Category:

Server Security

CVE-2017-5638: Apache Struts 2 Vulnerability

by Bella March 16, 2017

written by Bella

Apache Struts 2 is an open-source framework widely used for developing Java web applications. On March 6, 2017, a critical security vulnerability identified as CVE-2017-5638 was publicly disclosed. This flaw allowed attackers to execute remote code on vulnerable servers by sending specially crafted malicious requests. The vulnerability occurs when a server processes file uploads using a Jakarta-based multipart parser. Attackers can exploit this weakness by embedding malicious commands within the Content-Type header of a file upload request. When processed by affected versions of Apache Struts 2, the server may execute …

0 comments

Server Security Technical Articles

How to Fix Dirty Cow Vulnerability – CVE-2016-5195

by Bella October 25, 2016

written by Bella

A serious vulnerability named Dirty COW has been discovered recently which has put the Linux kernel under risk. It is said that this vulnerability was noticed nine years ago (since version 2.6.22 in 2007) and remained unnoticed throughout this time. A researcher named Phil Oester was the man behind the detection of this serious threat. According to him, the vulnerability is described as a race condition where the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings. In this way, the attackers gain write access to …

0 comments

Server Security Technical Articles

DROWN Attack – SSLv2 Vulnerablity

by Bella July 10, 2016

written by Bella

Security researchers identified a new OpenSSL vulnerability, called DROWN( Decrypting RSA with Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that use the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication if the server houses SSLv2 cipher support. DROWN was assigned the CVE-2016-0800 id by the us-nert on the march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ). More than 11 million websites that use TLS were vulnerable to DROWN attack. If your website is protected …

0 comments

General Topics Linux Basics Server Security

Configuring cPHulk via WHM & command line

by Bella March 25, 2016

written by Bella

Now-a-days Brute force attacks to servers/websites are frequent. Brute force attack is generally a password guessing technique. It is a type of attack in which trying every possible combination of characters or data in order to find the decrypted message. A brute force guarantees finding the key – it’s trying every possible combination and does not rely on any potentially incomplete dictionaries or lists of possible keys. cPHulk Brute force Protection is an inbuilt protection used in WHM for preventing brute force attack. cPHulk Brute force Protection will detect and …

0 comments

General Topics Linux Basics Server Security

Installation and configuration of ‘Pyxsoft Antimalware’ in cPanel servers

by Bella March 19, 2016

written by Bella

Pyxsoft antimalware Plugin for cPanel/WHM protects your server from attacker scripts such as c99shell, r57shell, ANIShell, and hundreds more. It is a real-time Anti Malware for cPanel/WHM. Attackers can take control of your servers or can damage your customer’s data by uploading one of these scripts. Pyxsoft antimalware plugin works to protects your server in two ways: Protecting from the six server’s entrance SQL Injection Legitimate Access (SSH, cPanel etc) Web Forms FTP Brute Force Attacks Installed Trojans or shells (more…)

0 comments

General Topics Server Security Technical Articles

Multiple SSL installation on single IP in cPanel

by Bella January 15, 2016

written by Bella

As we are aware, usually installing SSL Certificate requires Dedicated IP . The cost of this address is typically being passed down to the end user. Also the IPv4 address will be filled completely if every domain require a dedicated IP. So administrators decided to use multiple SSL installation on a single IP. Thus SNI (Server Name Identification) is established. >> What is SNI : —————— Server Name Indication (SNI) is an extension to the TLS protocol that indicates what hostname the client is attempting to connect. SNI is an …

0 comments

General Topics Miscellaneous Server Security

How to Detect and Disable SSLv3 POODLE Vulnerability in cPanel Servers ?

by Bella July 22, 2015

written by Bella

The SSLv3 POODLE vulnerability, disclosed on October 14, 2014, is a protocol-level security flaw affecting the SSL 3.0 encryption standard. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, exploits weaknesses in how SSLv3 handles padding during encryption. This vulnerability arises when plaintext is converted into ciphertext. To match cryptographic requirements, extra padding is added, and during decryption, this padding can leak sensitive information. Attackers can take advantage of this flaw through a man-in-the-middle (MITM) attack, gradually decrypting secure communications. How to Check if Your WHM/cPanel Server is Vulnerable …

0 comments

Miscellaneous Server Security

VENOM – QEMU vulnerability – CVE-2015-3456

by Bella May 22, 2015

written by Bella

The VENOM vulnerability, also known as the QEMU virtual machine exploit, is a critical security flaw discovered on May 13, 2015 by security researcher Jason Geffner during a security review of virtual machine hypervisors. VENOM stands for Virtualized Environment Neglected Operations Manipulation and affects virtualization environments that rely on the QEMU emulator. What Is the VENOM Vulnerability? VENOM (CVE-2015-3456) is a virtual machine escape vulnerability located in the Virtual Floppy Disk Controller (FDC) code used by QEMU. Many popular virtualization platforms depend on QEMU components, including: If successfully exploited, the …

0 comments

Server Security Technical Articles

Glibc – GHOST vulnerability – CVE-2015-0235 and the Fix

by Bella April 16, 2015

written by Bella

In Linux servers, more than 60 binaries and major services such as SSH, Named, Bash etcrely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots() and an attacker could use this flaw to execute arbitrary code with the privilege of the users running the application using the function gethostbyname() Check if your server is GHOST vulnerable If the glibc version in your server is lower than 2.18, then your server is most exposed to this vulnerability. You can check the glibc version in your server using …

0 comments

General Topics Linux Basics Server Security Technical Articles

An Introduction to FirewallD (Dynamic firewall)

by Bella January 10, 2015

written by Bella

FirewallD is a new firewall suite being introduced to Linux distribution. At present, the all-new popular CentOs 7 has it as the default firewall suite which in near future will be implemented in servers. FirewallD, as usual, was developed by the Fedora community and was implemented in the 20th version of the same. It is also being used in arch Linux and others till the date. FirewallD is a dynamic firewall, dynamic in the sense that any change in the firewall will be implemented as soon as the amendment is …

0 comments