.

Blog

Wanna Cryptor
World Wide Ransomware Outbreak using the NSA ToolKit
posted by: in Security | tagged:

Yesterday a massive world wide event took place with a ransomware worm attacking hundreds of thousands of computers and self replicating.

How did the Ransomware spread ?

The ransomware WannaCry (aka : WCry, WanaCryptor, WannaCrypt, Wanna Decryptor)has been seeded first through a campaign of emails phishing and spread to governments services (NHS, Russian Ministries..) and also many corporations (FedEx, Renault, Dacia, Nissan…) and throughout different countries.

After the initial mailing campaign, the ransomware was self distributing by SMB network scan using shared folders.

WannaCrypt

 

The ransomware was using the NSA Toolkit (Eternal BlueExploit of the toolkit) released for free by a group of hackers called the Shadow Brokers in April allowing anyone to gain access to any Windows based computers within a few minutes. (SMB v1/ RDP protocol).

The malware spreading was contained through a “kill switch” which simply involved a domain registration which was a condition for the malware to keep spreading. If the domain wasn’t resolving then, it would keep attacking. If it resolves then it would stop.

You can find a more detailed and technical approach from a security analyst :

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

What Can I do to protect myself and avoid being infected ?

In order to protect yourself, you would simply and urgently need to run all Windows updates for your server.

The backdoors were patched by a Windows updates for all Windows version and even the unsupported (End of Life) Windows XP.

It is recommended to run the windows updates every now and then and in those times more than ever.
It is indeed not quite convenient to have your VPS restarted but it is important to have them set.

You also need to keep a backup of your data not tied to your computer / VPS. (offline hard drive that you plug to back your data up) or an USB key for a lesser amount of data).

For a Windows VPS, if you are using our services, you can simply open a support ticket requesting us to take a backup of your VPS. You can also specify if you would like to be part of the monthly backup or keep a recovery point.

Otherwise, you would need to use a backup system not tied / mounted to your VPS such as a FTP server through a 3rd party client, a cloud based storage with a drag and drop web page for instance.

If you are in a hurry you can also run the commands to patch your servers quicker as introduced by Microsoft :

https://support.microsoft.com

Can a Ransomware affect Dropbox ?

First and foremost, there is an important disclaimer, a common thinking process if you were using a Windows VPS is to use Dropbox as a backup platform. However, if you aren’t a Dropbox Premium users then you are exposed to have your dropbox encrypted. As a premium you would be able to recover your encrypted files by restoring a previous version but not in the free version.

One safe behavior while using dropbox which remains extremely convenient to transfer files from your computer, would be to use the selective synchronization (as explained here ) in order to only synchronize one exchange folder and hide the rest of your files from any Ransomware hitting a VPS.

 

Security Issue : Leaks of 68 Millions Dropbox Accounts

There is a current rumor of a leak of over 60 millions accounts details of dropbox users.

It is recommended to change the dropbox password as soon as possible to be on the cautious side.

We know how online marketers are loving the dropbox feature hence this post post to inform about a critical situation. It remains a solid way to transfer files from your computer to your Windows VPS for instance.

Dropbox is currently asking users to reset their passwords following a leak in 2012 as per a public statement this week.

However, some websites have analyzed a few data out of the breach and it sounds as the new encryption system they deployed in 2012 (bcrypt) has been breached.

Source : https://www.troyhunt.com/the-dropbox-hack-is-real/

Vulnerability panel wordpress
Security Issue : WordPress Plugin All in One SEO Pack v2.3.6.1 exploit
posted by: in Security

All in One SEO pack is a widely spread plugins used to set the meta description, keywords and titles for the WordPress posts.

A XSS exploit has been discovered on the plugin All in One SEO pack plugin for the version 2.3.6.1 and before.

You can immediately check the version from the plugin page and the current version should be v2.3.8.

The XSS has been discovered in the bad bot blocker feature and involve an exploit allowing to steal the administrator tokens through an altered user agent.

The vulnerability has been patched and a plugin update is strongly advised.

 

 

Changelogs March

This month came with its load of new features for which you can find the changelog below :

Shared Web Hosting

  • Curative and in Real Time Malware Detection to avoid acccount suspension upon mail spam + Automatic .htaccess Shield set up
  •  On the fly scans of malwares through HTTP upload (BETA)
  •  Upgrade Modsecurity to 2.9
  •  Automatic Kernel security patches upgrade without reboot
  •  Upgrade Apache to 2.4.18 (slight perf boost)
  •  XMLRPC Attacks Protection without blocking the WordPress Jetpack Module
  •  Default Apache Configuration Enhancement on PHP 5.5 – More modules prebuilt
  •  RAID 1 SSD Shared Server Standard
  •  Network Upgrade to 1 GBPS on all shared servers

To Come :

  • Personalized DDoS Mitigation Alert Email for Dedicated IP users
  •  Email Alert to users for Curative Malware Detection
  •  Email Alert to users upon XMLRPC Attack Detection
  •  Wordpress Labs Tests results to be set in production for massive performances enhancements

Reseller Web Hosting :

  •  Most of the Shared Web Hosting Enhancements
  •  Beta Test Of IP manager feature from WHM (Extra IP management paanel)

To Come :

  • -IP Manager to be set in production

SEO Web Hosting :

  • -Network Expansion to 40

To Come:

  • Network Expansion to 60 by the end of April
  • End of Beta for the 1st of May

Linux VPS :

  • RAID 10 SD VPS Node Standard
  • RAM DDR4 Standard
  • Mailing Offer Beta
  •  OS Templates Updated (Ubuntu all versions, CentOS all versions, Fedora all versions)
  •  CentOS 5.7 + cPanel set as End of life. Available in OS choice but not supported. Manual cPanel Configuration by our support instead on CentOS 6
  •  Beta Test CentOS 7 + cPanel
  •  Custom set up fees waived for cPanel configuration

To Come :

  • CentOS 7 + cPanel default cPanel template
  • New Mailing Offers

Windows VPS :

  • RAID 10 SSD Standard to replace SAS 15k drives
  •  Wide Network Enhancements
  •  Removal of a virtual network ACL which caused a downtime
  •  VPS Template upgrade
  •  Windows Server 2012 Available upon request

To come :

  • Upgrade network to 3 GBPS
  •  Windows server 2012 available from the order form

Dedicated Server :

  •  New dedicated servers available (limited stocks)

To come :

  •  Full Range of servers publicly available (unlimited stocks)
Shared Web Hosting : Ressources General Increase

Hello,

We have just increased the values for each packages of our web hosting offers. 
We have studied the usage of each packages and weight it against the server’s ressources usage and we concluded that all our users shall benefit from a ressources increase. 

For our starter users we have increased the number of processes from 20 to 50, while we intendede to lower the RAM at 512 Mb, we have kept it at 1024 Mb. 
For our premium users, we have increased the number of processes from 40 to 100 and the RAM rfom 1024 Mb to 2048 Mb. 
For our business users, we have increased the number of processes from 100 to 150 and the RAM from 2048 Mb to 4096 Mb. 

The IOPS limit is also align with the RAM for all packages. 

The upgrades are already effective.

We believe that according to our analysis it would match way more the usage of each packages and they purpose we have in mind, starter for fresh websites, premium for several established websites, and business for professionals. 

We sincerely hope that you’ll appreciate these free upgrades and enjoy the user experience of your reloaded accounts. 

Best Regards
Vincent Royant
HostStage CEO

Security Issue Exim : CVE-2016-1531 -> PATCHED!
posted by: in Security

On the 2nd of March an Exim vulnerability has been discovered and announced allowing any user to gain root privileges. 
This issue is affecting all its versions. 

Exim is the default mail transporter for all cPanel based servers. 

cPanel has included an emergency update which was patched overnight. We did a manual update on all our critical infrastructures using cPanel (mainly our shared and reseller servers) a few hours after the security issue. 

You can check whether your server has been updated by running the following command : 

rpm -q –changelog exim | grep CVE-2016-1531

Which should give the following output : 

– Fixes CVE-2016-1531

It doesn’t return anything and if you are running cPanel you would only need to type the following SSH commands : 

/scripts/upcp
/scripts/check_cpanel_rpms –fix –long-list
**UPDATE : 4th March 2016

The update has broken a feature to detect mailing script which now returns cwd=/ instead of cwd=/path/to/script

We have notified cPanel which has notified Exim and a patch is on its way since our custom malware script detection relies on returning the full path of a script sending emails.

**UPDATE : 5th March 2016

A work around is being worked on, we are waiting for its official release. 

https://bugs.exim.org/show_bug.cgi?id=1805

What is a domain name ?
posted by: in Domain Names

A domain name is a way to qualify a network , an authority or an infrastructure which translates an IP address to a name. A domain name is used to access the internet in browsers to facilitate the user experience since we can memorize words easier than numbers.

A domain name is the unique way to identify a website. It allows to translate one or several IP addresses to a name through the rules of the Domain Name System (DNS).

Dealing with web hosting services a domain name is assigned to a web server.

We call Bulk Register the possibility to register and check the availability of several domains at the same time.

We call TLD (Top Level Domain) or also an extension the last part of the domain following the last dot which is a specific descriptor for a kind of website, a localization, or a sign of authority. Recently, you are now able to purchase register your own TLD which costs $185 000

Nowadays, there is a wide range of TLD available which could describe your websites activities such as (.mobile, .media, .career and so on)

How to choose a domain and a TLD ?

How to Choose a Domain Name ?

Choosing a domain name is one of the most important factor which has a straight impact to the success and popularity of your website.

At least, you have two strategies dealing with your choice either you will “brand-communicate” or you will “content-communicate”

“Brand-Communication” is easy as you just have to pick the name of your company, brand, business or the name of your website

“Content-communication” is little harder because the domain name has to be relevant enough to let visitors or customers know about your content without hidding a different part of your content.

It is important to quote that, the “Content-Communication” is the easiest way to rank a website in a short term timeline, as your keywords are already in your domain name. But finding a relevant domain name with some popular keywords becomes more and more difficult.

Dealing with long term, people would rather remembering a catchy brand name than a long tail query, so the long term popularity of your website would be the Brand-Communication

How to Choose a TLD ?

Choosing a relevant TLD is also very important because it has a direct impact the image of a website.

Here is the list of different TLD and what they are meaning :

  • .us, .be, .de, .fr, .au, .eu …. : provides a country indication of your website. It would be easier to rank a website in the country targeted.
  • .com : is the easiest to remind for a customer and the most spreaded TLD in the world and fits well for any kind of website.
  • .net is mostly used for a website dealing with an internet theme.
  • .org is mostly used for non-commercial companies or businesses.
  • .info is mostly used for websites dealing with news
  • .biz is mostly used for e-commerce websites
  • .name is mostly used for personal website
  • .cc was dedicated to Cocos Island’s website but nowadays it is used for any kind of websites.
  • .tv is mostly used for any website dealing with television.
  • .ws was dedicated to Somoa but nowadays it is used for any kind of websites
  • .mobi is mostly used for a website designed for a mobile device.
  • .co was dedicated to Columbia but nowadays it is a subsitute to “.com”

You can check the best prices for each TLD and pick your domain name to start your own website here

Windows VPS : REVOLUTION

Today, we are proud to announce our next and wonderful lines of Windows VPS. 
These Windows VPS will become standard for all our users and we are starting to migrate the current VPS owners.

The gain of the new hardware is insanely significant as detailled below : 

SSDs, and SSDs and SSDs again ! That’s right, we have decided to swap over full SSD Intel DC3500 800 Go as standard. 
The SSDs are of course set in RAID 10 with a brand new hardware RAID Card MegaRAID 9271. This RAID card is configured with another PCI Express based SSD as Caching system which brings an amazing performance gain in reading / writing operations for your VPS. 

If you have ordered a VPS over the last 6 months, be assured that actually SSD became the standard already and your VPS is already SSD based. 

DDR4 ECC stepped up in the game as well making us one of the first world wide to provide DDR4 based VPS. The frequency has drastically improved making your VPS far more responsive. (From 1333Mhz to 2133 MHz!!) 

We haven’t neglected the CPU of course, which from our older version introduce a 25% gain with an extra 100 Mhz gain as clock based frequency and a far better architecture. (Dual E5-2687w v3)

We have also upgraded our network infrastructure massively by increasing the available bandwidth on a per node basis from 1 GBPS to 3 GBPS making us the world wide leader of the VPS network speed. 
But, we have also improved the POPs by introducing some new to decrease the latency throughout the world. 

Of course, the Windows VPS are still based on a Tiers 4 Certified infrastructure which means that all redundant components (network, electrical, cooling system) are still redundant. 

Last and not least, Windows 2012 R2 is now available fully licenced for your VPS. You can request to benefit from it at any time you please. 

We would also like to thank you for all suggestions that made everything possible! We went further for you to bring such a revolution in the Windows VPS market for intensive usages. 

Sincerely Yours and Merry Christmas to you all!
Vincent Royant
HostStage CEO

Windows VPS: Control Panel Available for ALL our users

We are thrilled and finally pleased to announce that after weeks of development we have finally released the Windows VPS control panel for all our users. 

Since, we have upgraded our new nodes to Windows Server 2012, we faced issues with the control panel which wasn’t available. 
We have made it work and even upgraded the design of the control panel. 
You can now request an access simply by opening a support ticket. 

We sincerely hope that you are as pleased as we are about this release! 

As usual, we are more than pleased to hear about your feedback, suggestion, and features requests.
Sincerely Yours, 
Vincent Royant
HostStage CEO

Security Issue Adobe Type Manager : CVE-2015-2426 -> PATCHED!
posted by: in Security

A few days, the hacking team released a few unknown exploits that are affecting all systems.
The security alert CVE-2015-2426 is dealing with all windows version and it involves elevated privileges through the Adobe type manager library’s DLL : atmfd.dll.

The DLL provides support for OpenType fonts and the exploit consists in a memory corruption that would give a full and hidden access to the hacker.

It is warmly recommended to perform the latest windows updates available in your update center from your control panel.

All the windows version are affected from Windows XP to Windows server 2012. As Windows XP and Windows Server 2003 aren’t currently supported any longer by Windows no updates will be patching the security issue.
At HostStage, we don’t have such versions running on our servers, but if your computer is based on an outdated Windows version it is highly recommanded to upgrade to a newer Windows.

We have patched our Windows servers on our end even though it is generally involving computers using a web browser.

Result 1 - 10 of 28