Order VPS Hosting
Order a VPS, Semi- dedicated or Dedicated server in Dallas, London or Australia.

Get Assistance
Ask our support team about your hosting requirements.


Host where the staff takes pride in making customers happy

Just a quick note to congratulate you and your team on your 5 years of continued success! You've provided tremendous value and an outstanding level of support over the years. Keep up the good work!

- Joachim (#63/323)
Home > Support > Notices

Related Links

Notice Links:

Notices

host429.rimuhosting.com upgrade

PostedThu, 30 Oct 2014 01:18 AM UTC
Last UpdateThu, 30 Oct 2014 01:19 AM UTC (33 hours ago)
StatusOpen
Affected Serverhost429.rimuhosting.com

We have had issues with some VMs on this host not restarting properly.  This appears related to the host server software stack.

We will be moving VMs from this host to a newer server (with a more recent virtualization stack).  We will commence the moves at 0200 UTC Fri 31 Oct (in about 24 hours).  To do that we will stop the VM, move its disk image to the new host, then restart the VM.  We expect about 2 minutes downtime per GB of data.  Your IP address will not change.  After the move is complete you will receive a confirmation email from us.

If you prefer to move your VM to a different host at a different time, you can use http://rimuhosting.com/cp/vps/move.jsp before that time.

#

Drupal vulnerable

PostedWed, 29 Oct 2014 21:01 PM UTC
Last UpdateWed, 29 Oct 2014 21:01 PM UTC (37 hours ago)
StatusOpen

There is a serious vulnerability in Drupal.  See https://www.drupal.org/PSA-2014-003

It affects Drupal 7.  It is a SQL injection issue.

If you or your users have not installed and are not running Drupal you are not affected.

#

CVE-2014-6271: serious bash vulnerability (shellshock)

PostedWed, 24 Sep 2014 21:59 PM UTC
Last UpdateThu, 2 Oct 2014 22:10 PM UTC (29 days ago)
StatusClosed

Shellshock update at 3 October

What a busy few days!  Security researchers have found a few related bugs.  And there are now (as of a day or two ago) patches for all of them.

We been working night and day to create a deshellshock script (if you are a syadamin, please feel free to review and provide improvements at https://github.com/pbkwee/deshellshock ).

We have created a page where customers can review the status of our running that script on their servers.  So you can see if you were vulnerable (tip: you were) and whether we can detect any current vulnerabilities after applying any changes.

To review the status of your servers go to http://rimuhosting.com/cp/shellshock.jsp

We have emailed customers where we have access to all their servers and cannot detect the vulnerability on any of their servers.

We are continuing to work on the deshellshock script for other customers to see if we can get it working for even more servers.

If the shellshock page reports we cannot log in, please enable our login (per https://rimuhosting.com/knowledgebase/rimuhosting/rimuhosting-ssh-access)

Shellshock: the bash vulnerability

There is a vulnerability (actually a set of vulnerabilities) in most versions of bash.

http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html

Bash is used in a variety of ways.  Via web scripts.  OpenSSH environment variables.  And probably a number of other ways no one has thought of yet.  This means there are potentially many ways (vectors) this vulnerability could be exploited.

So it is very important to fix this issue.

Patching the vulnerability

To check if you are vulnerable, first check http://rimuhosting.com/cp/shellshock.jsp

This will report the results of https://github.com/pbkwee/deshellshock running on your server.

If we do not have access to your server you can run download and run https://github.com/pbkwee/deshellshock or submit a ticket via http://rimuhosting.com/cp/shellshock.jsp for us to manually do that for you.

For modern, supported distros you can simply run apt-get install bash.  Or yum install bash.  To install the fixes.  This should work fine on Centos 7, Centos 6, Debian 7.  And Debian 6 if you are using the lts repositories.

#