Security researchers identified a new OpenSSL vulnerability, called DROWN( Decrypting RSA with Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that use the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication if the server houses SSLv2 cipher support. DROWN was assigned the CVE-2016-0800 id by the us-nert on the march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ). More than 11 million websites that use TLS were vulnerable to DROWN attack. If your website is protected …
Category:
Server Security
Now-a-days Brute force attacks to servers/websites are frequent. Brute force attack is generally a password guessing technique. It is a type of attack in which trying every possible combination of characters or data in order to find the decrypted message. A brute force guarantees finding the key – it’s trying every possible combination and does not rely on any potentially incomplete dictionaries or lists of possible keys. cPHulk Brute force Protection is an inbuilt protection used in WHM for preventing brute force attack. cPHulk Brute force Protection will detect and …
Installation and configuration of ‘Pyxsoft Antimalware’ in cPanel servers
by Bella
written by Bella
Pyxsoft antimalware Plugin for cPanel/WHM protects your server from attacker scripts such as c99shell, r57shell, ANIShell, and hundreds more. It is a real-time Anti Malware for cPanel/WHM. Attackers can take control of your servers or can damage your customer’s data by uploading one of these scripts. Pyxsoft antimalware plugin works to protects your server in two ways: Protecting from the six server’s entrance SQL Injection Legitimate Access (SSH, cPanel etc) Web Forms FTP Brute Force Attacks Installed Trojans or shells
As we are aware, usually installing SSL Certificate requires Dedicated IP . The cost of this address is typically being passed down to the end user. Also the IPv4 address will be filled completely if every domain require a dedicated IP. So administrators decided to use multiple SSL installation on a single IP. Thus SNI (Server Name Identification) is established. >> What is SNI : —————— Server Name Indication (SNI) is an extension to the TLS protocol that indicates what hostname the client is attempting to connect. SNI is an …
The SSLv3 Poodle vulnerability which was released on October 14th 2014, is an attack on the SSL 3.0 protocol and it is completely protocol based vulnerability. POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. The padding attack happens when a plain text is converted to ciphertext. The plain text message often has to be expanded to be compatible with the underlying cryptographic structure and the leakage of data mainly occur during the decryption of the cipher text. The SSLv3 poodle vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using …
VENOM vulnerability also known as QEMU exploit is the most recent vulnerability reported on May 13, 2015 and it is discovered by Jason Geffner while performing a security review of virtual machine hypervisors. VENOM stands for “Virtualized Environment Neglected Operations Manipulation”. This venom exploits QEMU, an open source machine emulator. The venom CVE-2015-3456 vulnerability resides in the virtual floppy drive code (FDC) used by the virtualization platforms. If it gets exploited, it allows an attacker to gain full control of the operating system hosting them and as well as on …
In Linux servers, more than 60 binaries and major services such as SSH, Named, Bash etcrely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots() and an attacker could use this flaw to execute arbitrary code with the privilege of the users running the application using the function gethostbyname() Check if your server is GHOST vulnerable If the glibc version in your server is lower than 2.18, then your server is most exposed to this vulnerability. You can check the glibc version in your server using …
FirewallD is a new firewall suite being introduced to Linux distribution. At present, the all-new popular CentOs 7 has it as the default firewall suite which in near future will be implemented in servers. FirewallD, as usual, was developed by the Fedora community and was implemented in the 20th version of the same. It is also being used in arch Linux and others till the date. FirewallD is a dynamic firewall, dynamic in the sense that any change in the firewall will be implemented as soon as the amendment is …
Portsentry is a tool to detect port scans and log it. Once a host is targeted by an attacker, a port scan is almost always performed. PortSentry detects such scans by monitoring the unused ports on the host. Upon a connection attempt to one of the unused ports, PortSentry is alerted and has the ability to issue a number of commands in response to the scan. Installation # cd /usr/src/ # wget http://sourceforge.net/projects/sentrytools/files/latest/download
If you inspect your server’s error logs, you may see that many visitors (for the most part robots) constantly request access to things they should not be allowed to see. If you see that such access are suspicious and they are trying to spam your forum or hijack your mail program, you may need to deny access from those IP’s. Collecting such offending IP addresses by manually inspecting your logs across your site can become a full-time job. In such cases, you may block access to the site on Country …