RSS Feed
Latest Updates
Dec
14
Log4j Exploit
Posted by Jeff H. on 14 December 2021 12:53 PM

A vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the systems and services that use the Java logging library, including many services and applications written in Java. Depending on the privileges associated with these systems and services, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If these systems and services have been configured to have fewer user rights, exploitation of this vulnerability could have less impact than if they were configured with administrative rights.

Ref: https://www.cisecurity.org/advisory/a-vulnerability-in-apache-log4j-could-allow-for-arbitrary-code-execution_2021-158/

rackAID does not use any Log4j containing services as part of out management package installed on your server.

How does this impact me?

If you are not using Java-based applications, then you are not impacted.    No further action is required on you part.

If you are using Java-based applications, check your application to see if it includes the Log4j library.  If yes, follow your software vendors guidance on remediation.

cPanel Solr Plugin

The WHM/Cpanel includes an optional Solr search plugin for IMAP email.    This plugin contains the impacted Log4j library.   cPanel has already released a patch for this plugin, but to be safe rackAID has deleted this plugin from all of our cPanel servers.  If you were using this plugin, please let us know and we will re-install it.

ElasticSearch/Solr

These two search tools may be used with some discussion forums.   We have contacted server owners where he have found this software installed.   Sphinx search does not use the Log4j library, so it is not impacted.

Java/JVM

rackAID has scanned servers for any java/jvm processes.   We have contacted server operators if we suspect their applications may be vulnerable. 


Read more »



Mar
17
COVID-19 Business Continuity
Posted by Jeff H. on 17 March 2020 10:52 AM

rackAID continues to monitor the COVID-19 pandemic. We will act according to national and local guidelines regarding quarantines and best practices.   

As with all IT businesses, we rely on many vendors, service providers, and support teams. We have received business continuity statements from our major infrastructure providers (IBM, AWS, and PhoenixNAP). They have implemented safeguards for their employees as well as assured that services should continue as normal.

rackAID support staff will be working remotely and from home. We have assured that all staff also have redundant internet connectivity from home. They can use our VPN or secured SSH gateways to reach impacted servers securely. At this time, we do not anticipate any service interruptions due to COVID-19.

Firewalls, IDS/IPS

If you are now working from home and cannot reach your services, we may need to make a firewall adjustment. Please open a ticket with the subject of "Firewall Changes." Our team will work with you to add your IP to the firewall. 

We protect our networks with various Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Thes systems may automatically block your IP address if you trigger detection rules. If you can no longer access your services, please open a support ticket and include:

  • Your IP address
  • Your user account
  • The service you were trying to access (SSH, FTP, Email, HTTP).

Our team can then remove the block and whitelist your IP. 

We will also be requiring additional identity verification for any service requests that impact security, user credentials, or substantially alter operations. 

All of at rackAID, wish you and your families a safe and healthy journey through this challenging period. 

Jeff Huckaby

CEO, rackAID LLC


Read more »



Dec
20
Cloudflare Security Blocking Tickets
Posted by Jeff H. on 20 December 2019 10:58 AM

We protect our operations with Cloudflare's Web Application Firewall service.   Recently, we have added new rules that block some code, SQL and error messages.   

If you try to post a ticket and Cloudflare blocks your submission, please move any code or other data into a text file and attach it.  

Alternatively, you can use a service like https://www.pastebin.com/.    We use this service to share logs and error messages.  Set it to be private and expire in a reasonable period.  I use 1-7 days for non-sensitive information and hours for sensitive details. 


Read more »



Jul
2
Cloudflare Outage
Posted by Juli Z. on 02 July 2019 10:11 AM

Cloudflare is investigating an issue impacting network performance. You may see 502 Gateway errors when trying to access sites on Cloudflare.

We are monitoring Cloudflare for updates. If you have any questions, please let us know.


Read more »



Jul
2
Cloudflare Outage
Posted by Jeff H. on 02 July 2019 10:10 AM

Cloudflare is experiencing network issues and may result in a 502 error for some customers in some locations. They usually resolve these issues pretty quickly. Their status page is here. 

https://www.cloudflarestatus.com/


Read more »