RSS Feed
Latest Updates
Oct
28
Enable Two-factor Authentication
Posted by Bill Williams on 28 October 2016 09:04 PM

Recent security developments have made it necessary for us to introduce a 2nd level of security (Two-Factor Authentication) on Customer Portal. This will ensure that even if your Registered email address and CustomerPortal password are compromised, your account will remain secure. To enable time based two-factor authentication,

please visit 
Customer Portal >> My Details >> Security Settings

OR 

Visit URL: https://www.indichosts.net/billing/clientarea.php?action=security

Here you will be presented with an option to enable Two-Factor Authentication.

Please complete the process and enable it.


Read more »



Oct
27
Security Advisory: Important Linux Kernel Vulnerability - Fixed
Posted by Bill Williams on 27 October 2016 02:56 AM

A vulnerability has recently been disclosed in the Linux kernel which affects all supported Linux systems running any distribution.  This vulnerability is serious and may allow a remote exploit or local user to cause privilege escalation, resulting in root access to your server. A working example of the exploit has already been publicly disclosed, thus no advanced knowledge of the Linux kernel is required to gain root access once shell access has been obtained on the target system.

The CVE entry for this vulnerability may be found here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

Windows users are unaffected by this vulnerability.  We have not evaluated the status of Linux distributions or versions not mentioned here.  You should consult your distribution's security documentation to determine if your distribution is vulnerable and how to apply the update.

It is especially important to upgrade your kernel if your system provides multi-user services via shell accounts, jail or container-based virtualization, or dynamic web sites. Updates which fix this vulnerability and other security issues and bugs are available immediately for most systems.

CENTOS

CentOS has patched this vulnerability as of:

     * CentOS 7: October 24th, 2016
     * CentOS 6: October 26th, 2016
     * CentOS 5: Updated packages are not yet available.  This post will be updated when they are published.

To verify your system is running the correct kernel, run the following
command:

uname -r

The version should be greater than or equal to the following, depending on your distribution:

     * CentOS 7: 3.10.0-327.36.3
     * CentOS 6: 2.6.32-642.6.2

If your version does not match, please run the following command and ensure an update to the kernel package is included:

yum -y update kernel

If no update is available, please try the following commands, then repeat the command above:

yum clean metadata
curl -s mirror.steadfast.net/mirrorize | bash

These commands will remove cached update information and force your server to use our mirror server, which is known to already contain the updated kernel version.

After the upgrade processes, you should REBOOT your system _as soon as possible_.

Red Hat published the following advisories regarding this
vulnerability:

     * https://access.redhat.com/security/cve/CVE-2016-5195
     * https://access.redhat.com/security/vulnerabilities/2706661

DEBIAN

Debian has patched this vulnerability as of October 20th, 2016.

To verify your system is running the correct kernel, run the following
command:

uname -v

The version (appearing after "#1 SMP Debian") should be greater than or equal to the following, depending on your distribution:

     * Debian 8 (Jessie): 3.16.36-1+deb8u2
     * Debian 7 (Wheezy): 3.2.84-1
     * Debian 6 (Squeeze): You must upgrade to Debian 7 or later.  This version is no longer supported.

If your version does not match, please run the following command and ensure an update to the kernel package is included:

apt-get update
apt-get install linux-image-`uname -r`

If no update is available, please try the following commands, then repeat the commands above:

curl -s mirror.steadfast.net/mirrorize | bash

This command will force your server to use our mirror server, which is known to already contain the updated kernel version.

After the upgrade processes, you should REBOOT your system _as soon as possible_.

Debian published the following advisories regarding this
vulnerability:

     * https://security-tracker.debian.org/tracker/CVE-2016-5195
     * Jessie: https://www.debian.org/security/2016/dsa-3696
     * Wheezy: https://lists.debian.org/debian-lts-announce/2016/10/msg00026.html


Read more »