A rather serious Linux kernel vulnerability (CVE-2017-6074) was publicized on Wednesday (2/22). This vulnerability has been present since 2006 so it affects a large number of systems and distributions, many of which are no longer maintained. Thanks to KernelCare, our servers were all patched within a few hours of this having been published without any service impact.
If you use or manage any other Linux systems, hosting related or otherwise, you should make sure that they have been patched as well. This vulnerability could ultimately result in a local user compromising the entire system. Likewise, if you’re using devices or operating systems that aren’t being maintained and thus won’t be patched at all, now would be a good time to upgrade.
While on the topic of security updates, I do also want to mention the critical WordPress 4.7.2 update that was released about a month ago. If you are running WordPress 4.7 and have some how managed to not upgrade to 4.7.2 by now, you should do so immediately.
As always, we will continue to stay on top of these security updates, keeping you safe and informed.
There’s been a lot happening here under the radar over the past month, so this gives us a great opportunity to post another of our “Behind the Scenes” updates. To start, we completed migration of all remaining CentOS 5 servers due to its end of life date, March 31st, quickly approaching. One of these servers was our primary DNS server (ns1) which was seamlessly migrated to a new CentOS 7 server without any service interruption.
CloudLinux’s LVE Stats 2 made its way out in a stable release, completely overhauling how system resource usage data is recorded on our servers. CPU and RAM usage is now recorded with much greater precision but perhaps most important is the new snapshot functionality. Now, when a CPU or RAM usage fault occurs, a snapshot of the account’s running processes is recorded. This allows you to go back and see what was running when a fault occurred, which is very helpful in identifying what caused it. Previously, no such information was available unless you actively witnessed the fault occurring.
PHP 7.1 was officially released and shortly thereafter available on all of our servers via CloudLinux’s PHP Selector. Our servers now offer PHP versions 5.4, 5.5, 5.6, 7.0 and 7.1. Version 5.6 is the default on new cPanel accounts and this can easily be changed via the “Select PHP Version” link in cPanel. Continue reading
Although the PHPMailer vulnerability was posted to our Script Security Forum a couple days ago, the widespread and critical nature of these warrants a post here as well. PHPMailer and SwiftMailer are both libraries used for sending emails. A very large number of scripts use one of these two libraries, including WordPress, Drupal, SugarCRM, Joomla and many others. Both libraries contain similar remote code execution vulnerabilities that can be exploited under certain circumstances.
It is very important that you make sure all instances of these libraries are updated. This will, unfortunately, be difficult to pinpoint in some cases since many plugins also include these libraries. Every core script, plugin and theme that you use should be investigated to determine whether or not these libraries are included and require updating.
All instances of PHPMailer must be updated to 5.2.21 or higher, which can be downloaded here.
All instances of SwiftMailer must be updated to 5.4.5 or higher, which can be downloaded here.
This would also be a good time to examine your plugins and themes to make sure they are all being actively maintained. As a general rule, if they haven’t received any updates within 6 months you should be concerned. If they haven’t received any updates within the past year, they probably shouldn’t be used at all.
The ongoing use of abandoned projects are one of the bigger risks that face websites like those powered by WordPress. While such a plugin may appear to be all good and up-to-date from within the WordPress admin panel, the developers may not have touched it in years and the project page may no longer even exist. As such, a regular audit of these is a very good idea and in general you should stick to more popular options when possible.
If you run into any issues with updating or have any questions please feel free to post a comment here, post on our forums or submit a ticket via our portal.
We’re excited to announce that two-factor (2FA) authentication is now available for all of our cPanel and WHM users! Two factor authentication adds an additional layer of security to your logins by requiring a security code in addition to your username and password to login. This security code is provided by an application on your mobile device once setup on your account.
WHM users can find the “Two-Factor Authentication” link on the left menu under the “Security Center” as seen below.
On this page you can go to the “Manage Users” tab to view and modify any cPanel users under your reseller account that have 2FA enabled. You can also go to the “Manage My Account” tab to setup 2FA on your own WHM account. Continue reading
We’ve finally made it to the last day of October and we all know what that means, Happy Halloween! Given the timing I thought it would be appropriate to discuss something scary that was discovered earlier this month…
The so eloquently named “Dirty COW” (copy-on-write) vulnerability that came to light a couple of weeks ago is what nightmares are made of when you’re a web host. This vulnerability (CVE-2016-5195) had been lurking in the Linux kernel since 2007 until it was publicized and patched earlier this month. All of our servers were patched within hours of this discovery thanks to CloudLinux’s KernelCare which allows us to apply such hotfixes without rebooting. Continue reading
It has been a little while since our last “Behind the Scenes” post so here’s another quick update of what’s been happening here at Dathorn. First, we are very happy to announce that we’ve completed the upgrade and migration of all of our hosting servers. Every single client is now on a server utilizing our latest hardware and software packages. This includes items like MariaDB, PHP Selector and, of course, pure SSD RAID 10 storage. The only mechanical drives that we’re using now are solely for backup storage and eventually these will be phased out as SSD capacity continues to grow.
Since all of our servers are now utilizing CloudLinux’s PHP Selector, we no longer have to perform scripted rebuilds of PHP and related dependencies as they are updated. As such, we will no longer be announcing these minor updates on our forums since they really don’t have any impact for our clients to be concerned about. You can always keep an eye on “Alt-PHP” updates on the CloudLinux blog if these items interest you.
Earlier this month we completed the deployment of cPanel version 58 across all of our servers. Most visible among the updates would be the changes made to Paper Lantern which you may have already noticed. There were, however, a number of system changes that aren’t so visible. One that you should be aware of is that the “Trash” folder on email accounts is now included in the email account’s disk usage. Believe it or not, this wasn’t the case before and it just didn’t make much sense. This often created confusion because email accounts would be reported as using far less disk space than they actually were. While this doesn’t change the cPanel account’s disk usage at all, it does allow email disk usage to be more accurately reported and managed, which is long overdue.
Going forward through October, we do still have some internal services that we need to migrate to new servers, such as our primary name server (ns1) and some backup servers. This is necessary as we approach the end of life for RHEL 5 / CentOS 5. We’ll be taking this opportunity to replace some older Adaptec RAID controllers with newer LSI ones as well. This maintenance won’t have any impact on clients but I did want to provide some insight on what we have planned here. That’s all for now, we hope you’re enjoying the cooler Fall weather as we are!
The Paper Lantern cPanel theme has been around for quite a while now and the biggest complaint that we and our clients have had with it is that the account’s usage details aren’t immediately visible upon logging in as seen below.
Important usage details can easily be overlooked since it’s no longer the first thing that you see. You have to select the “Statistics” or “Dashboard” tab to view any of this information. Often times clients login only for the purpose of viewing this information, thus adding unnecessary steps. Some clients opted to switch to the “Retro” Paper Lantern style to address this.
Finally, in cPanel 58, the developers have addressed this by reverting to the prior statistics bar view, similar to what was present in the old X3 theme. The only real difference is that this information is now displayed along the right side instead of the left. Continue reading
As we get close to completing all of our server upgrades, I wanted to go ahead and quickly highlight a feature that is available on the new servers. We’ve permitted clients to change the version of PHP that their site uses for many years now but this has always required a modification to the domain’s .htaccess file. Although this wasn’t particularly difficult, it has been simplified even further with the inclusion of PHP Selector. PHP Selector is a CloudLinux component that sits on top of CageFS and allows each cPanel user to select their desired PHP version.
Once you’ve logged into cPanel you’ll find the “Select PHP Version” option under the “Software” menu group as shown below.
As you may have heard, the full database from LinkedIn’s 2012 compromise was posted last month, resulting in more than 150 million additional user logins having been publicized. In light of all these login credentials being leaked from LinkedIn and other services, I wanted to (again) remind everyone of the importance of maintaining secure passwords and also provide some good general guidelines to follow.
Never re-use passwords for any reason. Every login that you setup must use an entirely unique password otherwise a compromise of one service compromises your logins for other services. This is becoming more of an issue as these incidents continue to occur. The last thing you want is for an online community compromise to result in the compromise of your email or bank logins.
Do not share your login information with others if it can be avoided. Doing so increases the risk of a compromise significantly since you have no control over how or where that login might be used. If you must provide your login information to a 3rd party you should set a temporary password and then reset it once the 3rd party no longer needs access. Continue reading
We have successfully completed the migration of all clients from our old billing system (Ubersmith) to our new one that is integrated within our existing portal. For some of you, tomorrow will be the first time you’ll experience the new system when your service renews. We would love to hear any feedback you might have!
Being able to integrate our billing into our existing support mechanisms has been a tremendous help in simplifying processes both for us and our clients. We look forward to growing the available feature set going forward, including the ability for you to manage hosting plan changes without our intervention.
Earlier this month you may have heard of a new vulnerability in ImageMagick named “ImageTragick“. ImageMagick is a software suite used to create or edit many different types of images. One of the most common use cases involves their “convert” utility which is used to convert images from one type to another and resize them. cPanel, for instance, uses it as do a number of image gallery related scripts, shopping carts, etc. Because of this, the potential impact of ImageTragick was quite high.
Although it is fairly trivial to create a policy file or simply update ImageMagick to address the issues, care had to be taken to make sure all instances of ImageMagick were addressed. In many cases, our servers had two or three different versions of ImageMagick that needed to be taken care of. It’s not uncommon for it to be installed on the server as a general package in addition to the versions that both cPanel and CloudLinux provide. As always, you can rest assured that we’ve taken all possible steps to address these new attack vectors and will continue to monitor for further issues going forward.