities, the initial reports were muddled about the severity of impact, and the extend of exploits running in the wild.
Bobcares Dedicated Linux Systems Administrators deliver zero-day protection against breaking vulnerabilities through agile security reaction procedures. In this case, the announcement said attackers can exploit the gethostbyname() function provided by Glibc, with a proof of concept hack done on an Exim server. So, the first order of business was to prevent any such hacks taking place in servers under our care.
Reports are coming in from our Dedicated Linux Systems Administrators about an evolving threat, disclosed earlier today.
A heap buffer overflow vulnerability in GNU C Library (glibc), allows remote or local actors to execute arbitrary code under the privilege of user running the function gethostbyname(). Qualsys, who reported the bug was able to remotely exploit this bug in an Exim mail server.
Linux servers with stable distributions marked as long term support are likely to be affected by this bug (CVE-2015-0235). The distributions we have counted till now include:
CryptoPHP is a well developed backdoor malware that is spread through themes for popular CMS like WordPress, Joomla and Drupal, etc. It runs a bot in your server, and allows remote control for the attacker controlling the botnet. The attacker can then use your server for a slew of malicious activity like spammnig, DDoS, blackhat SEO, etc. This could lead to your web servers to be blacklisted by DNSBLs / RBLs, and thereby loss of service reputation.
The threat was first published over 10 days back, but we see web servers still getting affected by this malware. Engineers at our Proactive Server Management Service mitigated this threat early on using multiple layers of protection. Here we go over the basics of detecting and mitigating this threat. (more…)
UPDATE 17th Oct – Some browsers like Firefox and IE 6 are reporting issues when SSLv3 is disabled. Fortunately, SSLv3 fix is available from OpenSSL, and major distros would soon be putting it to their repos. SSLv3 disabling can soon be done in a phased manner. Check comments for more info.
On Oct 14th Google published details of an SSL 3.0 vulnerability, which allows an attacker to secure session through a man-in-the-middle attack. Support for SSL 3.0 is available in all popular mail, ftp and web clients, which makes all your clients vulnerable to an exploit based on this bug. Since SSL 3.0 is an 18 year old obsolete technology, we recommend it to be disabled in all DirectAdmin servers.
Read : Top 7 SSL/TLS deployment best practices
Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers
See how we do it!
Pro-active Server Management service at Bobcares was notified of this vulnerability on 14th, and all servers that we maintain were secured against this vulnerability by disabling CBC ciphers.
Here is a quick script for you to check if your DirectAdmin server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable. (more…)