Select Page

security administration


How to fix email error “550 permanent failure blocked”

Please help! When I send mails to two of my friends, one of them never receives it and I get a mail bounce.

That was a recent support request that we received at our Outsourced Tech Support Services, where we resolve support queries for web hosting providers.

The hosting user kept on getting the error “550 permanent failure for one or more recipients” from one of her contacts.

Why did this happen? Let’s dive into the details:

(more…)

A complete 14 point guide to secure cPanel servers

Security is one of the major concerns we tackle in our Outsourced hosting Support for web hosting companies. Server compromises can lead to financial loss and affect the business credibility.

With our expertise managing hundreds of cPanel servers for web hosts, we have been able to identify and address all the security loop holes that can happen in a cPanel server. (more…)

cPanel IP block – How to resolve and prevent IP blocks in cPanel/WHM servers

Web hosts can never shun server security! Majority of them have setup firewalls such as CSF/LFD to protect their cPanel servers by blocking IP addresses of attackers or malicious users.

But we’ve seen many cases where these firewall settings are not proper, blocking even valid users who try to access their websites. Users then approach web hosts, complaining about site unavailability.

(more…)

How to mitigate VMware vIDM local privilege escalation vulnerability

How to mitigate VMware vIDM local privilege escalation vulnerability

VMWare has issued a latest security advisory VMSA-2016-0013, which addresses two critical vulnerabilities of VMWare products – CVE-2016-5335 and CVE-2016-5336.

These are severe vulnerabilities that affect VMware Identity Manager and vRealize Automation software. (more…)

Fix for DoS vulnerability in BIND DNS service

Fix for DoS vulnerability in BIND DNS service

On 28th July Internet Systems Consortium announced a critical vulnerability (CVE-2015-5477) in all BIND DNS server versions from 9.1.0 to 9.9.7-P1 and 9.10.2-P2. It allows a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service (DoS) attack which will cause the BIND DNS server to crash. If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not patched, you should consider them vulnerable. (more…)

How to fix libuser root privilege and DoS attack vulnerability

How to fix libuser root privilege and DoS attack vulnerability

Qualys reported on 23rd July an important root privilege escalation vulnerability (CVE-2015-3246), and DoS attack vulnerability (CVE-2015-3245) for Linux servers using RedHat’s libuser package. Here’s how you can protect your CentOS and RedHat server from these vulnerabilities. (more…)

Agile infrastructure security – How central configuration management was used to quickly patch GHOST glibc vulnerability in data centers

Agile infrastructure security – How central configuration management was used to quickly patch GHOST glibc vulnerability in data centers

GHOST vulnerability of Glibc was disclosed on 27th Jan. As with any breaking news about vulnerabilities, the initial reports were muddled about the severity of impact, and the extend of exploits running in the wild.

Bobcares Dedicated Linux Systems Administrators deliver zero-day protection against breaking vulnerabilities through agile security reaction procedures. In this case, the announcement said attackers can exploit the gethostbyname() function provided by Glibc, with a proof of concept hack done on an Exim server. So, the first order of business was to prevent any such hacks taking place in servers under our care.
(more…)

GHOST hunting – Resolving glibc Remote Code Execution vulnerability (CVE-2015-0235) in CentOS, Red Hat, Ubuntu, Debian and SUSE Linux servers

GHOST hunting – Resolving glibc Remote Code Execution vulnerability (CVE-2015-0235) in CentOS, Red Hat, Ubuntu, Debian and SUSE Linux servers

Reports are coming in from our Dedicated Linux Systems Administrators about an evolving threat, disclosed earlier today.

A heap buffer overflow vulnerability in GNU C Library (glibc), allows remote or local actors to execute arbitrary code under the privilege of user running the function gethostbyname(). Qualsys, who reported the bug was able to remotely exploit this bug in an Exim mail server.

Linux servers with stable distributions marked as long term support are likely to be affected by this bug (CVE-2015-0235). The distributions we have counted till now include:
(more…)

Are your cPanel/WHM or Plesk servers infected with CryptoPHP?

CryptoPHP is a well developed backdoor malware that is spread through themes for popular CMS like WordPress, Joomla and Drupal, etc. It runs a bot in your server, and allows remote control for the attacker controlling the botnet. The attacker can then use your server for a slew of malicious activity like spammnig, DDoS, blackhat SEO, etc. This could lead to your web servers to be blacklisted by DNSBLs / RBLs, and thereby loss of service reputation.

The threat was first published over 10 days back, but we see web servers still getting affected by this malware. Engineers at our Proactive Server Management Service mitigated this threat early on using multiple layers of protection. Here we go over the basics of detecting and mitigating this threat. (more…)