Category Archives: Security

Important Linux Kernel & WordPress 4.7 Updates

A rather serious Linux kernel vulnerability (CVE-2017-6074) was publicized on Wednesday (2/22). This vulnerability has been present since 2006 so it affects a large number of systems and distributions, many of which are no longer maintained. Thanks to KernelCare, our servers were all patched within a few hours of this having been published without any service impact.

If you use or manage any other Linux systems, hosting related or otherwise, you should make sure that they have been patched as well. This vulnerability could ultimately result in a local user compromising the entire system. Likewise, if you’re using devices or operating systems that aren’t being maintained and thus won’t be patched at all, now would be a good time to upgrade.

While on the topic of security updates, I do also want to mention the critical WordPress 4.7.2 update that was released about a month ago. If you are running WordPress 4.7 and have some how managed to not upgrade to 4.7.2 by now, you should do so immediately.

As always, we will continue to stay on top of these security updates, keeping you safe and informed.

Critical PHPMailer & SwiftMailer Security Updates

Although the PHPMailer vulnerability was posted to our Script Security Forum a couple days ago, the widespread and critical nature of these warrants a post here as well. PHPMailer and SwiftMailer are both libraries used for sending emails. A very large number of scripts use one of these two libraries, including WordPress, Drupal, SugarCRM, Joomla and many others. Both libraries contain similar remote code execution vulnerabilities that can be exploited under certain circumstances.

It is very important that you make sure all instances of these libraries are updated. This will, unfortunately, be difficult to pinpoint in some cases since many plugins also include these libraries. Every core script, plugin and theme that you use should be investigated to determine whether or not these libraries are included and require updating.

All instances of PHPMailer must be updated to 5.2.21 or higher, which can be downloaded here.

All instances of SwiftMailer must be updated to 5.4.5 or higher, which can be downloaded here.

This would also be a good time to examine your plugins and themes to make sure they are all being actively maintained. As a general rule, if they haven’t received any updates within 6 months you should be concerned. If they haven’t received any updates within the past year, they probably shouldn’t be used at all.

The ongoing use of abandoned projects are one of the bigger risks that face websites like those powered by WordPress. While such a plugin may appear to be all good and up-to-date from within the WordPress admin panel, the developers may not have touched it in years and the project page may no longer even exist. As such, a regular audit of these is a very good idea and in general you should stick to more popular options when possible.

If you run into any issues with updating or have any questions please feel free to post a comment here, post on our forums or submit a ticket via our portal.

cPanel & WHM Two-Factor Authentication

We’re excited to announce that two-factor (2FA) authentication is now available for all of our cPanel and WHM users! Two factor authentication adds an additional layer of security to your logins by requiring a security code in addition to your username and password to login. This security code is provided by an application on your mobile device once setup on your account.

WHM users can find the “Two-Factor Authentication” link on the left menu under the “Security Center” as seen below.

whm-two-factor-auth

On this page you can go to the “Manage Users” tab to view and modify any cPanel users under your reseller account that have 2FA enabled. You can also go to the “Manage My Account” tab to setup 2FA on your own WHM account. Continue reading

Happy Halloween & Web Hosting Nightmares

We’ve finally made it to the last day of October and we all know what that means, Happy Halloween! Given the timing I thought it would be appropriate to discuss something scary that was discovered earlier this month…

dirtycow

The so eloquently named “Dirty COW” (copy-on-write) vulnerability that came to light a couple of weeks ago is what nightmares are made of when you’re a web host. This vulnerability (CVE-2016-5195) had been lurking in the Linux kernel since 2007 until it was publicized and patched earlier this month. All of our servers were patched within hours of this discovery thanks to CloudLinux’s KernelCare which allows us to apply such hotfixes without rebooting. Continue reading

Reminder: Password Security

As you may have heard, the full database from LinkedIn’s 2012 compromise was posted last month, resulting in more than 150 million additional user logins having been publicized. In light of all these login credentials being leaked from LinkedIn and other services, I wanted to (again) remind everyone of the importance of maintaining secure passwords and also provide some good general guidelines to follow.

Unique Passwords

Never re-use passwords for any reason. Every login that you setup must use an entirely unique password otherwise a compromise of one service compromises your logins for other services. This is becoming more of an issue as these incidents continue to occur. The last thing you want is for an online community compromise to result in the compromise of your email or bank logins.

Limit Access

Do not share your login information with others if it can be avoided. Doing so increases the risk of a compromise significantly since you have no control over how or where that login might be used. If you must provide your login information to a 3rd party you should set a temporary password and then reset it once the 3rd party no longer needs access. Continue reading

Critical Joomla Security Update

On Monday, December 14th, Joomla 3.4.6 was released to address a critical remote code execution vulnerability (CVE-2015-8562) that exists in all prior versions from 1.5.0 through 3.4.5. Hotfixes are also available for the older, unsupported 1.5 and 2.5 branches. It is imperative that you update all Joomla instances immediately. This was a zero day vulnerability that was actively being exploited prior to it having been discovered and patched. As such, it is remotely possible that your Joomla was already compromised.

We posted this to our forums and in our portal on Monday to give our clients a heads up but given the critical nature of this we figured another post couldn’t hurt. At that time we also deployed mod_security rules which we believe to sufficiently protect all Joomla instances hosted by us unless you have specifically disabled mod_security on the domain, which is not the default or recommended. As always, though, it is still important that these latest patches be applied immediately in order to secure your Joomla instances.

If you have any questions or concerns please don’t hesitate to contact us and we hope everyone has a Merry Christmas!

Script Security Updates

As the holiday shopping season has begun it is more important than ever for businesses to make sure their websites are secured against attackers. Staying on top of script updates (plugins and themes included) is one of the easiest and most vital parts of securing your website. We wanted to take a moment to cover a couple of serious updates that should receive special attention this holiday season.

A Joomla update (3.4.5) was released last month to address a critical remote and unauthenticated SQL injection vulnerability that is present in all 3.2+ versions. The severity of this cannot be stressed enough as it can allow attackers complete access to your account. We’ve had mod_security rules in place to block exploitation of this vulnerability since the day it was announced. To the best of our knowledge attackers have been unable to circumvent these rules but it is in your best interest to apply this update immediately if you have not done so already. If for some reason you’ve manually disabled mod_security on your website it remains fully exposed to this vulnerability if it hasn’t been patched and has likely already been compromised in some manner. For this reason we never recommend disabling mod_security. Further details concerning this update can be found here.

Last week a vulnerability in Zen Cart was also announced and has subsequently been patched. This is an arbitrary file inclusion vulnerability that again could allow attackers complete access to your account. Details and patches are available directly from Zen Cart here. Please note that public disclosure of this vulnerability is scheduled for December 16th but since a patch has already been released it wouldn’t take much for attackers to figure out how to exploit the vulnerability, if they haven’t already. All Zen Cart users should patch their instances immediately.

As always, we will continue to stay on top of these critical vulnerabilities and address them as possible or necessary. If you have any questions please feel free to submit a ticket via our client portal and we’ll gladly assist in any way that we can.

Security Update Roundup

There are many aspects to securing a website but one the easiest and most important things you can do is to stay on top of script updates as they become available. Our clients are generally pretty good about doing this but mistakes do happen. Attackers exploiting old, vulnerable scripts is by far the number one reason that we see sites being compromised. Cleaning a site once a compromise has already occurred can be a costly and time consuming process. Being proactive and keeping everything patched in a timely manner is far easier and significantly reduces the chance that your site will be compromised.

wordpress-logo-stacked-rgb

Popular scripts like WordPress have a very easy update process that can be run from within the administrative interface and be completed with just a couple of clicks. You can also configure your WordPress instances for automatic updates which can even take care of your plugins and themes as well. Another option is to configure Softaculous to automatically handle these for you. If you install a script using Softaculous this is very easy to do from their cPanel interface. Continue reading

Adobe Flash & GHOST: Critical glibc Vulnerability

flash logo

Lately it seems there has been no shortage of critical vulnerabilities being discovered in commonly used software. In the past couple of weeks alone, Adobe has had to release patched versions of Flash to address a trio of publicized zero day vulnerabilities. While as a host that doesn’t really impact us directly, it should be a top priority for anyone browsing the web. The vast majority of end-user computer infections come from malicious content taking advantage of such vulnerabilities. These can often lead to your login information being compromised which certainly does become an issue for us. As always, please be sure you’re staying up-to-date with these Flash patches as well as those for your operating system, web browser, Java, etc. Continue reading

Behind the Scenes: POODLE SSLv3 & Network Speedtest

As you may have heard, in October a new vulnerability was disclosed in SSL version 3 that was dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption). This allowed an attacker to read SSLv3 encrypted data via a man-in-the-middle attack. It has long been standard to disable SSLv2 and as a result of this new disclosure many providers, including us, have opted to disable SSLv3 as well. Disabling SSLv3 was really long overdue anyways and only used for legacy support of older operating systems that have long reached their end of life, such as initial releases of Windows XP. Any recent OS or software will instead use a version of TLS to connect which is now the only option that our servers permit. Aside from a couple of very minor cipher issues which were quickly remedied, we’ve experienced no problems with the deployment of these changes back in October. Ultimately this is just another small part that shows our ongoing commitment to security here at Dathorn, where keeping your data safe and secure is a priority.

Screen Shot 2014-10-15 at 10.53.07 AMIn other unrelated news, we have added network performance testing information to our network page. We frequently receive requests for information on how to test our network connectivity from a client’s location. To help make this process easier we’ve added this information directly to our website and have even setup a speedtest there. The image above shows some sample results from my own cable connection at home. Does anyone with Google fiber want to show off a bit?