Credential Stuffing Bonanza Hits File Sharing Sites

A massive collection of authentic email addresses and passwords was discovered on a file sharing service earlier this month. By massive, I mean truly enormous, dwarfing run-of-the-mill data dumps with “only” hundreds of millions of records. The Collection #1 data set, given that name by Troy Hunt, includes 2,692,818,238 records. That’s one record for every third person living on Earth. Amongst those records are 1.1 billion unique email/password combinations, almost 800 million unique email addresses, and 21 million unique passwords. My email address is in there, and yours probably is too.

Cybersecurity in 2019: Two Attacks Server Admins Should Prepare For

The cybersecurity landscape evolves. New technologies breed new attacks. Motivated criminals seek out novel vectors and vulnerabilities. Changes in consumer behavior open lucrative new avenues of attack. As server administrators fight back, attackers double down or focus on neglected weaknesses. Server administrators should invest their limited time where it will have the most impact. They must understand today’s threat landscape to effectively fight back.

What Is ModSecurity and Why Should Server Hosting Clients Use It?

ModSecurity is a web application firewall (WAF) that can protect sites and applications against many common attacks, including cross-site scripting and code injection attacks. ModSecurity is a handy tool to have in your arsenal if your server runs dynamic content management systems like WordPress or eCommerce applications like Magento. But doesn’t your server already have a firewall? Yes, it’s built into the kernel, but WAF’s like ModSecurity play a complementary role.

Drupalgeddon Strikes Again: Unpatched Drupal Sites At Risk Of Compromise

In April, we released an advisory warning Drupal users to update immediately. Attackers were exploiting a critical remote code execution vulnerability in several Drupal components. The vulnerability — which was named Drupalgeddon — could be used to take over a Drupal site and possibly the server hosting it. As 2019 comes to an end, it appears many Drupal users failed to heed the warning. Attacks using Drupalgeddon are still being used to compromise Drupal sites and servers. A recent surge in attacks exploiting this vulnerability makes updating a matter of urgency.

  • Monday, February 04, 2019
  • Linux

Why Does Every Supercomputer Run On Linux?

Linux is everywhere. The cloud runs almost entirely on Linux. The majority of websites, web applications, and online services are hosted on servers that run Linux. Android is, at its core, based on Linux. If you use the internet or a non-Apple smartphone, you use Linux. So Linux is used by everyone in developed countries and the majority of people in developing countries. It’s also used on every one of the 500 fastest computers in the world.

  • Wednesday, January 30, 2019
  • Linux

Scheduling Tasks With Cron On CentOS 7

Executing commands on a schedule is one of the core roles of a server. Whether it’s clearing caches, rotating logs, querying APIs, or simply pinging a site to see if it is available, scheduling commands is a common server administration task. There are web services and applications that can run tasks on a schedule, but every CentOS 7 server already includes a flexible and powerful scheduling tool called cron.

It’s Time To Say Goodbye To PHP 5.6

The web runs on PHP. The most popular content management systems, including WordPress, are PHP. The most widely used eCommerce applications are PHP, including Magento and WooCommerce. If your business operates a custom web application, it’s probably built on PHP (although Node and other modern server-side languages are making inroads). What’s more, many of these websites, eCommerce stores, and web applications use PHP 5.6, which reaches the end of its life when 2018 comes to a close.