We can never expect a dull moment this year. From the Microsoft buying GitHub to more data breaches, check out some good content in our round up! If you enjoy this collection of the web’s top articles, feel free to follow us over on Facebook, Twitter, and Google+ for the same great content the rest of the year.
A massive collection of authentic email addresses and passwords was discovered on a file sharing service earlier this month. By massive, I mean truly enormous, dwarfing run-of-the-mill data dumps with “only” hundreds of millions of records. The Collection #1 data set, given that name by Troy Hunt, includes 2,692,818,238 records. That’s one record for every third person living on Earth. Amongst those records are 1.1 billion unique email/password combinations, almost 800 million unique email addresses, and 21 million unique passwords. My email address is in there, and yours probably is too.
The cybersecurity landscape evolves. New technologies breed new attacks. Motivated criminals seek out novel vectors and vulnerabilities. Changes in consumer behavior open lucrative new avenues of attack. As server administrators fight back, attackers double down or focus on neglected weaknesses. Server administrators should invest their limited time where it will have the most impact. They must understand today’s threat landscape to effectively fight back.
CentOS 7 is among the most secure and stable Linux distributions in the world. That’s why we use CentOS on our virtual private servers and dedicated servers. But server administrators should be familiar with a few security configuration tweaks.
ModSecurity is a web application firewall (WAF) that can protect sites and applications against many common attacks, including cross-site scripting and code injection attacks. ModSecurity is a handy tool to have in your arsenal if your server runs dynamic content management systems like WordPress or eCommerce applications like Magento. But doesn’t your server already have a firewall? Yes, it’s built into the kernel, but WAF’s like ModSecurity play a complementary role.
In April, we released an advisory warning Drupal users to update immediately. Attackers were exploiting a critical remote code execution vulnerability in several Drupal components. The vulnerability — which was named Drupalgeddon — could be used to take over a Drupal site and possibly the server hosting it. As 2019 comes to an end, it appears many Drupal users failed to heed the warning. Attacks using Drupalgeddon are still being used to compromise Drupal sites and servers. A recent surge in attacks exploiting this vulnerability makes updating a matter of urgency.
84%. That’s the number of cyber attacks which, according to a survey conducted at the 2017 Black Hat Conference, can be attributed at least partially to human error. Everything from ransomware to hijacked credentials to unintentional leaks.
Linux is everywhere. The cloud runs almost entirely on Linux. The majority of websites, web applications, and online services are hosted on servers that run Linux. Android is, at its core, based on Linux. If you use the internet or a non-Apple smartphone, you use Linux. So Linux is used by everyone in developed countries and the majority of people in developing countries. It’s also used on every one of the 500 fastest computers in the world.
Executing commands on a schedule is one of the core roles of a server. Whether it’s clearing caches, rotating logs, querying APIs, or simply pinging a site to see if it is available, scheduling commands is a common server administration task. There are web services and applications that can run tasks on a schedule, but every CentOS 7 server already includes a flexible and powerful scheduling tool called cron.
The web runs on PHP. The most popular content management systems, including WordPress, are PHP. The most widely used eCommerce applications are PHP, including Magento and WooCommerce. If your business operates a custom web application, it’s probably built on PHP (although Node and other modern server-side languages are making inroads). What’s more, many of these websites, eCommerce stores, and web applications use PHP 5.6, which reaches the end of its life when 2018 comes to a close.