How To Protect Your Server From The GHOST Vulnerability

Want to know more about GHOST Vulnerability? It is listed as a Critical issue and is officially known as CVE-2015-0235. It is a vulnerability located in the glibc library of most Linux systems and takes advantage of a condition called a “buffer overflow” and can allow a remote attacker to gain complete control of a system. Any system running a version of glibc older than 2.18 is likely to be susceptible to an attack in this manner.

How to Check Your Server

Red Hat Enterprise Linux & CentOS
You can use rpm (the Red Hat Package Manager) to check the glibc version:
[root@box ~]# rpm -q glibc
The command will give an output similar to this:
Note the version information, highlighted in red in the above example. If this version matches, or is more recent than the versions listed below, you are safe from the GHOST vulnerability:
- CentOS 6: glibc-2.12-1.149.el6_6.5
- CentOS 7: glibc-2.17-55.el7_0.5
- RHEL 5: glibc-2.5-123.el5_11.1
- RHEL 6: glibc-2.12-1.149.el6_6.5
- RHEL 7: glibc-2.17-55.el7_0.5

Any version older than these is vulnerable to GHOST and should be patched as soon as possible.

Debian & Ubuntu

The ldd command, used to check for dynamic dependencies, can be used to see the version of glibc on Debian-based systems, including Ubuntu:
debianbox:~# ldd -version
The output will look similar to this:
ldd (Debian EGLIBC 2.11.3-4) 2.11.3
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
Written by Roland McGrath and Ulrich Drepper.

Note the version information, highlighted in red in the example. If this version matches, or is more recent than the versions listed below, the system is not vulnerable to GHOST:

– Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
– Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20
– Debian 7 LTS: 2.13-38+deb7u7

Any versions older than these are vulnerable and should be patched as soon as possible.

How to Fix the Vulnerability

The simple way to fix the GHOST vulnerability, is to use the default package manager for your distribution to update the glibc version. Below, we will offer sample processes for a Red Hat/CentOS based environment, and for a Debian/Ubuntu based environment.

The default package manager for Red Hat Enterprise Linux, CentOS, and related distributions is yum:
[root@box ~]# sudo yum update glibc
When the system prompts you for confirmation, respond with ‘y’.

Once the system is done updating, you will need to reboot it. This is necessary because glibc is used by many applications, and those applications must be restarted to use the new library version. Theoretically, you could manually restart each application, but if you miss one, you will leave your system vulnerable to attack. You can reboot your system with either of the following commands:
[root@box ~]#sudo reboot
[root@box ~]#sudo shutdown -r now
Once your system has restarted, make sure the vulnerability has been patched by using the instructions from the earlier section.

Debian & Ubuntu

The default package manager for Debian, Ubuntu, and related distributions is apt. For currently supported versions of Debian and Ubuntu, update all of your packages to the latest version available. In most situations, we recommend doing a ‘dist-upgrade’, however, in some cases this may cause issues with certain packages, as the dist-upgrade command can add and remove packages in addition to upgrading them. If you are concerned that this is the case on your system, you can use ‘upgrade’ as an alternative, though make extra sure to check your system for the vulnerability afterwards if you do this.
debianbox:~# sudo apt-get update && sudo apt-get dist-upgrade
debianbox:~# sudo apt-get update && sudo apt-get upgrade
In either case, then respond to the confirmation prompt with ‘y’.

Once the system is done updating, you will need to reboot it. This is necessary because glibc is used by many applications, and those applications must be restarted to use the new library version. Theoretically, you could manually restart each application, but if you miss one, you will leave your system vulnerable to attack. You can reboot your system with either of the following commands:
debianbox:~# sudo reboot
debianbox:~# sudo shutdown -r now
Once your system has restarted, make sure the vulnerability has been patched by using the instructions from the earlier section.

For more information about the GHOST vulnerability, please see this link from the United States Computer Emergency Readiness Team (US-CERT):

5 Common Website Security Mistakes

People often make fundamental mistakes with their websites and servers. These mistakes can ultimately cost a lot. This happens to not just new website owners but to seasoned ones as well. In fact, you could be making some of the mistakes below essentially harming your business. Fortunately, this guide explains some of the common mistakes every website owner should avoid in order to gain the most from your online presence.

Mistake 1 – Not Monitoring Your Backups
Backups are the forgotten website security pillar. Most website owners do not understand how backups fit into their web security strategy. Backups are your safety net. With a backup, you can quickly restore a part of, or your entire website when bad something happens.

A lot of bad things can happen to your website:

Hackers can compromise your site
A careless key stroke can overwrite important files
Web hosting equipment might fail

These and other scenarios will give you sleepless nights if you do not monitor your backups to make sure they are properly running and completing successfully.

The importance of monitoring your backups cannot be overstated. Just think how effectively you could recover from a complete website crash. Here are some important ideas on monitoring your backups:

Ask your hosting provider how often they backup your data, and the number of copies they keep.
Get a copy of your website files, including photos, artworks and any other unique fonts used to create header graphics, logos, etc. from your web developer.
Back up your site’s database from your control panel. If you need help to complete the backup, contact the support team of your web hosting provider.
Back up 3rd party applications such as your blog, newsletter subscription list, etc. so that in case something happens with your providers, you have a backup solution.
Consider 3rd party backup tools and services which keep the backups in a safe and remote location.

Mistake 2 – Not Changing Default Settings and Usernames
A lot of website applications, (think of something like WordPress), include a default set of usernames, passwords, and settings to provide a consistent installation experience. After the installation has been completed it is critical to change those default usernames, passwords, and configurations. Keeping with the WordPress example, the WordPress installation creates an account with the username ‘admin’. A default location for managing your WordPress site is created at http:///wp-admin.

Hackers will test your site to see if those default values are in place. If they are found, they will begin to run software targeting your website to figure out your password. There are also a number of installation files that should be removed once you have completed your installation. These scenarios are not unique to WordPress, we just used them as an example. It is a good idea to search for a ‘How to Secure X Application’ guide for each of the applications you are using.

Mistake 3 – Ignoring Software Patches
Many website owners wonder why they should apply a software patch when things are working fine. However, by ignoring software patches or updates, you are leaving the door wide open for malware and other attacks. This exposes anyone who depends on your website to unwanted risk.

Software patches and updates are packages of software that are released by software vendors to address security vulnerabilities in existing products. Hackers exploit software vulnerabilities to deliver malware and other threats. Sometimes, software patches contain product enhancements and bug fixes. The patches are installed over the existing installation and therefore do not need un-installation or re-installation of the current software in question. Your only role is to accept the software update and the updater does its thing. Just make sure you have a good backup first.

You should never ignore those software updates. Besides enhancing your site’s performance and user experience, they provide protection against malicious threats and cyber-attacks. Moreover, you should understand all the implications of a software patch. When in doubt, consult your web developer or the customer service team at your hosting provider.

Mistake 4 – Not Monitoring for New Security Updates
Security updates are a constant feature just like the software updates. In fact, security updates are sometimes rolled into software patches. Security updates usually come out in point releases and are often clear on what they are intended to address. Security updates do not normally introduce new features and are instead focused on preventing vulnerabilities.

Some security updates can be managed automatically while others need manual effort. Whatever the option, you should not forsake monitoring the release of security updates of the applications being used to run your website. These updates, as previously mentioned, are released to address specific security issues and failure to apply those updates compromises the security of your website. It is important to install security updates in a timely manner. You can also go the extra mile and look for plugins which have extra layers of security and install any updates for those as well.

The other kind of security update does not involve anything to install but rather deals with database management and hosting. This involves things such as setting a strong password, locking down file permissions, checking the sites you link to, using SFTP for file transfers, and looking beyond shared hosting plans. These tactics add an extra layer of security to your website and should never be ignored.

Mistake 5 – Failure to Monitor for New Server Exploits
A server is exploited when it is no longer under your total control. Another party is using your server for their individual purposes. Common examples of server exploits include someone using your server to send spam emails, launching attacks on other servers with your clean IP being used as the attacking source, installing a phishing site on your server, or installing programs which try to steal passwords and other log in details when a person visits your website. Server exploits negatively affects your online reputation. It is therefore important to always remain alert for any signs of server exploits.

Although your hosting provider will report suspicious activity from your server, it is normally too late at that point. The best thing you can do is to constantly check for lapses in your web security and immediately address them. For example, servers mainly get exploited when an authorized person guesses a password and logs in as a user or when a security hole in the web application has been exploited. It therefore goes without saying that every user must have a strong password and you should remain up to date on the security of any webapp you have installed in your site. With these tips, you will stay on top of server exploits.

Bonus Tip! – Not Monitoring Uptime
Server uptime is critical to a business. Databases and file services, web and email servers are indispensable to most business processes. Downtimes negatively affect productivity, sales, customer and employee satisfaction. Downtime hurts. You must find a means to monitor server uptime at all times.

With the right service, monitoring servers and websites becomes easy. You will be the first one to know when your site is down, and you will easily monitor the performance of your site. It is important to get a service that is thorough in server and website uptime monitoring to prevent unnecessary disturbance.
Server uptime monitoring helps you provide better user experience to customers and other people who visit your site. It also gives you useful information on the reliability of your hosting provider. If you are getting a raw deal, you will realize it.

Your website is your gateway to the global online marketplace. It is important to check these 5 common mistakes so to get protect your presence on the Internet and get the most value as possible out of your website.

Microsoft To End Support For Windows 2003 Servers

Microsoft has announced that they will end support for Windows Server 2003 in July of 2015.

All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2] (link is external) As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.

Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.

Read the US-CERT alert at https://www.us-cert.gov/ncas/alerts/TA14-310A