-
Reboot-less Xen patching
Recently there have been two sets of Xen vulnerabilities. One being disclosed in September, the other earlier today. Historically we have had to organize host updates which required downtime to reboot VMs. For these last sets of vulnerabilities we have been able to use a recently introduced live patching feature in Xen to mitigate the…
-
Whitelist your own computer in fail2ban
Fail2ban is a great “dynamic” firewall for servers that is installed by default on many of our VPSs, and we can install it on your VPSs at your request. It protects against brute-force attacks, where an attacker is trying to guess a password or exploit certain classes of vulnerabilities on servers. One potential problem with…
-
Using Fail2ban on wordpress wp-login.php and xmlrpc.php
A fair few customer of ours use wordpress and occasionally notice that there are people hammering on a few URLs This can cause high load, slow websites and a number of issues, espoecuially when you have more than a single IP hammering away at that. The solution is simple, and it involves using fail2ban. Here…
-
Monitor sites for exploits
We dislike dealing with exploited websites. A common cause is “the long forgotten outdated install from a web developer who left years ago. hoping works forever”. Public facing services need to be kept updated in order to remain secure, so script-kiddies can’t use your server for abuse, like selling dodgy medicinal products. One would always…
-
Keeping WordPress secure
According to Wikipedia, “WordPress is the most popular blogging system in use on the Web, at more than 60 million websites.” It’s also the most commonly installed blogging system on our customers’ servers, and we use it to run the blog you’re reading right now. One factor that has contributed to WordPress ‘s popularity is…
-
deghost ridding the world of the ghost vulnerability one host at a time
As part of our mission to wipe the ‘ghost’ vulnerability (CVE-2015-0235) from our customers servers we have created ‘deghost’. Deghost is a cross-distro script to determine the vulnerability of a libc library on a server and then patch that where possible. https://github.com/pbkwee/distrorejuve In most cases this is as simple as apt-get install libc6 or yum…
-
SSLv3 and securing against Poodle
If you are using SSL in your web server, you probably want to read this. Google recently published details about an attack that targets SSLv3. The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it…
-
Two Factor Authentication
We have just added optional two factor authentication to the RimuHosting control panel. You can enable it at http://rimuhosting.com/cp/twofactor.jsp It uses Time-based One Time Password (TOTP) so you will need an application like Google Authenticator or Authy. To enable 2FA scan the QR code to your TOTP application then enter the 6 digit token your…
-
Preventing brute force WordPress login attacks
Over the last month or two we have seen an increase in WordPress brute force login attacks. The symptom is typically higher CPU usage on your server (often resulting in slower page load times). It can be particularly painful on servers running php through fast CGI (like Plesk server setups). For a good summary of…
-
Identifying exploits and exploited websites
I have made posts before regarding how to find exploits, and what to do about those previously, however it has come to my attention that some people are not even realizing what the basics are to look for. In this post i will give you ideas on what to look for, how to identify exploits…