رسالة وصلتني من الشركة المستضيفة للموقع
There will be an increased threat this weekend for site security due to
a well published web page defacement contest. ISS (internet Security
Systems) has sent an advisory to media organizations. Further media
information about this threat can be found at:
http://news.com.com/2100-1002_3-1023172.html?tag=fd_top
Due to the increased risk, we are encouraging our customers to take
pro-active measures.
All users should take the following measures, but further information
is
provided for Dedicated and Virtual Private Server customers. Dedicated
and VPS customers should pass this on to their customers.
1) Double check with your third party software vendor to make sure
there
are no known software vulnerabilities with installed software. This
information is usually found at your vendor's web page or
by searching BUGTRAQ archive http://www.securityfocus.org.
2) Good password security is a critical part of site security. Good
passwords: do not contain dictionary words (in any language), contain
mixed numerals and special characters, and
have a minimum length of 8 characters.
A suggested guideline for selecting secure passwords can be found at
http://www.alw.nih.gov/Security/Docs/passwd.html.
3) Use encrypted protocols when ever possible. For example using SSH
over telnet to access your account and SFTP over FTP to transfer files.
(Note: in some countries using encrypted software is against the law,
if
you have any questions check with local sources.)
4) Look for insecure file permissions on installation. World writeable
files and directories , especially ones that are under public_html
directories, pose a security threat. Password and sensitive
configuration files, should not be world readable.
____________________________________________________
**DEDICATED SERVER AND VPS CUSTOMERS ONLY**
For Dedicated Server and VPS customers the following information is
provided:
The following versions of software are the minimum versions of software
that have no current known issue:
http://www.venturesonline.com/support/latest-versions.php.
Dedicated Server customers need to check apache and Linux kernel
versions. VPS customers do not need to be concerned with this, as versions
are upgraded by Ventures Online at the multi-tenant level. Because the
security of our customers is a top priority, Ventures On-line will
assist with the following security-related upgrades at no charge.
Cpanel users have an upgrade feature available in WHM that will upgrade
the system packages, except for apache and kernel. We suggest upgrading
Cpanel if you run anything less than 6.4.0 STABLE-48.
For Cpanel, we suggest that the Linux kernel version be 2.4.21 , and
apache version 1.3.27 with php 4.3.2. The minimum versions to run are
apache 1.3.26 php 4.3.1, and 2.4.20 with a special security patch. If you
have any questions on the versions of software or require an upgrade,
please open a Help Desk ticket to request assistance. Unless you are an
experienced system administrator, we *do not* recommend performing
these upgrades yourself.
Ensim LS users should be running Ensim WEBppliance 3.1.11 LS, anything
less has known security issues and should be upgraded. To upgrade your
VPS or Dedicated Server please submit a Help Desk ticket.
Ensim PRO users should be running ensim WEBppliance 3.5.10 PRO, to
upgrade your VPS or Dedicated Server please submit a Help Desk ticket.
Plesk 2.x users should be running 2.5.5 with the following hotfix:
http://download1.plesk.com/psa2.x.x_hotfix/psa-2.x.x-fix-03102002.sh.tar.gz
Plesk 5.x users should be running 5.0.5. If you need assistance with
upgrading Plesk, please submit a Help Desk ticket.
Co-location customers: You are being copied on this notification as a
courtesy. If you would like any of the above services performed,
services will be provided at our standard technical support fees.
Best regards,
The Ventures Online Team
