Please help! When I send mails to two of my friends, one of them never receives it and I get a mail bounce.
That was a recent support request that we received at our Outsourced Tech Support Services, where we resolve support queries for web hosting providers.
The hosting user kept on getting the error “550 permanent failure for one or more recipients” from one of her contacts.
Why did this happen? Let’s dive into the details:
Security is one of the major concerns we tackle in our Outsourced hosting Support for web hosting companies. Server compromises can lead to financial loss and affect the business credibility.
With our expertise managing hundreds of cPanel servers for web hosts, we have been able to identify and address all the security loop holes that can happen in a cPanel server. (more…)
Web hosts can never shun server security! Majority of them have setup firewalls such as CSF/LFD to protect their cPanel servers by blocking IP addresses of attackers or malicious users.
But we’ve seen many cases where these firewall settings are not proper, blocking even valid users who try to access their websites. Users then approach web hosts, complaining about site unavailability.
Outgoing spam is a major head ache for many web hosts. Spammers use compromised websites or mail accounts to send thousands of spam mail within a few mins.
By the time the web host comes to know about it, the server IP would be blacklisted (eg. SpamHaus SBL), and legitimate mails would be bouncing left and right. (more…)
VMWare has issued a latest security advisory VMSA-2016-0013, which addresses two critical vulnerabilities of VMWare products – CVE-2016-5335 and CVE-2016-5336.
These are severe vulnerabilities that affect VMware Identity Manager and vRealize Automation software. (more…)
On 28th July Internet Systems Consortium announced a critical vulnerability (CVE-2015-5477) in all BIND DNS server versions from 9.1.0 to 9.9.7-P1 and 9.10.2-P2. It allows a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service (DoS) attack which will cause the BIND DNS server to crash. If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not patched, you should consider them vulnerable. (more…)
Qualys reported on 23rd July an important root privilege escalation vulnerability (CVE-2015-3246), and DoS attack vulnerability (CVE-2015-3245) for Linux servers using RedHat’s libuser package. Here’s how you can protect your CentOS and RedHat server from these vulnerabilities. (more…)
GHOST vulnerability of Glibc was disclosed on 27th Jan. As with any breaking news about vulnerabilities, the initial reports were muddled about the severity of impact, and the extend of exploits running in the wild.
Bobcares Dedicated Linux Systems Administrators deliver zero-day protection against breaking vulnerabilities through agile security reaction procedures. In this case, the announcement said attackers can exploit the gethostbyname() function provided by Glibc, with a proof of concept hack done on an Exim server. So, the first order of business was to prevent any such hacks taking place in servers under our care.
Reports are coming in from our Dedicated Linux Systems Administrators about an evolving threat, disclosed earlier today.
A heap buffer overflow vulnerability in GNU C Library (glibc), allows remote or local actors to execute arbitrary code under the privilege of user running the function gethostbyname(). Qualsys, who reported the bug was able to remotely exploit this bug in an Exim mail server.
Linux servers with stable distributions marked as long term support are likely to be affected by this bug (CVE-2015-0235). The distributions we have counted till now include:
CryptoPHP is a well developed backdoor malware that is spread through themes for popular CMS like WordPress, Joomla and Drupal, etc. It runs a bot in your server, and allows remote control for the attacker controlling the botnet. The attacker can then use your server for a slew of malicious activity like spammnig, DDoS, blackhat SEO, etc. This could lead to your web servers to be blacklisted by DNSBLs / RBLs, and thereby loss of service reputation.
The threat was first published over 10 days back, but we see web servers still getting affected by this malware. Engineers at our Proactive Server Management Service mitigated this threat early on using multiple layers of protection. Here we go over the basics of detecting and mitigating this threat. (more…)