sale of 2019 is live until Jan 1st 2020! Get 50% off Websites Security plans,
Server Management plans, Malware Cleanup & Removals, Website Firewall
protection and more.
Our website security solutions include website monitoring, Malware detection, Hack cleanup, Firewall protection and much more!
You can check our Free Website Security Scanner: https://scan.attacker.net/
Our Server Management plans are available for Linux & Windows servers.
You can also
check out our Outsourced Hosting Support services for white-labeled Hosting
Don’t miss checking out our Partnership & Affiliation offers at https://attacker.net/affiliate
Please use this promotion code to claim your discount: welcome2020
We provide a wide range of server management plans. You can completely customize your order or feel free to contact us. All of our experts are highly trained and certified. You can rest assured that you’re always in safe hands.
Our Server Management services:
Linux Server management
Windows Server Management
VPS Node management
Feel free to contact us for any customized or additional requests by clicking here
When decoding a guest write to a specific register in the virtual interrupt controller Xen would treat an invalid value as a critical error and crash the host.
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
|January 5, 2015
||MITRE reserved CVE
|February 12, 2015
||NVD published advisory
Vendor & other references
GHOST is a ‘buffer overflow’ bug affecting the
gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.
gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.
A list of affected Linux distros
- RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
- CentOS Linux version 5.x, 6.x & 7.x
- Ubuntu Linux version 10.04, 12.04 LTS
- Debian Linux version 7.x
- Linux Mint version 13.0
- Fedora Linux version 19 or older
- SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
- SUSE Linux Enterprise Software Development Kit 11 SP3
- SUSE Linux Enterprise Server 11 SP3 for VMware
- SUSE Linux Enterprise Server 11 SP3
- SUSE Linux Enterprise Server 11 SP2 LTSS
- SUSE Linux Enterprise Server 11 SP1 LTSS
- SUSE Linux Enterprise Server 10 SP4 LTSS
- SUSE Linux Enterprise Desktop 11 SP3
- Arch Linux glibc version <= 2.18-1
nscd packages on your system using:
Fix for Centos/RHEL/Fedora 5,6,7:
- yum update glibc
- Restart ALL running services or reboot the server as an alternative.
Fix for Ubuntu:
- sudo apt-get clean
- sudo apt-get update
- sudo reboot
Some 32 bit Operating Systems (OS) limit the amount of RAM they will support. Exceeding that limit may contribute to a number of problems. Therefore it is not supported. Upgrading to a 64 bit Operating Systems (OS) is recommended. A list of 32 bit Operating Systems (OS) with limited RAM is below.
Operating System (OS)
RAM Limit (GB)
|RHEL/CentOS 5 Minimal/LAMP
|RHEL/CentOS 6 Minimal/LAMP
|Ubuntu 8.04 LTS
|Ubuntu 10.04 LTS
|Ubuntu 12.04 LTS
Stop Apache and MySQL services.
# /etc/init.d/httpd stop; /etc/init.d/mysql stop
Take a backup of /tmp
Create a partition of 2GB using the below command
# dd if=/dev/zero of=/usr/temp-disk bs=2M count=1024
Create the file system on it using the mke2fs command
# mke2fs -j /usr/temp-disk
Unmount the current /tmp partition
Mount the new /tmp filesystem using the below command
# mount -t ext3 -o rw,noexec,nosuid,loop /usr/temp-disk /tmp
Set the correct permission for /tmp
To verify the partition, execute:
Restore the content of old /tmp.bkp directory
Start Apache and MySQL services.
# /etc/init.d/httpd start; /etc/init.d/mysql start
To make sure this partition is mounted automatically after every reboot, edit the /etc/fstab and replace /tmp entry line with the following one.
/usr/temp-disk /tmp ext3 rw,noexec,nosuid,loop 0 0
Creating and using strong passwords is an important part of your server security.
If your old password was compromised, make sure that your new password is very different from your old one.
Things to include
- At least eight characters.
- One or more of each of the following:
- lower-case letter
- upper-case letter
- punctuation mark
- Lookalike characters to protect against password glimpses. Examples:
- O as in Oscar and the number 0.
- Lower-case l and upper-case I.
- The letter S and the $ sign.
Things to avoid
- Words you can find in the dictionary.
- Passwords shown as “example strong passwords.”
- Personal information, such as names and birth dates.
- Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
- Common acronyms.
- All one type of character – such as all numbers, all upper-case letters, all lower-case letters, etc.
- Repeating characters, such as mmmm3333.
- The same password you use for another application.
Memorable password tips
While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.
- Create a unique acronym for a sentence or phrase you like.
- Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh.’
- Jumble together some pronounceable syllables, such as ‘iv,mockRek9.’
Keep your password secret
- Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
- Never write your password down, especially not anywhere near your computer.
- Do not store your password in a plain text file on your computer.
- Never send your password over an unecrypted connection – including unencrypted email.
- Periodically test your current password.
- Update your password every six months.
Password strength tests
This blog will cover the following topics:
- Attacker.NET offers & News
- Security Advisories
- Tutorials & How-To’s
- Genetal IT news, Issues and Best practices