-
PolicyKit security hole
A security problem was recently announced that affects the linux distributions that we support. This is being called “PwnKit” (a.k.a. CVE-2021-4034). Most distributions have provided updates, so now is a good time to check and load outstanding OS security updates for your VPS, using apt for Debian and Ubuntu and yum for CentOS 7 and…
-
Exploits on Webmin 1.8xx and earlier
Developers have just announced the release of Webmin 1.930. This includes some important security fixes. If you have an older Webmin version please update urgently to insure your server remains secure. In particular they described an exploit that is fairly major. Should your install be too old to update, you can fix the bug by…
-
Spectre and Meltdown article roundup
Our team is working on the best approach to secure our customers’ systems against the recently reported Spectre and Meltdown vulnerabilities. Our first step is to understand the problem and its mitigations. This post provides a roundup of discussions and work on the topic with a focus on mitigation for the Xen hypervisor. The vulnerabilities…
-
Reboot-less Xen patching
Recently there have been two sets of Xen vulnerabilities. One being disclosed in September, the other earlier today. Historically we have had to organize host updates which required downtime to reboot VMs. For these last sets of vulnerabilities we have been able to use a recently introduced live patching feature in Xen to mitigate the…
-
Restoring an Exploited WordPress files
I previously had a 10 step process to replace all the files in a wordpress, this got rid of most file based exploits. Since then i have written a shell script that pretty much incorperates that wget http://blog.rimuhosting.com/files/restorewordpress.sh chmod +x restorewordpress.sh ./restorewordpress.sh /full/path/to/documentroot Note: This does not do custom themes or plugins (only ones from…
-
How to restore a WordPress site after hacks or exploits in 10 easy steps
A lot of people use WordPress, and seemingly a lot forget to click the upgrade button regularly enough and find they are exploited. In an ideal world, you would click that button whenever you see it needs updates, and have copious amounts of good backups. However, sometimes these things do not happen, and you need…
-
Identifying exploits and exploited websites
I have made posts before regarding how to find exploits, and what to do about those previously, however it has come to my attention that some people are not even realizing what the basics are to look for. In this post i will give you ideas on what to look for, how to identify exploits…
-
Finding Exploits and Trojan php hacks on a website
Its always unfortunate when you are exploited, and the best method to fix a site is to wipe and restore from a known backup as well as track down the entry point they gained access and fix it. Sometimes you need to ‘clean’ a site of these files before migrating things over however , or…
-
Blocking malicious crawlers or scrapers in Apache
Occasionally we see a customer who has a popular website that often gets people trying to crawl it and copy the lot, This has the unfortunate side effect that its hammering the site. Made worse only by dynamic pages and loops this can literally take down a server in some occasions. Often you can slow…
-
Apache exploit may crash your server – heres how to fix it
We have picked up that there was an exploit in Apache which can result in your server running out of memory. the discovery was noticed quiet some time ago, but never fixed, and it seems to have reared its head publicly resulting in some people actively attacking. There is no patch for apache as yet,…