Blog Posts

Due to a vulnerability that appeared in Litespeed 5.1.16 and older versions, an update needs to be made on servers using Litespeed. After the update, the Litespeed version should be 5.1.17 as of today. Litespeed announced that version 5.1.17 closes the mentioned security vulnerability.

You can perform the update in 2 ways.

Via SSH connection;

/usr/local/lsws/admin/misc/lsup.sh

You can perform your update using this command.

From the cPanel Plugins section;

Current Version: 5.1.XXX

You can complete your update with this button.

Let’s Encrypt is a certificate authority service that operates automatically and for free in cPanel and many well-known hosting control panels. The Let’s Encrypt organization is supported by the Internet Security Research Group, which works to make the internet more secure without profit motive.

It is supported by most commonly used browsers and certificates are also supported without issues on smart devices (iOS, Android). It provides free support for all your subdomains including the main domain. Popular certificate providers required the site or subdomain to run on a dedicated IP for certificate installation; with the development of web clients, it has become possible to use multiple SSL certificates on a single IP without needing to use or purchase a dedicated IP for Let’s Encrypt certificates.

Let’s Encrypt provides certificates in 3-month periods and renews your certificate without any action required at the end of the period. Therefore, each of your certificates will be renewed after 90 days.

Note: Let’s Encrypt is not suitable for e-commerce sites.

Server management is the monitoring and control of server computers to which websites or all other applications connected to the internet or running locally are connected, in order to ensure they run properly and stably.

To better understand server management, it is necessary to address the answer to the question of what a server is and the differences between a server and hosting.

What is a Server?

They are hardware and software computer systems that share the data and information stored on them with users on the internet or computer network they are connected to, or with different computer network systems. Servers are high-capacity computers with much more advanced hardware features compared to personal computers used daily.

What is Hosting?

The hosting service, whose Turkish equivalent is “barındırma” (hosting), is provided through the server computers we defined above. The hosting service, where you can store your personal or corporate data and make this data accessible on the internet, is provided through servers configured for this purpose.

Server Management and Managed Servers

Server management is technically a comprehensive operation. To perform server management, it is necessary to be able to connect to the server with full authority, and you need to have high technical knowledge both in terms of hardware and software. We can refer to all intervention operations carried out to stabilize the server and ensure that the systems on it work without problems in any kind of issue that may arise on the server as server management.

We can generally summarize the stages of server management under the following headings.

• Monitoring the server,


• Performing necessary checks and work for the server to operate healthily,


• Regularly performing update and security settings for the operating system and software on the server,


• Intervening in problems that may occur on the server,


• In case of hardware problems, identifying and resolving the issue.

In dedicated server services provided by data centers, since full authority over the server is given to the customer, server management responsibility also belongs to the customer. All operations such as ensuring server security, installing required software, and making necessary interventions to the server in case of problems are under the responsibility of the server owner institution or person.

Physical server owners who do not want to perform server management related operations can request server management services from the company they rent the service from. However, data centers generally provide server management on a paid basis since custom solutions are produced for individuals or institutions for server management operations. You can receive server management support for a certain fee, or you can use the managed server service where all management belongs to the data center.

In the managed server service provided by our company, server management responsibility lies entirely with our support desk. This way, you save the time you would spend on server management. In our managed server service, no extra server management fee is charged. You can use our service with free server management and free cPanel license, and you can spend more time on your projects by leaving server management to our expert support team.

General Information

Since August 2016, a hacker group called “Shadow Brokers” has been publishing information, exploit codes, and malware belonging to a cyber espionage unit called “Equation Group”. In addition to the published data going back to January 2009, it contains detailed information about cyber security vulnerabilities targeting various operating systems and software published to date.

The published exploit codes also target network devices used in institutions. In addition, it has been observed that malware targeting end-user computers is among the published information. The ‘Wannacry’ malware, which recently affected corporate and individual systems worldwide, uses the aforementioned vulnerabilities and exploit codes that have been published. The hacker group announced that it will publish similar exploit codes and malware on a monthly basis.
Also, as of March 2017, data claimed to belong to foreign intelligence agencies, announced under the name ‘Vault 7’, has been leaked to the internet. This data includes software used to leave backdoors on IT system assets, primarily end-user systems. At the same time, malware that tends to spread through corporate networks using file servers is also included in ‘Vault 7’. It is likely that similar data will continue to be published in 2-3 week intervals.
In order for this leaked data not to affect corporate information security, it is necessary to create an inventory of information systems within the institution and to perform vulnerability detection and impact analysis on this inventory.

Affected Devices

Exploit codes and malware have been developed and spread on the internet that will affect the products listed below by type/brand/model. Therefore, it is important for institutions and organizations to detect these devices in their own information systems inventories (all internal and external networks) and take the necessary actions.

1. Network Devices

• Juniper Netscreen (NS5XT, NS50, NS200, NS500, ISG 1000, SSG140, SSG5, SSG20, SSG 320M, SSG 350M, SSG 520, SSG 550, SSG 520M, SSG 550M)


• Cisco PIX (500 Series) Cisco ASA (5505, 5510, 5520, 5540, 5550 series)


• Cisco Switch/Router (711, 712, 721, 722, 723, 724, 802, 803, 804, 805, 821, 822, 823, 824, 825, 831, 832, 841, 842, 843, 844)


• Fortinet FortiGate (60, 60M, 80C, 200A, 300A, 400A, 500A, 620B, 800, 3600)


• WatchGuard, Huawei


• Solaris 6 – 11

2. Operating System

• Windows XP


• Windows Server 2003


• Windows Vista


• Windows 7


• Windows Server 2008


• Windows 8


• Windows 8.1


• Windows Server 2012


• Windows 10


• Windows Server 2016

3. File Server

• Windows File Server

Solution

Institutions and organizations that have the products listed above in their inventories are required to apply the following controls:

• 
  

  Access controls

  
  
  
  
  • Access to management ports of network devices should be restricted on the internal network (access should be allowed only from certain interfaces and IPs) and access from the Internet should be blocked.
  
  
  • Access restrictions should be imposed on Windows devices from the Internet, and access to services such as SMB and RDP should be blocked if not necessary.
  
  
  • Access from the server network open to the Internet to the internal network should be restricted and domain structures should be kept separate.
  
  
  
  


• 
  

  Software with Update Support

  
  
  
  
  • It is observed that security patches are being published for products and services affected by published vulnerabilities or exploit codes. Although in exceptional cases, security patches are not published for old version software or operating systems without support. Institutions must use supported software and operating systems in their IT system assets, especially those accessible to the internet or to everyone or other systems on the network.
  
  
  
  


• 
  

  Password management

  
  
  
  
  • Use of simple and default passwords on servers, end-user devices and network equipment should be avoided.
  
  
  
  


• 
  

  Patch management

  
  
  
  
  • Security patches on network devices should be tracked and up-to-date firmware versions should be used.
  
  
  • Patch management platforms for Windows environments should be reviewed and security patches, especially those for remote code execution vulnerabilities (e.g. MS17-010), should be applied as soon as possible.
  
  
  
  


• Antivirus usage
  
  
  
  • Attention should be paid to the use of up-to-date antivirus/antimalware on end-user devices and servers.
  
  
  
  

Note: Cyber incident detection in the product families mentioned above; the control of possible compromise situations on network devices, servers and end-user computers can be ensured as follows;

1. 
   

   The following controls are recommended for detecting possible intrusion situations on network devices:

   
   
   
   
   • Network device configuration files should be examined and compared with backup files to detect possible anomalies.
   
   
   • Log records (self log) on network devices should be examined; possible anomalies in admin/system/root activities should be detected.
   
   
   • Processes on network devices and firewalls should be examined.
   
   
   
   


2. 
   

   Doublepulsar; this malware published to open an authorized backdoor on the system in Windows operating system exploit codes can be controlled over the network. A scan can be performed using the “nmap” tool on the SMB and RDP ports of the compromised machine:

   
   

   https://nmap.org/nsedoc/scripts/smb-double-pulsar-backdoor.html

   
   


3. 
   

   The Pandemic malware has been developed to spread to other devices on the internal network using file servers. This malware creates the following registry variable on Windows File Server; this record should be searched on the relevant servers.

   
   

   HKLMSYSTEMCurrentControlSetServicesNull -> Null value in the Instances sub-key.

   
   

The 4.7.5 version released by WordPress as a security update is now available for download. Please complete your update immediately for the security of your system.

The security vulnerabilities identified by the WordPress security team in version 4.7.4 are as follows:

• Cross Site Request Forgery (CSRF) vulnerability in the file system credentials dialog box.


• Cross-site scripting (XSS) vulnerability when attempting to upload very large files.


• A cross-site scripting (XSS) vulnerability related to the Customizer.

Source: [https://wordpress.org/news/2017/05/wordpress-4-7-5/]

Dear Customers,

A critical security vulnerability was announced in Joomla version 3.7.1, one of the frequently used CMS software. (Announcement published on Joomla.org)
The announcement also included information that the update related to the security vulnerability would be released at 17:00 Turkey time.

The Joomla security team announced that the patch to be released contains many security fixes and that this update MUST be applied. It was also stated that information about the vulnerabilities would be provided after the security patch is released.

Do not forget to update for your security. We present this for your information and wish you good work.

NS Settings

Name Server (NS) addresses are the name servers that will be used to query your domain name. In order for your website to work, NS redirection must be made from the domain registrar company to the NS addresses configured on the server. The process of creating these NS addresses on the server can be done in CWP panel via;
DNS Functions >> Edit Nameservers IPs.

Shared IP Setup

This section must not be skipped for your website to be active. The accounts you open will be created on the shared IP address set here. It is also used to select which IP address will be used if you have more than one IP address.
From CWP Settings >> Edit Settings, Shared IP and Root Email must be filled in.

Package Creation Process

In this section, the package to be determined for the account to be created is created. Usage limitations for the account related to the package are established.
Accessible from Packages >> Add a Package.

User Account Creation

In CWP panel, user accounts are created for sub-accounts other than the root account we use.
It enables the creation and restriction of sub-users similar to the cPanel section in WHM/cPanel.
Accessible from User Accounts >> New Account.

Overview

The Let’s Encrypt™ plugin offers the ability to automatically provision cPanel accounts with Let’s Encrypt SSL certificates for sites that do not have valid CA-signed SSL certificates.

NOTE: This plugin only integrates with the AutoSSL feature that generates SSL certificates for cPanel accounts. It does not generate hostname certificates for your system’s services.

Installation
To install the plugin, follow the steps below:

Log in to the command line via SSH as the ROOT user.

Run the following command

/scripts/install_lets_encrypt_autossl_provider

CWP Panel Addons Section

The CWP plugins menu comes with eXtplorer file manager by default.
You can add the eXtplorer file manager by providing a password.
It is an advanced file manager with Turkish language support.

Crontab

This is the section for creating cron jobs (scheduled tasks). There are options for creating simple and advanced crons. Additionally, a sample cron configuration is shown on the right side.

Change Password

This is the section for changing the account password.

Process List

Active running processes are listed in this section.

Edit php.ini

You can edit the php.ini for your account from this section.
You can edit existing PHP settings and new commands you need can also be added with the add option.

File Managements

File System Lock

File system lock locks all files and folders against all changes, also blocks all updates, file changes and even backup restore operations cannot be performed.
If you are the only person updating your website, this tool will help you fully protect your website.
You will need to remove this lock again when you need to edit your website.

Antivirus Scan

You can perform Malware and Virus scanning on your account with this tool.

FTP File Manager

WebFTP file manager allows you to access FTP through the browser and control your files.

FTP Accounts

FTP account creation and management operations are provided.

Backups

Backup creation tool. Creates a full backup of the account.

Softaculous

One-click script installation tool that allows you to easily install ready-made scripts for your service.

Domains

Add Domains

Addon domain addition section.

List Domains

Lists addon domains and their paths.

Add SubDomain

Subdomain addition section.

List SubDomain

Lists subdomains and their paths.

SQL Services

phpMyAdmin

Web MySQL database manager for the account.

MySQL Manager

MySQL databases, users and their access permissions can be created.

Show MySQL Processes

Shows real-time MySQL processes.

Email

Add Email Account

Email account creation and email forwarding operations are provided.

Add SubDomain Email

Email addresses can be created for subdomains.

List Email Accounts

List of email accounts.

List Email Forwarders

List of email forwarders.

Add AutoResponder

Automatic replies can be created for email addresses.