4Here is probably one of the biggest/fasting growing outage thread on WebHostingTalk — started by someone reporting FsckVPS connectivity issue yesterday morning. When I went to bed last night there was around 50+ pages of discussions, and now it has grown to 80+ pages. FsckVPS, one of the VAServ companies, was offering low-cost full-automated OpenVZ [...]
WebHostingTalk Database Compromised with Credit Card Stolen
Started work at 9:30am this morning and saw Ross’ Twitter status:
Is Your SSL Certificate Signed Using Vulnerable MD5?
Apparently 14% of SSL certificates were signed using vulnerable MD5 algorithm. Netcraft’s SSL Survey shows that 14% of valid third party SSL certificates have been issued using MD5 signatures . an algorithm that has recently been demonstrated to be vulnerable to attack by producing a fake certificate authority certificate signed by a widely-trusted third party [...]
Don’t Use FTP, But What Else?
Steve Frank’s article on Don’t Use FTP has been posted on various social news sites, and I think it is an excellent piece how this 20+ year old protocol should have retired from being the stock standard of transferring files at many web hosting companies. It is not secure (not guaranteed even when FTPS is [...]
Linux vmsplice Local Exploit – How Hosts Responded
SecurityFocus: Linux kernel memory access vulnerabilities, exploit included to get you root account on stock kernels between 2.6.17 and 2.6.24.1. Web hosts responded — Holy !$#&!!! CentOS 5, Ubuntu Edgy-Gutsy, Debian Etch — all these Linux distributions are affected. Basically a local user can gain root access, and with help from vulnerable applications that allow [...]
cPanel Security Hole Exploited in Wild
Netcraft: in reflecting to a previous report where HostGator sites were hacked to distribute IE exploits, HostGator responded saying that there is a bad security hole in cPanel that is currently wildly distributed. Hackers gained access to HostGator’s servers late Thursday and began redirecting customer sites to outside web pages that exploit an unpatched VML [...]
SSH Dictionary Attack Prevention with iptables
Last week (9-15 April). 8,750 failed SSH login attempt, averaging almost one per minute, trying out all kinds of possible user names and left tons of junk in my message log. The recent SSH brute-force attacks (actually it’s not that recent) are rather annoying, and this article at Whitedust.com has useful information on how to [...]