Bash Code Injection Vulnerability (CVE-2014-7169) – Fix and Solution

Be advised, it’s a temporary fix released by Red Hat Security Response Team. The team is working on a full fix for which they are expected to release the patch soon.

The Bash vulnerability is supposed to be of higher criticality than Heartbleed. It’s found in all versions of the bash package shipped by Red Hat, it’s unclear since when it’s been there. With the CVE-2014-7169 vulnerability, users may have the capability of arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

Priority: Severe

The National Vulnerability Database has given a score of 10 i.e. highly severe, meaning it’s critical and the access complexity is Low. Hence, the vulnerability can be easily exploited by hackers if identified.

How to check if you have a vulnerable Bash version over your system ?

Run the below command to check :

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output is like:

env x echo vulnerable bash c echo this is a test Bash Code Injection Vulnerability (CVE 2014 7169)   Fix and Solution

it clearly means you have a vulnerable Bash version running on your system.

In that case, apply the following patch to fix it.

Upgrade Bash using the yum command in ssh:

yum upgrade bash

JPEG yum upgrade bash complete Bash Code Injection Vulnerability (CVE 2014 7169)   Fix and Solution

Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Once the bash update is complete, reboot your system for the new bash package to take effect.

External References:

  • http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

    https://bugzilla.redhat.com/show_bug.cgi?id=1141597

    https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

    https://access.redhat.com/articles/1200223

    https://access.redhat.com/security/cve/CVE-2014-6271

Posted in Tutorials / Howtos? | Tagged , | Leave a comment

Plesk 12 Demos – Parallels Web Hosting Control Panel

Plesk 12 Plesk 12 Demos   Parallels Web Hosting Control Panel

Parallels Plesk 12 offers an ideal hosting control panel for resellers, web admins and hosts offering web hosting solutions. Plesk needs no special explanation as people from the industry of server administration are well aware of its capabilities. With the recent release of Plesk 12, Parallels have further enhanced its features – which now allows users to convert resellers to customers and vice-versa on-the-fly. This version has a special inclusion of WordPress Toolkit for easing the task of management and security of WordPress sites.

Here are some resources to help you explore different areas of Plesk 12:

Login: admin
Password: panel

Login: admin
Password: panel

  • Plesk 12 Web Pro Edition – Power User Mode (Server + Site Management)

Login: admin
Password: panel

For Linux and Windows

  • Plesk 12 Web Host Edition – Service Provider Management

Login: admin
Password: panel

For Linux and Windows

Parallels has also provided a documentation which can be found here:

Information & image source : http://www.parallels.com

Posted in Tutorials / Howtos? | Tagged , , | Leave a comment

Failed to connect to database: User admin already has more than ‘max_user_connections’ active connections

This is one of the common backup errors produced when the maximum number of  connections to the database is surpassed – after which this message is thrown “Failed to connect to database: User admin already has more than ‘max_user_connections’ active connections

In such a situation, unless any of the previously active connection is closed, no more connections can be established with the database. This may happen at occasions when there are too many requests made to the database OR a certain script consistently request for too many connections at any given point of time.

How to troubleshoot the backup error : Failed to connect to database?

Step 1 : RDP into the windows server.

Step 2 : Edit the file C:\Program Files\Parallels\Plesk\MySQL\Data\my.ini

Step 3 : Check the settings max_user_connections and increase the value or better remove the max_user_connections parameter and mysql default settings will be applied. This is how the file looks like :

my.ini  Failed to connect to database: User admin already has more than ‘max user connections’ active connections

Posted in Tutorials / Howtos? | Tagged , | Leave a comment

Addon domain not present while adding forwarder OR creating new email account – cPanel

If an addon domain is not displayed while creating an email account OR while adding a new forwarder whereas all the other files related to the domain can be found over the server then :

Step 1 : Check the user file at

/var/cpanel/users/oy

where oy is the username of the account

Step 2 : Add the entry of domain if not present

Hope this resolves the issue for you !

Well, if it doesn’t, please feel free to contact our technical support department via. email or live chat and we’d be glad to assist.

NOTE : Please keep your server details ready inorder to help save time of both of us.

Posted in Tutorials / Howtos? | Tagged , | Leave a comment

How to add SMTP ports in cPanel, inaddition to the default ports?

At-times users may run into a situation where some local ISP’s may deny services to be run over port 25 (which is the default port for SMTP) for certain reasons – usually due to security purposes. In that case server administrators configure and enable the alternative SMTP port on a server, which the end user can use as an alternative SMTP port in email account setups on their local PCs.

Following are the steps to add alternative SMTP ports via. WHM/cPanel

Step 1 : Login to WHM

WHM login screen How to add SMTP ports in cPanel, inaddition to the default ports?

Step 2 : Click on Service Configuration >> Service Manager

WHM service configuration screen grab How to add SMTP ports in cPanel, inaddition to the default ports?

Step 3 : Select exim on another port option

WHM exim configuration manager screen grab How to add SMTP ports in cPanel, inaddition to the default ports?

Step 4 : You can open additional port along with the default port 25.

WHM exim on alternate port How to add SMTP ports in cPanel, inaddition to the default ports?

If you need any help with this, please feel free to contact our support department, we’d be glad to assist.

Posted in Tutorials / Howtos? | Tagged , , | Leave a comment

.UK Domain Names – Reservation Procedures

On the 10 June 2014, the shorter, smarter and snappier .uk domain name launched, which brought with it the biggest major change to the UK namespace in many years. Now, for the first time, you can get the domain name you’ve always wanted on the top-level “.uk” extension directly.

In order to protect owners of .co.uk, .org.uk or .me.uk domains that were registered before the new shorter .uk extension went live, some .uk domains that are available for registration but have a matching .co.uk, .org.uk or .me.uk already registered may be subject to reservation rules by Nominet, the UK’s domains registry.

Any .uk domain that is protected by reservation can only be registered by the owner of the equivalent .co.uk, .org.uk or .me.uk that is entitled to register the .uk domain first.

Definitions

  • “cut off date” refers to 23:59 GMT on 28 October 2013
  • “launch date” refers to 08:00 BST on 10 June 2014
  • “reservation period” refers to 5 years from 10 June 2014 until 10 June 2019

Please see the list below:

For .uk domains

  • If you registered a .uk domain name before the cut off date and is still active, you have the first right to register the matching .uk domain name and is therefore exclusively reserved for you.
  • If you registered a .uk domain name after the cut off date but before the launch date and is still active, and there was no matching .org.uk or .me.uk registered before the cut off date, you have the first right to register the matching .uk domain name and is therefore exclusively reserved for you.

For .org.uk domains

  • If you have registered a .org.uk domain name before the cut off date and is still active, and there was no matching .co.uk registered before the cut off date, you have the first right to the matching .uk domain name and is therefore exclusively reserved for you.

For .me.uk domains

  • If you have registered a .me.uk domain name before the cut off date and is still active, and there was no matching .org.uk or co.uk registered before the cut off date, you have the first right to the matching .uk domain name and is therefore exclusively reserved for you.

The first right of registration lasts for 5 years from the 10 June 2014 – the “reservation period”.

How can I check whether a .uk domain name is already “reserved”?

You can use Nominet’s free tool to check.

Is this reservation service free of charge?

Yes. When you claim any reserved .uk domain name, you simply pay our standard fee for the registration.

I do not want to register my reserved .uk domain name.

If you do not wish to register the .uk domain name that has been reserved for you, there is nothing you need to do. It will remain reserved for the remainder of the reservation period if you change your mind later on.

What do I need to do if I want to let someone else register my reserved domain?

You will need to register the domain name yourself and then transfer it over to its new owner.

Can I release a .uk domain name from reservation if I do not want it?

Unfortunately, this is not possible. It will remain reserved until the end of the reservation period.

If you have any questions not answered here, please feel free to call our knowledgeable sales team on 0800 862 0890 or speak with us via our 24×7 live chat service.

Posted in Domain And DNS | Tagged , , , , , , | 1 Comment

error: Failed dependencies – Avast antivirus Troubleshooting over Linux Platform

It’s just recently when one of our clients faced an issue while installing Avast anti-virus over a Linux platform. The error that was thrown said ‘error: Failed dependencies: libavastengine >= 4.7.0 is needed by avast4server-3.2.1-1.i586’

While troubleshooting the issue, we realized that, because the system could not find the avast engine, that the error was thrown.

Here’s how the error looks ?

root@server3 [~]# rpm -ivh avast4server-3.2.1-1.i586.rpm
error: Failed dependencies:
libavastengine >= 4.7.0 is needed by avast4server-3.2.1-1.i586

SOLUTION:

You must install avast kernel library libavastengine for this package

Once done, simply install the appropriate rpm package and retry installing Avast. Under most ideal circumstances, it should be installed without any issue.

If you do face any issue with it, please feel free to seek assistance from our support department by initiating a chat from our website, we would be glad to assist.

468x60px error: Failed dependencies – Avast antivirus Troubleshooting over Linux Platform

Posted in Tutorials / Howtos? | Tagged , , | Leave a comment

How to Access Drupal from a temporary URL?

Before publishing a site over the Internet, we prefer to ensure that everything over the website is just how we expected. In such a case having accessing our Drupal based website on a cPanel hosting server with a temporary url can come-in handy.

For example:

http://yourserverip/~username/your-test-website

Note :: For explanation ‘your-test-website’ is where the Drupal site is configured. Paths may vary according to configuration

Following the steps below should help you set-up a site over a temporary url:

Step 1 – Find the file /public_html/sites/default/settings.php over the server
Step 2 – Find the setting “$base_url = ”.
Un-comment the line and replace with the below:

$base_url = ‘http://serverip/~test’;

NOTE :: Do not add a trailing slash

Step 3 – You must now configure the .htaccess for appropriate redirections.

Step 4 – Open.htaccess file in the drupal directory.( /public_html/your-test-website/.htaccess)

Find the line which says ‘RewriteBase /

Uncomment the line and replace it with the following:

RewriteBase /~username

Step 5 – Save the file.

Now try accessing your domain using the temporary URL. :

http://yourserverip/~username/your-test-website

.
By doing this, you can test your website without publishing over the web. Once you are assured about its functionality, you may move the entire directory under the main domain to make the site publicly accessible.

Posted in Tutorials / Howtos? | Tagged , , | Leave a comment

Reuter: cPanel Updates- EasyApache 3.24.18 Officially Released

cPanel, Inc. has released EasyApache 3.24.18 with PHP versions 5.5.12 and 5.4.28. This release addresses the PHP vulnerability CVE-2014-0185 with the fix to a bug in the FPM package. We encourage all users using our PHP hosting services to upgrade to PHP version 5.5.12 or PHP version 5.4.28.

NOTE: Please consult your developers before requesting and upgrade.

AFFECTED VERSIONS
All versions of PHP version 5.5 before 5.5.12.
All versions of PHP version 5.4 before 5.4.28.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0185 – MEDIUM

PHP 5.5.12: Fixed bug in the FPM package related to CVE-2014-0185.

PHP 5.4.28: Fixed bug in the FPM package related to CVE-2014-0185.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.18 with the updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCE:

http://cpanel.net/news/

Posted in Sales FAQ | Tagged , | Leave a comment

Apache Error Troubleshooting: Easyache Fails and Apache Fails To Start Too

At times server administrators may run into a situation where, when trying to rebuild apache it tends to go on failing and keep throwing an error which looks like :

Updating Apache configuration
Updating Apache configuration
Distilled successfully
!! Executing '/scripts/initsslhttpd' !!
!! Executing '/scripts/update_apachectl' !!
!! Restarting 'httpd' ... !!
!! Failed to restart Apache. !!
!! Apache restart failed. Unable to load pid from pid file and no httpd process found in process list.
If apache restart reported success but it failed soon after, it may be caused by oddities with mod_ssl.
You should run /usr/local/cpanel/scripts/ssl_crt_status as part of your troubleshooting process. Pass it --help for more details.
Also be sure to examine apache's various log files.
!! Archiving successful build so it can be restored via --restore-archive once the httpd.conf are resolved !!
!! 'safecopy(/usr/local/apache/etc, /usr/local/apache.ea3-buildok-confgen-failed)' did not return true !!
!! '/usr/local/apache/conf/httpd.conf.1348625171' does not exist, using '/usr/local/apache/conf/httpd.conf' instead !!
!! Done Archiving successful build !!
!! Restoring original working apache !!
!! Executing '/scripts/initsslhttpd' !!

This is usually because of the SSL settings in Apache – resetting the SSL ciphers to default settings and then running the easyapache should help you resolve the problem.

If you have a server with us, please feel free to contact our technical support department for assistance with respect to this issue. We stand-by to assist.

728x90 Apache Error Troubleshooting: Easyache Fails and Apache Fails To Start Too

WHUK’s reliable Dell Branded LAMP Dedicated Servers

Posted in Dedicated Hosting, Tutorials / Howtos? | Tagged , , | Leave a comment