SEO Hosting FAQFlexible SEO Hosting – Pay only for what you need!

Beware of These 4 Common and Dangerous Cyberattacks

July 24th, 2014

Last week Google unveiled Project Zero, a new team dedicated to making Internet users less vulnerable to cyberattacks. From Heartbleed to Cryptolocker, the headlines are increasingly full of news about scary new threats that target the average Internet user.

“You know to delete that email that tells you you’ve won the lottery, so attackers have to change their approach over time,” Chris Weber, the co-founder of Casaba Security, told NBC News. “But really, these are new spins on old kinds of attacks.”

Here are four common and dangerous types of cyberattacks to watch out for — and how to avoid or fix them.

Ransomware

What it looks like: Ransomware falls under the large cyberattack umbrella of “malware” –- malicious software — and it’s a particularly scary brand. It locks up a victim’s computer files and demands payment in exchange for unlocking them.

Internet Danger: What Is Ransomware?

Victims of ransomware usually see a pop-up warning that overtakes the device’s screen, blocking access and encrypting files. The message demands the victim pay hundreds of dollars to unlock the files and regain access to the computer.

What to do: While it’s tempting to pay the ransom, security experts say that’s a bad idea: There’s no guarantee the crooks will actually free the files, and funding criminal activity only fuels it.

Ransomware victims can try to remove the malicious program themselves using anti-virus software, or take the infected device to a computer repair shop. If the ransomware can be removed, sometimes that’s all that’s needed: if the files weren’t actually encrypted, they would be accessible again. But if the files were indeed encrypted as threatened, removing the ransomware won’t change that.

“Unfortunately this is one of those cases when if your data has been encrypted, there’s just nothing you can really do,” Kevin Johnson, the CEO of cybersecurity consultancy Secure Ideas.

As with most malware, ransomware is often unwittingly downloaded when users open email attachments or click on links, so as always caution is advised.

Sketchy video sites that ask you to install a “codec” or update

What it is: Didn’t feel like paying to stream that new movie, eh? It can be tempting to watch it for “free” on a website that streams pirated video, but these disreputable sites are sometimes filled with potential cyberattacks.

In this type of attack, victims click what looks like a regular video player in an attempt to stream the content. But then a message pops up telling the user to install a “codec” or other kind of update in order to view the video. Victims who download the so-called update are actually installing malware on their own computers.

What to do: Be wary of any message that pushes you to download something in order to view a video. And it’s not only sketchy “free video” sites: spammy viral video clips that make their way around Facebook could also be malicious. (One of the exceptions is Netflix, which uses Microsoft Silverlight to stream video.)

“You really have very few reasons to have to install anything to watch content on the Internet,” Dave Aitel, the CEO of security firm Immunity Inc., told NBC News. “But people say, ‘I really want to watch that show, so I’ll click until the clip starts playing.’”

Malicious links in messaging apps and social networks

What it is: This threat is perhaps the most similar to attack methods that have been around a while. That old spam email that contains a malicious link or attachment isn’t dead; it has simply moved to networks where people are active, and where they think they can trust a network of friends.

“We know to be more careful about email, but getting infected now isn’t like it used to be,” Raj Samani, the chief technology officer for McAfee’s EMEA region, told NBC News. “It could be a link in a LinkedIn connection request that looks legitimate, or a Twitter direct message that is supposedly from a friend.”

On a mobile device,the malicious software could harvest contact information, secretly send calls and send texts to premium numbers and track a user’s location, for example.

What to do: Beyond the standard advice to avoid clicking on suspect links and files, Samani suggests mobile phone users install anti-virus programs that could catch the threats.

“Anti-virus is standard for most people on their desktop or laptop, but how many people do you know have it installed on mobile?” Samani said. His employer — McAfee — offers a free version of mobile anti-virus, as do companies such as Avast.



Fake Flappy Bird (and other popular apps)

What it is: The addictively simple (and temporarily pulled) mobile game Flappy Bird is lots of fun — but the hundreds of malicious clone apps lurking in app stores are quite the opposite.

“When an app gets even halfway popular — much less something as viral as Flappy Bird — app stores get so flooded that it’s hard to find the legitimate one,” Aitel said.

In Flappy Bird’s case, a report released last month from anti-virus company McAfee said hundreds of clones emerged in the first quarter of 2014 (after the legitimate app’s creator took it down). McAfee tested 300 of the clones and found that almost 80 percent of them contained malware.

Once downloaded, those malicious clones did very bad things with the victims’ phones, and in the worst cases, the malware gained full control of the infected device.

What to do: Carefully check before downloading an app from an app store: Check the creator’s name, the app’s description and the reviews among other information. Avoid giving any app sweeping permission to access parts of the phone, as tempting as it is to simply keep clicking “yes.” As with the previous threat, mobile anti-virus software can help mitigate or avoid the damage.

By Julianne Pepitone

EasyApache 3.26.2 Released

July 24th, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.26.2 with Apache version 2.4.10. This release addresses Apache vulnerabilities CVE-2014-0117, CVE-2014-0226, CVE-2014-0118, and CVE-2014-0231 by fixing bugs in the mod_proxy, mod_deflate, and mod_cgid modules. We encourage all Apache 2.4 users to upgrade to Apache version 2.4.10.

AFFECTED VERSIONS
All versions of Apache 2.4 before 2.4.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0117 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_proxy module related to CVE-2014-0117.

CVE-2014-0226 – MEDIUM

Apache 2.4.10
Fixed a race condition related to CVE-2014-0226.

CVE-2014-0118 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_deflate module related to CVE-2014-0118.

CVE-2014-0231 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_cgid module related to CVE-2014-0231.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.2 with an updated version of Apache 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231

https://www.apache.org/dist/httpd/CHANGES_2.4

Google Aims To Make The Internet Safer With Its New Security Team, Project Zero

July 23rd, 2014

(The Hosting News) – Google has created a new team of security researchers with the goal of making the Internet safer by reducing the number of people harmed during zero-day attacks.

The new security team, Project Zero, is a team of highly skilled, full-time researchers that works toward locating and reporting large numbers of security threats.

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” says Google “Researcher Herder” Chris Evans via blog post. “We think more can be done to tackle this problem.”

Evans notes that Project Zero isn’t restricted to finding vulnerabilities in only Google products. The team will work to discover bugs in other software that is widely used, paying attention to “techniques, targets and motivations of attackers.”

The information found will be stored in an external database where the vendors of the compromised software will be notified. Once a patch is made available, the team will release the information to the public, allowing users to discuss the vulnerability and see how long it took the vendor to patch the bug.

Google is currently looking for researchers for Project Zero, though they did not offer information on how to apply.

EasyApache 3.26 Released

July 17th, 2014

We are happy to announce the release of EasyApache 3.26 for cPanel & WHM. EasyApache 3.26 features a redesigned profile page that is easier to use and more informative.

EasyApache’s redesigned profile page includes cPanel & WHM’s new Optimal Profiles. The new Optimal Profiles include the recommended versions of PHP and Apache, and the modules that ensure that your EasyApache build is more secure and reliable. The new Optimal Profiles are tailored to your operating system and include profiles that we designed for the CloudLinux operating system. “Our Optimal Profiles help ensure a higher level of safety for our customers,” said the cPanel EasyApache Team.

For the most secure environment, we recommend that you use EasyApache’s new MPM ITK Optimal Profile for CloudLinux. This profile utilizes EasyApache 3.26’s new Apache MPM ITK option. The Apache MPM ITK option is available for CentOS, but does not include the additional security that the CloudLinux operating system provides. For more information on CloudLinux, visit http://cloudlinux.com.
______________________________

EasyApache 3.24.22 Released

July 1st, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14.

AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.30.
All versions of PHP 5.5 before 5.5.14.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-3981 – LOW

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the PHP core code related to CVE-2014-3981.

CVE-2014-0207 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-0207.

CVE-2014-3478 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3478.

CVE-2014-3479 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3479.

CVE-2014-3480 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3480.

CVE-2014-3487 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3487.

CVE-2014-4049 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Network module related to CVE-2014-4049.

CVE-2014-3515 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the SPL module related to CVE-2014-3515.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.22 with an updated version of PHP 5.4 and PHP 5.5 to correct this issue. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3981

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0207

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3478

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3479

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3480

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3487

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4049

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3515

http://www.php.net/ChangeLog-5.php#5.4.30

http://www.php.net/ChangeLog-5.php#5.5.14

Parallels Plesk 12 Makes Web Servers More Valuable

June 18th, 2014

Parallels Plesk 12 Makes Web Servers More Valuable

Parallels Plesk 12 Makes Web Servers More Valuable

(The Hosting News) – Parallels, the platform provider for cloud service delivery, today launched Parallels Plesk 12, featuring a powerful new security core, a full-featured WordPress Toolkit and four distinct editions of the software designed to deliver targeted functionality to web administrators, application developers, web professionals and hosting service providers.

Each new edition of Plesk 12 simplifies core web management tasks that better align with the way infrastructure is being used for hosting websites and web applications today. A new security core based on ModSecurity rules by Atomicorp provides server-to-site security and the new WordPress Toolkit will help hosters capture the growth in WordPress hosting.

“The hosted and cloud infrastructure industry is in a period of dynamic change, creating new opportunities for our partners,” said Birger Steen, chief executive officer, Parallels. “Plesk 12 gives service providers an easy way to turn commodity infrastructure into compelling solutions that solve real customer problems.”

Four new editions:

•Parallels Plesk Web Admin Edition – Optimized for hosting self-managed sites, this edition enables web administrators to easily manage their own server, websites, domains, email and more.

•Parallels Plesk Web App Edition – Optimized for hosting web applications, this edition enables web application developers to control application access rights with custom view management, manage servers and domains from any mobile device and deliver complete server-to-site security for protection from common scripted attacks against software.

•Parallels Plesk Web Pro Edition – Optimized for web professionals and digital agencies managing and hosting WordPress sites, this edition offers mass-management and security tools for WordPress hosting, server, account and WordPress management from any mobile device, and complete server-to-site security for protection from automated attacks against WordPress.
•Parallels Plesk Web Host Edition – Optimized for service providers who are hosting and reselling unmanaged shared accounts, this edition offers support for multi-tenant, high-density shared hosting, with upgraded reseller, subscription and account management tools, integrated supportability and security tools for WordPress hosting and complete server-to-site security for protection from malicious use.

Key functionality enhancements:

Capture WordPress Hosting Growth with Integrated Tools. The WordPress Toolkit simplifies daily tasks required to manage and secure WordPress sites. With Plesk 12 and the WordPress Toolkit, you will enable customers to:
•Manage multiple WordPress installations, plugins, and themes from a single point of entry
•Easily install, update, and remove WordPress, plus activate and remove plugins and themes
•Securely install WordPress and harden existing WordPress installations, applying the most common recommended security settings with rollback support

Reduce Support Calls with Secure Infrastructure. The new Security Core in Plesk 12 combines ModSecurity, Fail2Ban and Outbound Antispam tools allowing you to deliver server-to-site security out of the box. With the Plesk 12 Security Core on your servers you get:
•Secure servers that protect against persistent attacks targeting known or newly discovered vulnerabilities
•Increased uptime as malicious attacks against your servers are automatically blocked in real time
•Cleaner IP addresses with outgoing spam protection preventing your servers from being blacklisted

With Plesk 12, Parallels global partners such as 1&1 Internet Inc., Conetix, GMO Cloud KK, HostMySite, LeaseWeb, PacHosting, RIDE and STRATO see Plesk 12 delivering a tightly integrated set of mass-management and security tools to help them profit from the growing demand for WordPress hosting.

1&1

“With Parallels, 1&1 has a partner who shares our vision for optimizing performance for key server user groups,” said Hans Nijholt, head of server product management, 1&1 Internet, Inc. “For our customers to realize the full potential of 1&1’s work and investments – such as best-in-class server hardware, CPUs and network infrastructure – a world-class control panel is needed, and Plesk 12 delivers just that. Plesk 12 is the perfect complement to our server line-up and from today we are proud to provide it free with all types of 1&1 servers in all our markets.”

Conetix

“After 10 years of deploying Parallels Plesk, I believe Plesk 12 delivers the ultimate all-round solution for web designers, developers and digital agencies,” said Jamin Andrews, chief executive officer, Conetix. “Our clients are after a solution that is flexible, easy to manage and ahead of the game – Plesk 12 with the new WordPress Toolkit and built-in Security Core offers all this.”

GMO Cloud KK

“With the introduction of four new editions tailored to customer usage patterns, Plesk 12 enables us to offer services which are more valuable and easier to understand for the customers than ever,” said Minoru Karasawa, group chief technology officer and director, GMO Cloud K.K. “At GMO Cloud, we believe that Plesk 12 would allow us to take a strong step forward in actively approaching a new market including web professionals as well as providing secure and useful hosting services.”

HostMySite

“Plesk 12 makes it easier than ever to manage and secure WordPress hosted sites,” said John Enright, president, HostMySite. “It provides our customers with an interface that is optimized for how they use and deploy web applications and it enables us to go beyond basic infrastructure services and allows us to provide complete hosted application solutions.”

LeaseWeb

“As a long-time Parallels partner with over 60,000 physical servers under management, we put Plesk 12 to the test from an early stage and we really fell in love with the innovations added to the latest version,” said Marc Burkels, manager, dedicated hosting, LeaseWeb. “With the new Plesk 12 editions, we are now able to expand our channel by delivering complete solutions to target audiences. The significantly improved security, enhanced functionality and focus on user-friendliness convinced us to make the new version available to all of our bare metal server customers on day one of launch. And within a few weeks, Plesk 12 will be added to our public, private and hybrid cloud offerings as well.”

PacHosting

“We have partnered with Parallels for over 10 years and we are very impressed by the new features in Plesk 12,” said Natalie Kong, business analyst, PacHosting. “The best part of Plesk 12 is the new security core with built-in Fail2Ban, ModSecurity and integrated firewall. This will bring a new level of enhanced security for our clients. In addition, the deep integration with WordPress, which meets the growing demand, will now become one of our strong selling points over our competitors.”

RIDE

“Plesk 12 enables us to provide a complete solution to meet our customers’ needs,” said Hiroya Nakano, chief executive officer, RIDE Co. Limited. “With the help of Plesk 12, we can differentiate our services with features such as the WordPress ToolKit and enhanced server-to-site security built-in. This will give greater satisfaction to our customers.”

STRATO

“After introducing the Haswell processor in the European market, STRATO confirms its leadership position with the latest version of Plesk,” said Christian Böing, chief executive officer, STRATO AG. “Our main goal remains to provide our customers with the latest software and hardware versions. The new Plesk 12 is the perfect complement to our servers and core mass-management and a security tool that can be used to profit from the growing demand for WordPress hosting. That makes us a reliable and professional hosting provider and allows us to differentiate ourselves from our competitors.”

For more information, you can visit www.parallels.com/plesk

About Parallels

Parallels® provides the platform for service providers to sell and deliver great cloud services to businesses worldwide and cross-platform solutions. Parallels began operations in 2000 and has developed into a fast-growing software company with more than 900 employees across offices in North America, Europe, Africa, Australia and Asia.

For more information, please visit www.parallels.com/spp, follow us on Twitter at www.twitter.com/ParallelsCloud, and Like Us on Facebook at www.facebook.com/ParallelsCloud

Patching OpenSSL for the Heartbleed Vulnerability

June 17th, 2014

A security vulnerability in OpenSSL dubbed Heartbleed has been found. This vulnerability was only recently discovered openly, but has been “in the wild” for over a year. It’s important to update your local version of OpenSSL to correct this issue. This brief guide will walk you through ensuring that the patch is installed on your Linode, and suggest additional steps you can take to ensure your server’s security. As always, we suggest having backups of your system prior to making any changes.

This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Installing the Patched Version

Here are the steps for ensuring you have the patched versions of OpenSSL on our most popular distros. If you’ve compiled from source, you’ll want to compile and reinstall using version 1.0.1g. Alternately you can recompile previous versions with the OPENSSL_NO_HEARTBEATS flag enabled to close the vulnerability.

Ubuntu and Debian

1.Check to see what your current OpenSSL version is:
$ openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Sat Feb 1 22:14:33 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector –param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,–noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/usr/lib/ssl”

Pay attention to the built on: line. Versions built before April 7th are vulnerable.

2.For Debian and Ubuntu systems, run these commands to update and upgrade your packages:
sudo apt-get update
sudo apt-get upgrade

3.During the upgrade, you may be given a prompt like the one below. This window warns you about the security issue, and lists services that utilize OpenSSL and need to be restarted to apply the patch. You can add any additional services, by matching the init.d script name in this field.

An option window..

If you do not receive this prompt, be sure to manually restart any services that use OpenSSL.

4.After updating, run openssl version -a again to confirm the newer build:
openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 7 20:33:29 UTC 2014

CentOS

1.Check to see what your current OpenSSL version is:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Jan 8 18:40:59 UTC 2014
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,–noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/etc/pki/tls”
engines: dynamic

Pay attention to the built on: line. Versions built before April 7th are vulnerable.

2.To update OpenSSL from the repositories, run:
yum -y install openssl

After updating, run openssl version -a again to confirm the newer build:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 02:39:29 UTC 2014

3.Be sure to manually restart any services that use OpenSSL.

Fedora

1.Check to see what your current OpenSSL version is:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Fri Dec 20 13:57:26 UTC 2013
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,–noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/etc/pki/tls”
engines: dynamic

Pay attention to the built on: line. Versions built before April 7th are vulnerable.

2.On Fedora systems, the patched version is currently being propagated through mirrors. You can update from the repositories with the following command:
sudo yum -y install openssl

You can also directly download the patched version and install it manually. For Fedora 20 (64-bit), run the following set of commands to install the patched version:
sudo yum -y install koji
koji download-build –arch=x86_64 openssl-1.0.1e-37.fc20.1
sudo yum localinstall openssl-libs-1.0.1e-37.fc20.1.x86_64.rpm openssl-1.0.1e-37.fc20.1.x86_64.rpm

3.After updating, run openssl version -a again to confirm the newer build:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 00:32:22 UTC 2014

4.Be sure to manually restart any services that use OpenSSL.

Reissue Certificates

The Heartbleed security bug would allow an attacker to read a portion of the memory on an unprotected system, including private keys used in SSL key pairs. It’s suggested that you reissue all key pairs, and revoke ones made previously. This can include keys used to create SSL certificates for web and mail servers. This means new SSL certificates should be generated or purchased.

You can follow the instructions here to create a new certificate signing request (CSR) and key, or check out the Apache-specific instructions here.

Additional Security Steps

While this security flaw has only recently been discovered openly, it has existed on many servers for well over a year. This means that any third party services you use that employ SSL encryption have been vulnerable. It’s suggested that you ensure that said services patch their systems, then reset your passwords.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Heartbleed.com

cPanel & WHM 11.44 Now in RELEASE Tier

June 17th, 2014

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which will soon be available in the RELEASE tier.

cPanel & WHM 11.44 offers a transfer and restore renovation, configuration clusters, a new edition of Paper Lantern, support access, and more.

Transfer & Restore Renovation
From simple log files and reports to a continuous transfer and restore process, a series of changes to transfer and restore functionality brings widespread benefits.

Configuration Clusters
cPanel & WHM now offers configuration clustering to streamline the process of updating multiple servers, adding a powerful boost in efficiency.

Paper Lantern
With a more agile, consistent framework, Paper Lantern for cPanel & WHM 11.44 signifies progress towards user interface perfection and stunning, user-created themes.

Support Access
Grant cPanel Support Access enables customers to quickly grant server access to cPanel support staff, therefore speeding up the resolution of issues with just a few mouse clicks.

Detailed information on all cPanel & WHM 11.44 features can be found at https://documentation.cpanel.net. An overview of the latest features and benefits is also available at http://releases.cpanel.net.

Shift Gears, You’re a Security Provider Now

June 5th, 2014

In 2013, it seemed that not a week went by without at least one announcement of some kind of serious security breach. The year was a massive challenge for service providers who have faced rapidly escalating threats to their infrastructure and the security of their customers. Massive DDoS attacks, SQL injection vulnerabilities and the potentially disastrous Heartbleed vulnerability are only a few examples of major incidents to strike hosts in the past year. Equally disturbing were instances where Drupal announced a security breach of its servers and MongoHQ revealed that a hacker had breached Amazon Web Services S3 storage accounts, gaining access to several client databases.

As hackers become adept at bypassing traditional security walls and increasing sophisticated at evading detection (e.g., The New York Times incident), what role do hosting providers play in finding solutions to these problems?

The solution is for hosting providers to become security providers. Leading security experts specializing in the hosting industry will discuss this paradigm shift and answer questions in an open forum. Panel members include: Hemant Jain of Fortinet, Jeffrey Lyon of Black Lotus Communications, Steven Ciaburri of Rack911, and Vann Abernethy of NSFOCUS Inc., Shay Rapaport of Fireblade, and Piero DePaoli of Symantec.

The panel is the last scheduled educational session at HostingCon 2014, taking place on Wednesday, June 18th from 11 a.m. until noon. It’s guaranteed to be a thought-provoking and lively way to mark the end of the educational sessions. Finish up the day with a networking lunch and make your way to the Exhibit Hall for the afternoon! The floor plan for the Hall has been pretty much finalized — take a look here.

But you can’t do that unless you are registered. Luckily, there’s still time to register for this year’s HostingCon.

For all the latest HostingCon news and information, visit HostingCon – Premier Industry Conference and Trade Show for Web Hosting and Cloud Service Providers

by Frances Krug

Spammers Prompt Users to Download Malware Disguised as Heartbleed Bug Removal Tool

June 4th, 2014

Spammers are targeting people concerned about the aftermath of the Heartbleed bug with emails prompting users to unknowingly download malware once they run a Heartbleed bug removal tool.

According to a blog post by Symantec last week, the spam requests users run the tool that is attached to the email to clean their computer from the infection. The email warns users that although they may have changed passwords on websites they use, they are still not completely secure and should run the removal tool to ensure complete protection.

The email preys on users who don’t know much about Heartbleed, and probably only heard about it in the media coverage. Heartbleed is not malware, therefore there is no way for it to infect computers.

Heartbleed impacted OpenSSL version 1.0.1 and could expose up to 64KB of memory to a connected client or server. The issue impacted a range of companies, websites and service providers, and this week The Core Infrastructure Initiative announced that it would prioritize funding to OpenSSL to improve its security.

The subject line, “Looking for Investment Opportunities from Syria,” should raise a red flag for users, since it is in no way related to the body, and is pretty typical language used with spammy emails.

The attached file is a .docx file, but once it is opened it appears as a encrypted zip file. Once the file is extracted, users find the heartbleedbugremovaltool.exe. This downloads a keylogger in the background and a progress bar shows up on screen. A pop-up evenutally appears, notifying the user that Heartbleed was not found on their computer.

DataCenterKnowledge has more on how companies are staying ahead of future Heartbleed-like security vulnerabilities by implementing effective security policies and proactively monitoring across their platforms.

by Nicole Henderson on June 3, 2014

cPanel 11.44 Now in CURRENT Tier

June 4th, 2014

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which is now available in the CURRENT tier.

cPanel & WHM 11.44 offers a transfer and restore renovation, configuration clusters, a new edition of Paper Lantern, support access, and more.

Transfer & Restore Renovation
From simple log files and reports to a continuous transfer and restore process, a series of changes to transfer and restore functionality brings widespread benefits.

Configuration Clusters
cPanel & WHM now offers configuration clustering to streamline the process of updating multiple servers, adding a powerful boost in efficiency.

Paper Lantern
With a more agile, consistent framework, Paper Lantern for cPanel & WHM 11.44 signifies progress towards user interface perfection and stunning, user-created themes.

Support Access
Grant cPanel Support Access enables customers to quickly grant server access to cPanel support staff, therefore speeding up the resolution of issues with just a few mouse clicks.

Detailed information on all cPanel & WHM 11.44 features can be found at https://documentation.cpanel.net. An overview of the latest features and benefits is also available at http://releases.cpanel.net.

cPanel-EasyApache 3.24.19

June 3rd, 2014

SUMMARY

cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29.

AFFECTED VERSIONS

All versions of PHP version 5.5 before 5.5.13.

All versions of PHP version 5.4 before 5.4.29.

SECURITY RATING

The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0237 – MEDIUM

PHP 5.5.13

Fixed bug in the fileinfo extension related to CVE-2014-0237.

PHP 5.4.29

Fixed bug in the fileinfo extension related to CVE-2014-0237.

CVE-2014-0238 – MEDIUM

PHP 5.5.13

Fixed bug in the fileinfo extension related to CVE-2014-0238.

PHP 5.4.29

Fixed bug in the fileinfo extension related to CVE-2014-0238.

SOLUTION

cPanel, Inc. has released EasyApache 3.24.19 with the updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0237

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0238

http://www.php.net/ChangeLog-5.php#5.4.29

http://www.php.net/ChangeLog-5.php#5.5.13