Category: Security

  • Debian Squeeze (6) ends support – time to upgrade

    February 29th, 2016 marks the end of LTS Support for Debian Squeeze, which is still used by many of our customers.  This means that updates for known security issues will no longer be produced and over time, a server running this version will become vulnerable to being exploited. Squeeze was released in 2011 and was…

  • SSLv3 and securing against Poodle

    If you are using SSL in your web server, you probably want to read this. Google recently published details about an attack that targets SSLv3. The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it…

  • NTP servers and DoS Attacks

    NTP servers have been in the news over the New Year, as security sites and social media talk about potential attacks. This is important because many linux servers run ntpd to help keep their clock time correct. One of the first reports and some solutions are clearly described on litnet … In LITNET we recently…

  • Identifying exploits and exploited websites

    I have made posts before regarding how to find exploits, and what to do about those previously, however it has come to my attention that some people are not even realizing what the basics are to look for. In this post i will give you ideas on what to look for, how to identify exploits…

  • Finding Exploits and Trojan php hacks on a website

    Its always unfortunate when you are exploited, and the best method to fix a site is to wipe and restore from a known backup as well as track down the entry point they gained access and fix it. Sometimes you need to ‘clean’ a site of these files before migrating things over however , or…

  • WordPress mass update script 3.4.2

    This script will search /var/www (changeable in a variable) for any wordpress installs and make sure its upgraded to the latest version. It will run a backup to /root/wp_upgrade/ of all files and database before doing anything with the site in case of major catastrophe (make sure you have spare disk space if your sites…

  • Keeping your hosting panel updated

    From time to time hosting control panels (Such as Plesk) get updated by their creators. Those updates may often include patches to critical vulnerabilities, so its a good idea to keep track of those. We try to keep our customers informed. One example is a recent notification from Parallels affecting some older versions of Plesk.…

  • Distrubution release support (CentOS4/Debian 5)

    Linux distributions keep moving forwards, and as they progress older releases stop receiving security patches or updates. As part of our commitment to maintaining reliable and safe services, we would like to highlight the following announcements… CentOS-4 End Of Life The CentOS-4 distribution (current version 4.9) will be at End of Life on February 29,…

  • Plesk updates and server security

    Recently we were advised of a significant vulnerability in all older versions of the Plesk Panel. If you have not done so recently, we strongly recommend you schedule some time to update. Extended details about that are available. You can follow their instructions to update your Plesk instance.  Or please just pop in a support…

  • WordPress mass update script 3.3.1

    This script will search /var/www (changeable in a variable) for any wordpress installs and make sure its upgraded to the latest version. It will run a backup to /root/wp_upgrade/ of all files and database before doing anything with the site in case of major catastrophe (make sure you have spare disk space if your sites…