Drupal Exploits – script to detect versions

We are currently seeing a high volume of Drupal exploits running a lot of arbitrary code, including crypto mining, attacking other servers and similar due to this exploit  https://www.drupal.org/sa-core-2018-002

 

If you want to find out if you have any vulnerable Drupal installs quickly and easily i wrote a shell script for that . Just run the following from console

wget http://blog.rimuhosting.com/files/drupaldetect.sh
 
bash drupaldetect.sh

 

It will output something like this ..

root@servername:~# bash drupaldetct.sh  
You have version 7.58  located at /var/www/vsc/  
You have version 7.58  located at /var/www/vsfrts/  
You have version 7.23  located at /var/www/corehtapts/  
Looks like Drupal at /var/www/mgvec/ , but can't tell the version 
You have version 7.50  located at /var/www/courtland/drupal/  
You have version 7.0  located at /var/www/richvvrve/drupal/  
You have version 7.58  located at /var/www/mrvegc2/  
You have version 7.32  located at /var/www/ridvervee/drupal/ 

Any version prior to 7.58 is exploitable, and its safe to assume you should replace ALL the files as per https://www.drupal.org/docs/develop/security/your-drupal-site-got-hacked-now-what

Posted in Rimuhosting | Leave a comment

32 to 64 bit distro crossgrades for Debian and Ubuntu

The demise of 32 bit distros is nigh!

Some distros are dropping or reducing support for 32 bit versions.  e.g. only providing 64 bit ISO downloads.

Some software makers are no longer putting out 32 bit versions of their software.  e.g. Since version 9 Oracle have only released a 64 bit version of Java.

In most cases you will be fine to remain on 32 bit distros until you need some software application that is 64 bit only (e.g. Java 9 or Java 10).  If you have a lot of memory and are not limited by the 32 bit application 4GB per process limit then running a 64 bit kernel on a 32 bit distro can be a good option.

One way to escape your old or 32 bit distro is to setup a newer server and migrate to that (or reinstall your current one).  However for some customers this can be difficult.  Migrating databases.  Bringing across custom configs and cron jobs and bespoke setups.  Changing IPs.

If you do not have the luxury of a reinstall then you may want to consider a cross grade.  Where you convert a 32 bit distro to a 64 bit one.

We have been adding 32 to 64 bit cross grade support to our distrorejuve tool.  At the moment the script is in alpha.  We recommend you make a full server snapshot prior to starting the process.

You can run the distrorejuve 32 to 64 bit crossgrade as:

Continue reading

Posted in HOWTO | Tagged , , , | 1 Comment

Modernizing your ancient server distro

RimuHosting has now been providing VM servers for over 15 years.

Back in the day the state of the art distros we setup for customers included 32-bit Debian 3- and Ubuntu 6-based servers.

Things have moved on.  By default all new orders are setup with 64-bit distros.  And Debian is up to version 9, while Ubuntu 18.04 is about to be released.

The newer distros are almost exclusively the ones you will want.  They will have the latest libraries and applications.

Continue reading

Posted in HOWTO | Tagged , , , , | Leave a comment

Spectre and Meltdown article roundup

Our team is working on the best approach to secure our customers' systems against the recently reported Spectre and Meltdown vulnerabilities.  Our first step is to understand the problem and its mitigations.  This post provides a roundup of discussions and work on the topic with a focus on mitigation for the Xen hypervisor.

The vulnerabilities

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Spectre (aka “Branch target injection”) includes:

SP1) speculative execution to perform bounds-check bypass (CVE-2017-5753)

SP2) utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively

Meltdown:

SP3) third variant (CVE-2017-5754) rogue data cache load.  Relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block.  Subsequent memory accesses may cause an allocation into the L1 data cache even when they reference otherwise inaccessible memory locations. As a result, an unprivileged local attacker could read privileged (kernel space) memory (including arbitrary physical memory locations on a host) by conducting targeted cache side-channel attacks.

Continue reading

Posted in Rimuhosting | Tagged , , , | Leave a comment

Kernel 4.14 LTS released

Walnuts - by George HodanWe have added the latest 4.14 kernel to our list of stable kernels for 64bit VPS servers.

The 4.14 kernel includes a large number of performance enhancements, including ...

  • filesystem io
  • block_mq scheduler improvements
  • new selectable scheduler options for disk io
  • improved cryptographic performance
  • cgroup2 support merged

Continue reading

Posted in Featured | Tagged , , | Leave a comment

Letsencrypt with Zonomi and Rimuhosting name servers using hooks

SSL is good, you should use it everywhere!

Letsencrypt it is a project that allows you to obtain signed certificates for free (you should consider donating though) to secure your website. Big efforts have been done to make this accessible to anyone.

In order to issue SSL certificates Certificate Authorities will check that you can control the domain, by either 1) sending validation emails to specific addresses within domain, 2) requesting special files in the website for the domain or 3) setup special DNS records that are checked during the certificate issue, Letsencrypt specially likes to do the latter two. These special files or DNS records are normally called challenges, and if you host DNS zones with Rimuhosting or Zonomi name servers now there is an easy way for you to issue Letsencrypt certificates.

(Photo by Steven Lilley )

Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , , | Leave a comment

Virtualmin Changes binding from ip:80 to *:80 and breaks older configs … FIX

We have found some virtualmin installs will change the format of new virtualhosts from ip:80 to *:80 sometimes which breaks virtualhosts as the *:80 overrides the ip:80.
This can result in websites showing another website content, and usually shows up right after you add a new domain in virtualmin.

Continue reading

Posted in Rimuhosting | Tagged , , | Comments Off on Virtualmin Changes binding from ip:80 to *:80 and breaks older configs … FIX

Reboot-less Xen patching

Recently there have been two sets of Xen vulnerabilities.  One being disclosed in September, the other earlier today.  Historically we have had to organize host updates which required downtime to reboot VMs.

For these last sets of vulnerabilities we have been able to use a recently introduced live patching feature in Xen to mitigate the vulnerabilities for most of our hosts.  The live patching swaps out an exploitable function, with a patched function.  It can do this without restarting the host or the VM.

Live patching will work for most (but not all) vulnerabilities.  Resulting in fewer VM restarts, and less client disruption.  Taking a little more hassle out of your hosting.

Posted in Rimuhosting | Tagged , , | Comments Off on Reboot-less Xen patching

DKIM and subaddressing added to 25mail.st

We have added a couple of features to the 25mail.st service.

First, we now support DKIM email signing. This lets our email servers sign outgoing messages so that recipients can verify that the email was sent from an authorized server. You will need to add a DNS entry for each email domain wishing to have their emails signed. Adding a 25mail.st DKIM key will not affect other email servers you may be using. To get it setup see: https://25mail.st/faq.jsp?is_require_login=Y#dns

We have also added subaddressing. So you can invent subaddresses on the fly (e.g. peter+work@example.com or peter+tag@example.com) and by default they will all arrive to that user's mailbox. For more details see https://25mail.st/faq.jsp?is_require_login=Y#subaddressing

Photo credit: cayusa

Posted in Rimuhosting | Tagged , , | Comments Off on DKIM and subaddressing added to 25mail.st

Whitelist your own computer in fail2ban

Fail2ban is a great "dynamic" firewall for servers that is installed by default on many of our VPSs, and we can install it on your VPSs at your request. It protects against brute-force attacks, where an attacker is trying to guess a password or exploit certain classes of vulnerabilities on servers.

One potential problem with fail2ban and similar tools is the false positive problem, that is, banning yourself from your own VPS, particularly if you don't always get your password right. In this post, I'll explain how to fix that problem using fail2ban's whitelist feature.
Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , | Comments Off on Whitelist your own computer in fail2ban