On Wednesday September 24th 2014 a vulnerability was revealed in the Bash shell interpreter which we run just like nearly every linux system online. Due to the news coverage this exploit ( CVE-2014-6271 ) has gotten our loyal customers have been asking if we have patched our systems as well as anything else we may have done. The short answer is we put in steps to mitigate the risk and once patches were available we patched our systems. At this time none of our systems are vulnerable to this exploit. I thought though it would be good to address some questions and give a bit of background information regarding the exploit.
Our team was notified of the exploit soon after it became public as we actively subscribe to numerous security related mailing lists. The vulnerability had several potential entry points such as cPanel’s own internal CGI scripts as well as user based CGI scripts. We immediately set in place mitigation steps to help protect our systems while not compromising the ability to continue to serve web sites.
The patch to address CVE-2014-6271 was released and within 30 minutes our systems were updating to the version of bash now available. It took approximately 30 minutes due to reliability of the local mirrors for our systems. Upon updating we reloaded all system libraries as well as updating user cages. Our use of CageFS which creates separation of users required that the system copy the new bash binary to each user’s Cage.
Upon updating our systems it was shortly revealed that it did not address all scenarios and the risk of remote code execution still existed. CVE-2014-7169 was used to track this flaw which we immediately followed closely awaiting for a patch to be available. Once this patch was available we once again had all systems updated within 30 minutes.
As of this moment we have taken additional steps by installing Litespeed 4.2.16 on all systems which actively filters the bash shell shock vulnerability. While not necessary it just adds an additional layer of protection to all our systems.
If you’re running a virtual private server with us we did not login to your VPS and patch this vulnerability. If you’re running cPanel on CentOS 5 or CentOS 6 and you have automatic updates turned on you should be updated within the next 24 hours. If you do not you will need to manually upgrade yourself. If you have any questions about this we encourage you to contact our support team and they can assist you.
I hope this addresses any questions regarding the shell shock vulnerability and how it affected Hawk Host as well as you. If you have any questions of course contact our support team.
Lately, a lot of folks have been asking questions along the lines of “What makes you different?” or “Why should I host with you?”. This made me think, maybe a quick Q&A of some basic facts about our company would help clear up just what it is we’re all about.
Awesome web hosting ;)
We’re quite happy to announce that our newest datacenter is now online and accepting orders! Right smack in the middle of downtown Los Angeles, this highly connected and extremely reliable facility will improve on our already expansive global presence. Our Los Angeles datacenter was opened with the focus of catering to users from the Asia/Pacific region and we believe our network will be top notch!
Hawk Host in LA? Yes!
It’s a week full of holidays and celebrations here at Hawk Host. Last week we celebrated our 10 year anniversary, and this week we’re celebrating two holidays! As we’re a Canadian company we spent Tuesday honoring Canada Day, and now that the 4th of July is fast approaching it’s time to acknowledge the day for our American coworkers, friends, and customers. As part of our continued celebrations we’re holding a 4th of July sale which will save you up to 60% on your new hosting order!
Go Canada! Go USA!
Hawk Host has officially hit double digits, and we’re now 10 years old. What started as a hobby way back in 2004 has now become a full time passion for our team across the world. We’ve grown from a single dedicated server hosting websites for friends to operating our own network while providing services out of 6 locations worldwide. It’s been a long, stressful, but ultimately rewarding journey. Truth be told, sometimes we feel like we’re just getting started! To celebrate our 10 year anniversary, we’re offering up to 70% off on our shared hosting plans. You can also save up to 60% on our reseller and VPS packages, grab a $7.95 domain, or a $10 SSL certificate.
We’re How Old!?
If you were to ask a random person on the street for their favorite website, odds are the overwhelming majority would say something that ends in .com. Facebook.com, google.com, twitter.com, reddit.com…you get the idea. For what feels like forever, .com has been the standard for all premier websites throughout the world. It didn’t matter if you were based in the USA, China, India, Ireland, or even the Isle of Man. If you wanted to find a website, you looked for the .com. For better or worse, we may see a major shift in how exactly people look for their favorite websites over the next few years.
We’re extremely happy to announce this is our first ever Bitcoin hosting sale! For a limited time, any customers (new or existing) who sign up and pay with Bitcoin will be eligible for a $5 domain name registration/transfer and a 30% recurring discount on their hosting plan.
About a month ago we decided to start accepting Bitcoin for our services – this blog post will be outlining our experiences thus far and our initial thoughts.
We just recently hit a total of 1 BTC ($450~) worth of transactions for our services paid with Bitcoin exclusively. So far the ride has been smooth minus a few early hiccups including some of our WAF rules being hit from when Coinbase hit our callback URL’s. Luckily we resolved that and everything has been smooth sailing since.
We’ve like everyone else been battling spam for our users utilizing tools like SpamAssassin, custom filtering rules as well as the use of real time blocking lists. This however was never the most effective solution nor did it give end users the type of control we wanted. We went to HostingCon last year as well as cPanel Conference with one of our main goals was to find a spam filtering solution that would improve the email service of all our users.
Unless you’ve been avoiding main stream news/media for the past few years, you’ve probably heard of Bitcoin at this point. Bitcoin is a digital currency based around a P2P (peer to peer) system and relies on cryptography to bring the whole network together. Despite the folks at Berkshire-Hathaway and Goldman Sachs claiming it’s not an official currency, we don’t have public investors or financial gurus to worry about. What we have to worry about is our customers, and because of that we’re more than happy to start accepting bitcoins as payment for our hosting services.