EHermits, Inc.

02/01/2022

If you use Essential Addons for Elementor for your WordPress sites, please be aware of this..

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code ex*****on (RCE) vulnerability in version 5.0.4 and older.

01/28/2015

Sn exploit was disclosed yesterday that affects all Linux releases since 2000. There will be a short downtime for each server as this is patched.
Retainer clients: Each of you will be contacted over the next 24 hours, as appropriate, in order to get this update applied.
https://access.redhat.com/security/cve/CVE-2015-0235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call [as the user ...]

12/18/2014

There is an emergency service maintence procedure occuring this morning to eliminate a security risk discovered in the servers' operating system. This is another attack that you may hear about on the news in the upcoming days. Please know that within the next hour, all of the servers should be updated. If you have seen any strange behavior from your website or email this morning, it is because your server is in the process of being updated.

The security risk named CVE-2014-9322 doesn't have a fancy name yet, but it does allow people, under certain conditions, to take over the servers.

Combined with the "SoakSoak" attack that has been in the news over the last couple days, I expect a lot of people will have their servers taken over and will have their websites go down or be used as spam sources. You do not need to worry. The "SoakSoak" vulnerability was patched on your server a week before it grew into a major attack and in the same fashion, CVE-2014-9322 is being patched immediately, before it becomes an issue.

We appologize for any difficulty this has caused. Thank you for hosting with us and do let us know if you have any questions.

-

Your friendly neighborhood eHermits

12/15/2014

For those who wonder what I do for my clients, those I support with maintenance contracts for their servers, this is a good example. I prevent and/or clean up issues like this one described by Sucuri Security. Sucuri does large scale security scans, while I offer similar services on a more individual basis.

Last Monday night, Dec 8, I caught onto an increased wave of attacks on the Revolution Slider plugin. I don't like it, but two sites sites on servers I monitor got compromised, but my tools on my server caught the issue and alerted me. I cleaned up those two sites and then bulletproofed a couple dozen sites more sites that had older vulnerable versions of the Revolution Slider installed.

I then did this across all of the servers that I maintain. I also wrote a routine to detect all of the customers on those servers that used the same password for their database as had for CPanel. That routine also created a new random cPanel password for each, as needed and allowed me (or the end client) to send an email to affected customers notifying them the password change.

Though Tuesday didn't go as planned, I was able to head off this attack so that none of the sites I maintain were among the 100K WordPress sites that have been compromised so far, as this attack morphed into something more invasive.

http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html

Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to t