-
Proftpd exploitable versions
Due the severity of the proftp bug, and the mixed systems and versions in the VPSs, we many customers have switched to use vsftp, others just started using sftp, regardless that we have the following notes for customers willing to enable proftpd again: The bug affects versions >= 1.3.2rc3, for more information: http://bugs.proftpd.org/show_bug.cgi?id=3521 Here is…
-
Forwarding email from one host to a new after migration
It seems a lot of people will move to a new server and want all the old email stuck in /var/mail – its not as easy as it seems to get the email migrated according to google, so I thought i would document it. If you have IMAP available, simply add the new account and…
-
WORDPRESS MASS UPGRADE SCRIPT 3.0.2
Its that time again, yet another release of wordpress is out, and this one seems important due to a few exploits. Read up here more about it http://wordpress.org/news/2010/11/wordpress-3-0-2
-
Introducing bakop
Introducing http://bakop.com, the offsite FTP backup service We have ‘broken out’ the popular RimuHosting-customer-only backupspace service into a standalone and separately branded service. That anyone can sign up for and use. You get to use however much space you need. No file quotas. The setup continues to use the linux-foo goodness that enables sshfs, sftp,…
-
Disabling exploitable proftpds
A stack overflow bug has been identified in ProFTPd. This bug allows users to gain remote access (usually root) to an attacker. This bug requires immediate attention and potentially a restore to the last backup image of your server. Information on the bug can be found here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4221 We have been handling the issue per…
-
Older versions of debian and updates
We have come across several users who run older versions of debian. This is usually fine, sometimes for some reasons users are unable to update for some time but require a package to be installed. This is where the fun begins…
-
Security at home – encrypted home directories
This isn’t directly server related at all, more for the home or office user who wants to make sure things are nice and secure. At the office we like to also make sure our desktops are fairly safe to connect from as well, mostly in case the machines ever get stolen, we know our data…
-
Updating old installs – Plesk – and other nasty issues
When choosing a VPS often people go with the distro that suits them best, usually one they find easy to manage. Whilst this is fine, you also need to remember that at some stage in the future you will need to reinstall or upgrade. Debian/Ubuntu based distros seem to scale and upgrade versions fine with…
-
Exploited VPS? phpmyadmin?
Currently we are being inundated with scans and exploits looking for new machines to take over, most of these are using insecure phpmyadmin installs. If you are unsure if your box has been hacked then the things to look for are similar to this…
-
Old versions of PHPMyAdmin and Automated Scanning
It has come to our attention that we have had a decent number of alerts about machines scanning on our networks in the last day. All of them have been running hacks from /tmp named things like /tmp/dd_ssh etc. These files are owned and run by the apache user, and on further investigation all put…
- Looney Tunables: ld.so library local privilege escalation (CVE-2023-4911)
- Announcing a new partnership: RimuHosting acquires NetValue’s hosting operations
- Introducing multi-user access for your RimuHosting account
- Zero-effort WordPress host migrations
- Worried about privacy on public meeting apps? Try Big Blue Button