" rel="stylesheet" />
Greg Zemskov

Avoid Multi-Site Hacking – Part 2

In Part 1, we looked at security isolation as a technical solution for preventing infections on one site spreading to neighboring sites in multi-site hosting systems. In Part 2, we'll consider other non-technical ways to beef up multi-site protection. Site security = technical protection + organizational measuresIf you don't use security isolation on sites in the same hosting account, you should at least give each site its own account. However, this is often impossible, as the combined sum of each site's content resource needs (disk, memory) is too great.This is where the next elements of complex security come in. I call them organizational measures. Here are some examples.​Secure workplaces...
Continue reading
  3322 Hits
  0 Comments
Greg Zemskov

Avoid Multi-Site Hacking – Part 1

Running shared or VPS servers has risks. When one site is hacked, neighbors succumb shortly after. In this two-part article, I'll explain the risks in detail and what you can do to mitigate them. Shared hosting and VPS servers allow you to host several sites within one user account. If you're a webmaster, a web studio, an Internet agency, or a business owner, you do this not only for convenience but also to save money, as it is cheaper than buying separate accounts for each site. But there's a problem. Multi-site accounts are vulnerable to hacking and the subsequent infection of the entire hosting account. Often, there are dozens of "patients" (tenants) on the same site who urgently need tre...
Continue reading
  4560 Hits
  0 Comments
Paul Jacobs

Why every month should be National Cybersecurity Awareness Month

This month, October 2018, in the US it is the 15th National Cybersecurity Awareness Month. Another month, another 'awareness'. Does this suppose that all the other 11 months we should be less aware? Do hackers make a special effort to be nicer in October? Do they leave love letters on your server instead of malware? Does it help if you live on Tokelau*? No. EVERY month is cybersecurity awareness month, and every week and every day and every second of every day, everywhere. Because cyber attacks are automated. Hackers are using scripts and scalable tools to do the grunt work, the same way you make scripts to automate tedious tasks on your servers. Here's a recipe for success this cybersecurit...
Continue reading
  3561 Hits
  0 Comments
Kirill Bykov

Imunify360 beta now supports Ubuntu

We are happy to announce that Ubuntu 16.04 LTS support was added with the Imunify360 3.6.0 beta release. This means that Plesk users can now take advantage of all Imunify360 security features including the new Proactive Defense, advanced firewall, malware scanning (antivirus), IDS/IPS protection, reputation management, and much more, all inside one comprehensive but simple-to-use dashboard. As you know, Imunify360 runs on CentOS 6 & 7, and CloudLinux OS 6 & 7 distributions. We have now added Ubuntu 16.04 LTS to that list. Plesk customers can install Imunify360 for Ubuntu using these instructions. After installation, customers will find Imunify360 in Plesk's "Links to Additional Servi...
Continue reading
Tags:
  3085 Hits
  0 Comments
Igor Seletskiy

Meet Imunify360 with Proactive Defense, the sophisticated protection against any kind of malware, all in one nice package.

Proactive Defense, the new feature of Imunify360, has now been released to production for cPanel customers. This new technology has made a significant contribution in our multi-layer security in stopping malware and protecting your Linux Web servers from most, if not all, attacks. Security has to be effective, and Imunify360 with Proactive Defense is. Proactive Defense protects against malicious activity not by scanning and identifying signatures of malware, but by recognizing malicious intent based on the behavior of the PHP scripts. While there are millions of various strains out in the wild, all malware behave in a similar manner, and the number of variations of those behaviors is relativ...
Continue reading
  3798 Hits
  0 Comments
Igor Seletskiy

How to stop playing Whack-A-Mole with malware and actually protect servers from attacks

​Software vulnerabilities are constantly being exploited and monetized, and organized crime now consist of large development teams with substantial budgets. It has become a profitable industry that has seen rapid growth, fueled by ransomware schemes and cryptomining exploits, all without dire consequences. Malware is used by attackers to steal data, bypass access controls, remotely execute files, modify system configurations, and much more.  Web applications, such as WordPress and its plugins, are especially appealing to attackers as they are widely used and easily exploited, but Imunify360 -- with the newly released Proactive Defense -- can protect those applications against both ...
Continue reading
  3768 Hits
  0 Comments
Kirill Bykov

New! Proactive Defense, now in Imunify360 beta, prevents hackers from getting into your servers.

In the past decade, malware has become considerably more sophisticated, but the industry is still focused on developing solutions for cleaning and removing malware. Proactive Defense, the new feature of Imunify360 now in beta, adds a different approach to protect your Linux web servers - it actually prevents malware from running in the first place.Here is how Proactive Defense in Imunify360 works:Proactive Defense continuously analyses running scripts, identifies dangerous behaviors in Linux web servers in real time, then blocks potentially malicious executions automatically and with zero latency. It protects websites running PHP, the most common programming language, against zero-...
Continue reading
  4098 Hits
  0 Comments
Igor Seletskiy

CloudLinux and GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in the EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. For the last six months, we were actively working to make all parts of Cloud Linux Inc GDPR compliant. Here is what was done. 
  3270 Hits
  0 Comments
Kirill Bykov

Imunify360 Protects You Against Both Drupal Exploits

Drupal has recently patched a critical remote code execution exploit, which we wrote about earlier this month. The second part of that vulnerability, CVE-2018-7602 is now here. Again, this vulnerability may result in Drupal sites to be completely compromised. According to Drupal advisory, both of these vulnerabilities are being exploited in the wild.However, if you are using Imunify360, you don't have to worry about it, at least not for now. Earlier this month, we have added a rule CVE-2018-7600 to our database to detect and block suspicious requests. Now, we have pushed a rule CVE-2018-7602 to master and have deployed it to all our customers. While we always recommend updating the vuln...
Continue reading
Tags:
  3277 Hits
  0 Comments