Security issue on Cpanel server Dionysos

UPDATE: A vulnerability has been found in the Linux kernel, which unfortunately is just about every system running 64-bit Linux.

This vulnerability was introduced into the linux kernel in April 2008, and so essentially every distribution is affected, including RHEL (CentOS).

CentOS  have a new kernel release that patches the vulnerability in the standard and Xen kernels (2.6.18-194.11.4.el5), which is available via yum (two days ago) and this has been applied on all servers at Guru-host running CentOS or Redhat ES.
Due to have many servers in place this took a while and unfortunately one of them been compromised.

We’ve test with a kernel diagnostic tool the new release after applying the patch and everything is safe now (see output below).

[~]# ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit.

$$$ Kernel release: 2.6.18-194.11.4.el5
$$$ Backdoor in LSM (1/3): checking…not present.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking…not present.

Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.

—————————-

Dear all,

We’ve received yesterday many complains for sites been hacked on a particular Cpanel server (dionysos).
We are investigating this and will update this post as soon as we have more details.

Thanks

September 24, 2010 · admin · Comments Closed
Posted in: Network issues

SuPHP on Cpanel servers

Due to security issues we have upgrade all Cpanel servers with SuPHP enabled into PHP.
If you got any 500 Internal Server Error please make sure that every file has 644 permissions and folders are chmoded 755.

On Linux from terminal you can solve this by simply entering into your public_html folder and then type:

find . -type f | xargs chmod 644
find . -type d | xargs chmod 755
and also chown username:username * -R

September 21, 2010 · admin · Comments Closed
Posted in: Network issues

Scheduled downtime

All servers are back online, if you experience any problem please raise a support ticket.

——————–

Dear customer,

Due to new rack space on the data center where all Directadmin based shared hosting servers are hosted there will be a downtime on the night of 1st September to 2nd September 2010.

The mentioned servers won’t be accessible from 11:30 pm until about 2:30 am.

You wont lost any data as we will just move the server to a new rack but it will be always a good idea to get a local backup too. You can do that via Directadmin control panel. If you need help please open a ticket at https://guru-host.eu/client/

Once the operation at the new location is completed, we will verify the functionality of all servers and will update our status page here.

Best regards,

Guru-host Team

September 2, 2010 · admin · One Comment
Posted in: Network issues