The PEAR server is in a stopped state until safety is confirmed. Its maintainers found that there was a security breach such as an attack on the server “PEAR” which provides a library available in PHP.

Users who downloaded and installed PEAR PHP in the last 6 months from the official website of the PEAR pear-php.net, were may be infected so you should quickly download the Github version and install it. If they downloadeded “go-pear.phar” file after December 20, 2018 are asking for confirmation that the file has not been altered, and if the corresponding file was downloaded before December 20, 2018 Even if PEAR installation is executed, PEAR warns the user “It is prudent to check the system”.

Below is official website of PEAR. As of January 24, 2019, the server is still down. Also, the official blog that details are written is also downed and can not be accessed.

You can use the below steps to check the go-pear.phar file’s vulnerability.

• Login via SSH to your server where you are currently using PEAR.
• Go to the directory where you currently downloaded the go-pear.phar file, most likely your user’s home directory.

# cd ~user

• Check the md5sum value.

# md5sum go-pear.phar

• The above command will return value like this. 1e26d9dd3110af79a9595f1a77a82de7

• The infected file has the above hash value. If you see this value returned, you should proceed to disable the previous PEAR installation files and folders.

# mv go-pear.phar go-pear.phar_infected
# mv .pearrc .pearrc_infected
# mv pear pear_infected

• Next, download a fresh copy of the go-pear.phar file from github

# wget https://github.com/pear/pearweb_phars/blob/master/go-pear.phar

• You can then re-install PEAR using file downloaded from github

Critical Intel CPU Bug – Meltdown and Spectre Vulnerabilities

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre.Earlier this week, serious security problem – CPU Bug has been found in the Intel/AMD/ARM CPUs. According to various teams including Google Project Zero, CPU data cache timing can be abused efficiently to leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. These vulnerabilities are known by name ‘Meltdown’ and ‘Spectre’.

You can read more about attack from this link

There are 3 known variants for this CPU Bug: Continue reading →

Mod-Pagespeed is an Apache/Nginx (web-server) module to speed up your website by applying certain filters that automatically optimize files to reducing number of times the browser has to make to grab web files, to reduce the size of those files and to optimize the length those files are cached. This article we will show you how to install and configure Google‘s mod-pagespeed module for Apache and Nginx web servers in RHEL/CentOS/Fedora and Debian/Ubuntu systems. Continue reading →

Ntop is a network traffic tools that shows real time network usage on your server. You can use a web browser to manage and navigate through ntop traffic information to better understand network status. Continue reading →

Configuring postfix to block all emails except the specified email accounts.

If you need allow a emailing only from a particular from the postfix email server you can follow the below steps.

Use Transport Mapping

Here we can tell the postfix mail server to sent or disregard the emails. For this we need to edit the postfix configuration file.

Please make sure to take the backup of config files before editing. So that we can restore the original files if any errors occured while editing. You can take the backup like this

#cp -p /etc/postfix/main.cf /etc/postfix/main.cf.original

#vi /etc/postfix/main.cf

add the below line on the configuration

transport_maps = hash:/etc/postfix/transport

Now we need to edit the file /etc/postfix/transport

#vi /etc/postfix/transport

Here add the domain which we need to allow sending mail

example.com :
* discard;

This will simply discard messages to any email address not of the domain example.com. If you wanted to reject with an error you’d use (set the error text to suit your needs)

You can add like this

 
example.com:


* error: Not allowed for all domains

We can add additional domains after example.com (one line per domain).

Save the file.

Now we need to create a hash of the file (unless you used texthash in main.cf)

postmap /etc/postfix/transport

We need to reload postfix to get effect the changes.

/etc/init.d/postfix reload

Introduction

Let’s Encrypt is a new free certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation.

Advantages:  

• Before Let’s Encrypt was made available to webmasters, obtaining a certificate for https meant spending a fair sum of money through trusted CA (certificate authorities) to gain the ability to encrypt traffic for your website.
• Let’s Encrypt has completely changed the process of adding a SSL certificate to your website. Not only have they made access to a certificate completely free, they have also made sure both the installation process and the ability to update your certificate is as simple as possible. This means website owners can offer the benefits of https to their site visitors, without the need to spend extra cash in doing so. Meaning that the traffic going to any website using Let’s Encrypt is, in essence, protected.
• To install and setting up a certificate as simple as possible. On a Linux server, for example, one can rely on the EFF’s Certbot to install a Let’s Encrypt certificate by simply copying and pasting a few lines of code. For installation, simply wget the download and chmod the permissions as prescribed by the Certbot site.
• Then run Certbot using the appropriate option (apache, for example). For those who are concerned about Certbot making sweeping changes to their server configuration, you can also run the tool to manage certificate only mode to make the server changes manually after the installation.
• What really makes using Certbot awesome, is that it provides you with the ability to test out automatic certificate renewal in a testing environment instead of doing so “live!” As an added bonus, Cerbot supports both Apache and Nginx on various Linux distributions.

Disadvantages:

• The biggest problem with Let’s Encrypt is that it democratizes access to https for any website. Yes, on the surface, this should in fact be a positive thing that we’re celebrating. Unfortunately human nature comes into play here. When most people (non-geeks/non-IT) see https, immediate and unwavering trust is implied.
• Even though Let’s Encrypt is merely providing encryption for your website, most people visiting it will give it the same level of trust as websites with the “green bar” https (Extended Domain Validation), which includes the company name next to the padlock in the address bar.
• This means that even though identity isn’t actually verified at the same level as a green bar https website, most site visitors won’t really know the difference. This is terrifying and we should be concerned about this. What most people don’t realize is that a secure connection to an untrustworthy website doesn’t mean it’s safe to use.
• To add further concern, there’s very little preventing malware distributors from using Let’s Encrypt certificates to make malware distribution websites look more official. Not only has it happened already, worse, is the fact that Let’s Encrypt’s stance on this issues quite weak.
• The initiative is putting far too much trust into the general public’s understanding as to how https actually works. Fun fact folks – most people are clueless about tech. And the reality is merely comparing new registrations with Google’s records won’t be enough.

Let’s Encrypt on cPanel server

Let’s Encrypt for cPanel is a cPanel/WHM plugin for the Let’s Encrypt service, which provides our clients with the ability to instantly issue free trusted SSL certificates for all of their hosted domains. The plugin is distributed in RPM form as part of a yum repository for CentOS 6 and 7.

Login as Root SSH access to server

Save our issued licence file as /etc/letsencrypt-cpanel.licence and chmod to 0400.

Add the letsencrypt package repository:

# cd /etc/yum.repos.d/
# wget https://letsencrypt-for-cpanel.com/static/letsencrypt.repo

Install the plugin using yum

# yum install letsencrypt-cpanel

Once the installation completed we will see the “Let’s Encrypt SSL” icon on the home screen of cPanel.

Certificate Installation process is extremely easy in 3 steps

Step 1:Click on Let’s Encrypt SSL icon

Step 2: Choose a domain name you want to install ssl for. Choose if you want to use SSL for SMPTS, POP3S, IMAP SSL and www sub domain and click on Issue

Step 3: Click on ‘issue’ button. Your certificate will auto issue and install for your domain…

Let’s Encrypt on Plesk server

Let’s Encrypt extension is available for Plesk servers.
Log in to Plesk and install the Let’s Encrypt extension via the Extension Catalog:

After the installation, run a shell script . It fetches dependencies (sets up repositories and installs missing packages), creates a virtualenv virtual environment, and installs the Let’s Encrypt console client with the Plesk plugin inside.

Next, click the installed extension, select a website, and install the certificate:

If you have already used the CLI client, you will recognize the interactive mode dialog in this web form. On a “success” message, follow the link

to open the website and see the green “https” icon in the address bar.

Check that the certificate renewal task has been added to Tools & Settings > Scheduled tasks:

Issued certificates are valid for 90 days, but according to the recommendation of the Let’s Encrypt developers, they are renewed on a monthly basis.

What is Virtfs in cpanel ? How it is created ?

The /home/virtfs is a file system for the jailshell shell in cPanel servers. A jailed shell  is used for restricting the access for the user. In a normal shell most binaries and libraries are available to user. It can cause security issues on your server. The purpose of jailed shell is to provide limited and restrictive environment to the user which is more secure to the server.

When a user logs in to a jailed shell environment via SSH or SFTP for the first time, the system creates the /home/virtfs/ directory. The user can (only) access the data under these file-systems. The disk usage for the directory will be shown as high but it will not use any disk space on the server because it is a virtual mount point.If you delete any file in this directory it will delete the actual file which is linked to.

The virtfs files are actually  hard-links to the actual files under the user. That means both the files are using the same inode number.  For example

The image shows the files (with inode number) under the virtfs directory for the user.  Here the index. php have the inode number 30283170.

The below image shows the files under users public_html directory

All the files have the same inode number.  So If you are attempting to delete the files under virtfs directory directly then the actual file also will be removed from the server which may cause issues.

To disable jailed shell access in WHM

 Login to WHM

 WHM >> Account Functions >> Manage Shell Access

Here we can see the option to disable jailed shell access for specific user.

cPanel provides a script to remove the virtfs mounts

#/scripts/clear_orphaned_virtfs_mounts –clearall

You can verify it by using the command

grep -i username /proc/mounts

How to remove virtfs directory

Please do not remove the virtfs files directly since it is a hard-link to the actual file.  Deleting the files may cause issues on the server.

To resolved this issue go through the below steps :

Step 1 : You can check un-realise mount point for that user using below command.

# cat /proc/mounts | grep username

This shows mount point still remain for that user.

Step 2 : Kill the jailshell process related to that user.

# ps aufx |grep username  |grep jailshell

Please make sure that the specified user is not logged in via SSH.

Step 3 : Finally unmount all the files related to that user

# for i in `cat /proc/mounts |grep virtfs |grep username |awk '{print$2}'`; do umount $i; done

Verify once that all mount point for that user are release using the command given in step 1.

Step 4 : If there isn’t any mount point you are free to delete those files.

# rm -rf /home/virtfs/username

We can disable the Jailed shell from WHM if the user doesn’t need it.