How does an SSL work?

httpVShttps

Every single day 100s of terabytes of data is being transferred across the internet. In fact, based on Intel’s 2012 report, nearly 640K Gb of data is transferred every single minute. That’s more than 204 million Emails, 47,000 app downloads, 1.3 million YouTube videos watched and 6 million Facebook views. We’re talking about a seriously massive amount of data here. So how do we know if that data is being transferred securely? Enter the SSL/TLS protocols.
Continue reading “How does an SSL work?”

How KernelCare Protects Your Server

One of the most important things you can do to ensure the security and stability of your Linux server is to keep the kernel updated. Some Kernel updates patch security vulnerabilities and other issues. Kernel patches are released as issues are discovered.

Unless you are regularly checking for kernel updates, or your notified of a security issue, you may not be aware when a kernel update is available. Additionally, since updating the kernel traditionally requires a reboot, the prospect of associated downtime often prevents the updates from being applied as quickly as they should be.

KernelCare changes all that. Continue reading “How KernelCare Protects Your Server”

What Is KernelCare?

Tux the Penguin with Hotpatching (KernelCare)The concept of ‘Kernel hotpatching’, sometimes called live patching, was introduced to the Linux community around 2008. Soon after groups began developing differing implementations of the concept. KernelCare, one of the more popular implementations, was originally released in March 2014 by Cloud Linux, Inc. Continue reading “What Is KernelCare?”

Information on CVE-2015-5154

Overview

Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU’s IDE subsystem handles buffer access while processing certain ATAPI commands, exploitation can allow for the execution of arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.

Summary

  • Made public on July 27, 2015
  • This flaw exploits QEMU, a generic and open source machine emulator.
  • Allows for an attacker to execute arbitrary code outside of their own virtual machine.

Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-5154”

How to Upgrade and Patch cPanel / WHM

Pre-Flight Check

  • These instructions are intended specifically for checking your version of cPanel or WHM via the command line or the WHM dashboard.
  • I’ll be working from a Liquid Web Managed CentOS 7 server, and I’ll be logged in as root.

Step #1: Log In to WHM

First log in to WHM. You’ll arrive at your WHM dashboard:

How to Upgrade and Patch cPanel  WHM

Continue reading “How to Upgrade and Patch cPanel / WHM”

Error: Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]

This error relates to logging into phpMyAdmin, an open source tool used for the administration of MySQL.

Once in awhile, perhaps on a Development server, MySQL won’t be setup with a root password. The aforementioned configuration is generally thought of as against best practices however, if it is what you’re dealing with, then it could also interfere with phpMyAdmin.

Pre-Flight Check

  • These instructions are intended specifically for solving the error: Login without a password is forbidden by configuration (see AllowNoPassword).
  • I’ll be working from a Liquid Web Self Managed Ubuntu 15.04 server, and I’ll be logged in as root.

The Error

The error will read “Login without a password is forbidden by configuration (see AllowNoPassword)” as shown below.

Error Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]
Continue reading “Error: Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]”

Reminder: Fedora 20 Now End-of-Life (EOL)

Three versions of the Fedora OS are always kept active, at any given time, by The Fedora Project. These would be: 1. the current release, 2. the release before the current release, and 3. a new release that is in development. Last month saw the launch of Fedora 22 and Fedora 23 is in development, thus the time of Fedora 20 is over.

Fedora 20 has reached end-of-life as of June 23, 2015. This means that no additional security updates will be available from here forward.

Suggested Action

As of today, June 24, 2015, we suggest doing one of the following:

  • Upgrade to Fedora 21.
  • or Upgrade to Fedora 22.

Continue reading “Reminder: Fedora 20 Now End-of-Life (EOL)”

How to Start and Enable Firewalld on Fedora 22

It is highly recommended that you have a firewall protecting your server.

Pre-Flight Check

  • These instructions are intended specifically for enabling and starting firewalld on Fedora 22.
  • I’ll be working from a Liquid Web Self Managed Fedora 22 server, and I’ll be logged in as root.

Continue reading “How to Start and Enable Firewalld on Fedora 22”

How to Stop and Disable Firewalld on Fedora 22

It is highly recommended that you have another firewall protecting your network or server before, or immediately after, disabling firewalld.

Pre-Flight Check

  • These instructions are intended specifically for stopping and disabling firewalld on Fedora 22.
  • I’ll be working from a Liquid Web Self Managed Fedora 22 server, and I’ll be logged in as root.

Continue reading “How to Stop and Disable Firewalld on Fedora 22”