This is how many services we host…

Last week, a collegue and I attended LARV (a career day for students at Luleå university in Sweden) and met a lot of curious students. It was a day with many rewarding conversations with the students. Who knows, we might meet in the future again?

319860_499138873469762_1921350678_n

During the day we arranged a competition at our booth where the students would answer the question: “How many sites does Basefarm hosts?” That means how many services we host throughout Basefarm, including Norway and The Netherlands. You who attended the competition is certainly curious to know who won? Many students participated in the competition, but the one who guessed closest was Maxime Koitsalu who guessed 40 000. The exact number of services are currently 34 689! Since we have customers in 23 countries and every customer often have more than one service, it becomes a lot in total.

Congratulations Maxime and hope you will like your subscription on Filmnet! 🙂

UPnP Vulnerability

On Tuesday, computer security firm Rapid 7 released information that they found approximately 23 million products connected to the Internet that are susceptible to being completely taken over by anyone with bad willed intent, and another 40 million can be shut down remotely by someone who wants to. The vulnerability affects 1500 vendors (including vendors such as Linksys, D-Link and Netgear) and almost 7000 products (ranging from routers, TVs, Media Devices etc). So, if you are for example running a Linksys WRT610N router at home that you use when connecting to the VPN at the office, then someone could potentially access this router and set up a man-in-the-middle attack in order to get your credentials or whatever they want to do. Due to the amount of devices affected, it’s suggested by the vendors that you simply disable UPnP in your router or other devices unless you explicitly need it. You can find information on how to do this on the page of your vendor.

Rapid7-Chart-on-UPnP
Chart courtesy of Rapid7

More information:
http://www.kb.cert.org/vuls/id/922681
http://www.wired.com/threatlevel/2013/01/plug-n-play-security-flaws/
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

High risk Ruby on Rails vulnerability

Most users tend to run Ruby on Rails 3.2 these days, but some still run Rails 3.0 or 2.3.
Those who do can not update their application to run Rails 3.2 and need to run Rails 3.0 or 2.3 are strongly advised to update their Rails to 3.0.20 or 2.3.16.

To quote the authors of rails;
“I’d like to announce that 3.0.20, and 2.3.16 have been released. These releases contain one extremely critical security fix so please update IMMEDIATELY.”

“Impact
– ——
The JSON Parsing code in Rails 2.3 and 3.0 support multiple parsing
backends. One of the backends involves transforming the JSON into
YAML, and passing that through the YAML parser. Using a specially
crafted payload attackers can trick the backend into decoding a subset
of YAML. ”

More information:
http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

High Risk WordPress vulnerability

WordPress pushed out version 3.5.1 of its open source blogging platform yesterday, fixing 37 bugs including several cross-site scripting (XSS) errors and a vulnerability that could have allowed an attacker to expose information and compromise an unpatched site.

Until yesterday, the aforementioned vulnerability, discovered by security researchers Gennady Kovshenin and Ryan Dewhurst, affected all versions of the platform. This particular problem could be exploited with a server-side request forgery (SSRF) attack and remote port scanning using pingbacks. Essentially, if left unpatched, an attacker could have forced a server into sending packets of information from the attacker to another server, even if it was behind a firewall.

The update also fixes the following XSS errors:
Two instances of cross-site scripting via shortcodes and post content.
A XSS vulnerability in the external library Plupload.

Due to the nature of this release, it’s advised that anyone running WordPress have their WordPress installations updated.

Further information can be found here:
http://wordpress.org/news/2013/01/wordpress-3-5-1/
http://core.trac.wordpress.org/query?milestone=3.5.1
http://threatpost.com/en_us/blogs/wordpress-fixes-37-bugs-latest-update-012513

Basic inventory of HyperV virtual machines using PowerShell

Here at Basefarm we operate at a large scale with thousands of servers running for our customers. Quite often a customers asks for a list of machines with various properties for each machine.

Most of the time the customer want this information in an simple format so that they can use it internally. In this blogpost I will show how you can get the information about memory, CPU count etc for a set of Hyper-V machines from Virtual Machine Manager via PowerShell.

First off, start a PowerShell command line and load the PowerShell Snap-In for Virtual Machine Manager.

Add-PSSnapin -Name Microsoft.SystemCenter.VirtualMachineManager

Now we can work with the commands made available to us by the Snap-In, if you want to find all the commands that are available issue:

Get-Command -Module Microsoft.SystemCenter.VirtualMachineManager

So let’s begin by loading information about all our machines from the VMM host into a variable named $VMs

$VMs = Get-VM -VMMServer hyperv-vmm01.sth.basefarm.net

What the above command does is to load all of the VMs on the host HYPER-V-01.mydomain.com into the variable $VMs. This means we will only do one call to the server which avoid generating unnecessary load.

Now let’s check how many machines we have:

$VMs.Count

And now that we know we have machines to query, let’s find out what attributes exists (things we can get into our output)

$VMs | Get-Member -MemberType Property

For example, to find all macines that are powered off:

$VMs | where { $_.Status -eq 'PowerOff' } | select VMHost, name , Memory, CPUCount , Status

The above example adds some complexity to the command, but it is to filter so we only see machines that have the status is ‘PowerOff’.

Now let’s get what we wanted from the beginning, a list of machines for a specific customer. The list should include name of the VM host, VM name, memory, number of CPUs and current status.

$VMs | where { $_.Name -Match 'CUST*' } | select VMHost, name , Memory, CPUCount , Status

This will list all machines who’s name begins with ‘CUST’. So we now have found what we wanted!

But instead of copying & pasting this we want to write the result to a CSV file so we can send that to the customer. Let’s make that easier by getting the output of the above command into a variable named $result

$result = $VMs | where { $_.Name -Match 'LFO*' } | select VMHost, name , Memory, CPUCount , Status

Now our ‘report’ is stored in the $result variable and we can use standard PowerShell to export it to a CSV file:

$result | Export-Csv -NoTypeInformation -Delimiter ';' .\report.csv

Now our report is available in a CSV file on the file ‘report.csv’ (in the current directory)

A very basic way of getting your Hyper-V inventory out!

LinkedIn Phishing mails

There’s been a couple of reports this week about a mail arriving that looks like it’s from LinkedIn. It’s quite a good fake; unless you mouse-over the links inside it and look at where they go before clicking, you might very well fall victim.
If you do click, you’ll be redirected to a malicious webpage attempting to run Java and (presumably) take over your computer. It’s possible that it also attempts to use Flash and/or other exploits for the same purpose.

If you’ve clicked on this link your computer may be compromised, so please have your computer thoroughly scanned for malware by multiple scanners.

More information: http://blog.webroot.com/2013/01/24/fake-linkedin-invitation-notifications-themed-emails-lead-to-client-side-exploits-and-malware/

Sweden’s best sites from a hosting perspective

Tonight, the winners in the Swedish web competition Topp100, arranged by the magazine Internetworld, will be designated and here is the list of all nominated sites in all categories. Eight of our customers have been nominated in the competition and we at Basefarm are the engine behind everything and make sure that our customers services work. In this kind of contexts, usually the traditional web perspective use to be in focus, and with this blog post we want to tell you what makes the sites (regardless of platform) good from a hosting perspective.

Close cooperation and understanding is key

What is common for our customers who are nominated, is that they have had a high expansion. They have begun to see hosting in a new way and starting to demand how it should work, not just that it should work. The customers are good at creating, testing new things and set up requirements, while we take care of the demands, make them real and implement them. The customers rely on correct information is conveyed about how things should work. With our expertise, knowledge and experience, we understand our customers’ needs and can provide the best possible conditions for our customers. Today you have to concentrate on doing one thing well and trust that others will do the other things well. It’s this confidence that together allows us to agree about where our customers want to go and how to get there.

Checklist – 6 factors for a good site:

Below we have listed the things we think should be included on the checklist for a good site from a hosting perspective:

    • The 3 basic principles – a fast, always available and secure site
    • Flexibility and adaptability – it should be possible to add new features and update quickly so that it has a vibrant and functional site
    • A hosting provider with unique competence in hosting mission critical business applications – extensive experience and competence within design and architecture creates understanding for the provider and customer confidence
    • Operational processes and structures – creates security and should be in place to follow-up, catching things and solve problems.
    • Dense dialogue – the hosting provider should work as an advisor and must dare to speak up and don’t be afraid to say what you think. Important to also announce when you think that things will not work
    • Close cooperation – proximity to customers is everything to work toward the same goal: our goal is to ensure that customers succeed!

We wish all our customers who have been nominated good luck tonight at the Top 100 Awards! Thanks for your cooperation!

baselogo_2_graa_slogan

 

High Risk Drupal Vulnerability

New vulnerabilities have been disclosed for Drupal versions lower than 6.28 and 7.19. It is strongly advised to update your installations if you have any, as there is (amongst other things) the possibility of being the victim of XSS-attacks if you do not update.

More information:
http://drupal.org/SA-CORE-2013-001

Ruby on Rails Vulnerability

On January 8th, Aaron Patterson announced CVE-2013-0156, multiple vulnerabilities in parameter parsing in Action Pack allowing attackers to:
Bypass Authentication systems
Inject Arbitrary SQL
Perform a Denial of Service (DoS)
Execute arbitrary code

That means that anyone running Ruby on Rails is advised to update to the latest version, as not doing so could lead to a compromise.

More information:
http://weblog.rubyonrails.org/
http://ronin-ruby.github.com/blog/2013/01/09/rails-pocs.html

High Risk Java Vulnerability

A new year has arrived, as has a new Java 0-day vulnerability. The vulnerability is present in all Java version up to version 7 update 10. There is currently no patch available for this, and it has already been integrated into the BlackHole exploit kit. As many of you know, Java runs on all platforms, so it doesn’t matter if you run Windows, Mac or Linux, you’re all at risk. Last time this happened, we advised you to uninstall or disable Java in your browser if you don’t have a specific need. I want to reiterate this once more. You can click on this link to see if you have Java installed: http://www.java.com/sv/download/installed.jsp

We suggest that you either uninstall Java if you have no need whatsoever for it, disable it in your Main browser (so you use a secondary browser only for your Java activity), or disable it fully in all your browsers. Information on how to do this can be found below:
Uninstalling Java on Windows 7: http://www.java.com/en/download/uninstall.jsp
Uninstalling Java on Mac: http://osxdaily.com/2012/04/07/tips-secure-mac-from-virus-trojan/

Disabling Java in browsers:
In Firefox, select “Tools” from the main menu, then “Add-ons,” then click the “Disable” button next to any Java plug-ins.
In Safari, click “Safari” in the main menu bar, then “Preferences,” then select the “Security” tab and uncheck the button next to “Enable Java.”
In Chrome, type or copy “Chrome://Plugins” into your browser’s address bar, then click the “Disable” button below any Java plug-ins.
In Internet Explorer, follow these instructions for disabling Java in all browsers via the Control Panel. There is no way to completely disable Java specifically in IE.

More information can be found here: http://www.kb.cert.org/vuls/id/625617

Update: Oracle have now released a patch for Java (version 7 update 11), so anyone using Java should immediately update to this version. You can do this by either updating through the Java Update or by going to http://www.java.com/en/download/index.jsp
You should however only install this update if you have need for Java, and those who has should still follow the guidance in our last mail regarding only allowing it for stand-alone-applications and/or multiple browsers.