Tag Archives: Security

Shellshock-bug

How to Protect your Server Against the Shellshock Bash Vulnerability

Posted on

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the “Bash Bug”, was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash’s ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk. The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorised remote users to assign Bash environment variables. […]

Continue reading
WordPress xmlrpc wp.getUsersBlogs attack

WordPress xmlrpc wp.getUsersBlogs attack

Posted on

Recently we began monitoring increasing number of WordPress xmlrpc attacks, where a large number of passwords is submitted for user “admin” via xmlrpc.php file. Our security system blocks such attempts for all Managed Hosting clients or cPanel with Account Shield protectio, so they do not even hit WordPress websites. However, WordPress websites running elsewhere may be vulnerable. Below we publish one of the lists of passwords submitted as XML POST request, make sure your “admin” user password is not one of those. The XML file submitted typically consists of around 1000 passwords, making usual brute force attack a more efficient […]

Continue reading
Virtual just in time patching

Virtual Just In Time patching – how it works

Posted on

One of the benefits of having the Secure Account option for your hosting is that it protects your website against new vulnerabilities discovered/disclosed for the applications you use. For example, Drupal 7.38 came out this morning with critical security updates, which leaves your Drupal 7 website vulnerable until you apply the security update. The Virtual Just In Time security is a set of firewall rules that filter all traffic received on your website. It detects and stops any attempt to exploit those vulnerabilities at the server level so that your website stays protected! We still recommend to apply security patches for […]

Continue reading
poodle-ssl3-vulnerability

Recommendations for POODLE: SSLv3.0 vulnerability (CVE-2014-3566)

Posted on

RedyHost security team has been made aware of a vulnerability in the SSLv3.0 protocol, which has been assigned CVE-2014-3566. All implementations of SSLv3.0 are affected. What Is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory. Netscape originally developed Secure Sockets Layer (SSL) to be a means of protecting data as it was sent across a network. Version 1 was never released, and when SSLv2 came out in 1995, there were a number of flaws that made […]

Continue reading
Heartbleed

Security recommendations around the Heartbleed vulnerability

Posted on

On April 7, 2014 the OpenSSL Project released an update to address a critical vulnerability known as Heartbleed (CVE-2014-0160). This vulnerability, which affects multiple sites across the Internet, could be remotely exploited to leak sensitive information. Actions by RedyHost RedyHost has reviewed all of our sites and applications, and we have determined that the few of our sites, including the Client Area https://www.redyhost.com.au/cc/clientarea.php, cPanelhttps://my.redyhost.net.au:2083 were vulnerable to this issue. This has been patched immediately, and we have replaced our SSL certificates. Changing your password RedyHost has no evidence that any customer data (including user names and passwords) was exposed. However, if […]

Continue reading