Archive for the 'General' Category

On May 30, 2020 the commonly used Sectigo (Comodo) Root certificate, named the “AddTrust External CA” Root, will expire.

Any websites that depend on this cross-signed root must be updated by May, 2020 or run the risk of outage or displayed error message. Clients running server cronjobs with tools such as curl, wget, internal servers tasks that depends on connecting to the website using a https connection will suffer downtime as a cause of this problem.

Clients looking for an immediate fix can purchase a 1x Hour of Support plan. Our emergency support is always available 24/7.

As for our Server Management customers, we’ve already taken actions to scan and replace outdated CA Root certificates in all your servers, so we’ve got your back!

Should you’ve any questions please don’t hesitate to email us or reach our LiveChat! Interface.

Thank you for choosing ServerBuddies!

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

Impact

  • An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system and gain root access instantly.
  • This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

It’s highly recommended to patch the system kernel in all Debian, Ubuntu, CentOS and RHEL distros to prevent system breakage.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

SBDavid

Wordpress Login LockDown

Wordpress Login LockDown

Limits the number of login attempts from a given IP range within a certain time period.

Description

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.

Installation

1. Extract the zip file into your plugins directory into its own folder.
2. Activate the plugin in the Plugin options.
3. Customize the settings from the Options panel, if desired.

Reference:
http://wordpress.org/extend/plugins/login-lockdown/

SBDavid

Denial of Service (DoS) Attacks

Denial of Service (DoS) Attacks

Attacker or group of attackers coordinate against an organization’s network or server resources by sending unauthorized packets to the target host (either server, router, or workstation). This forces the resource to become unavailable to legitimate users.

The most reported DoS case in the US occurred in 2000. Several highly-trafficked commercial and government sites were rendered unavailable by a coordinated ping flood attack using several compromised systems with high bandwidth connections acting as zombies, or redirected broadcast nodes.

Source packets are usually forged (as well as rebroadcasted), making investigation as to the true source of the attack difficult.

Advances in ingress filtering (IETF rfc2267) using iptables and Network Intrusion Detection Systems such as snort assist administrators in tracking down and preventing distributed DoS attacks.

SBDavid

SELinux in Ubuntu

SELinux in Ubuntu

SELinux is a Mandatory Access Control (MAC) system which is a kernel (LSM) enhancement to confine programs to a limited set of resources. SELinux can be enabled in Ubuntu by installing the “selinux” meta-package, which will make the needed changes to the system, and install the Tresys policies for Ubuntu:

sudo apt-get install selinux

After installation, you will be prompted to reboot the system to label and activate SELinux.
When using SELinux, files, including directories and devices, are referred to as objects. Processes, such as a user running a command or the Mozilla® Firefox® application, are referred to as subjects.

The following is an example of the labels containing security-relevant information that are used on processes, Linux users, and files, on Linux operating systems that run SELinux. This information is called the SELinux context, and is viewed using the ls -Z command:

$ ls -Z file1
-rw-rw-r–. user1 group1 unconfined_u:object_r:user_home_t:s0 file1

In this example, SELinux provides a user (unconfined_u), a role (object_r), a type (user_home_t), and a level (s0). This information is used to make access control decisions. With DAC, access is controlled based only on Linux user and group IDs. It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.

Next »