Amazon EC2 instance not starting
While working on a failed EC2 (ebs backed) instance recently, we were presented with an instance that would not start after reboot or stop/start.
tl;dr: Create a snapshot of the existing EBS vol; remount and edit etc/fstab; re-attach and start the instance.
Infrastructure Management: Part #2, mCollective
In the second part of our series on great tools to help with infrastructure management, we are going to talk about mCollective (Marionette-Collective). This project was recently acquired by Puppet Labs and helps to sensibly manage day-to-day system administrator tasks with an RPC framework. With so many people trying to write complex SSH for-loops to handle tasks that should be treated more elegantly, mCollective can offer what a system administrator has been missing: consistency!
Read more
Infrastructure Management: Part #1, Puppet
This blog series will showcase some of the better technologies that we implement for our customers to create a truly scalable, fault-tolerant, easily managed, and well configured infrastructure.
A challenge of any system administration team is to not only ensure that applications are working as expected, but deploying them in a way that consistency is kept and nothing is ever in an ‘unexpected state’. Our first post will be about Puppet, a configuration management application that will help once again give sanity and continuity to your vital infrastructure.
Critical exim security update
A privilege escalation vulnerability exists in Exim, the mail transfer agent used by cPanel & WHM.
All MNX Solutions customers have been patched, and are no longer vulnerable to this privilege escalation vulnerability.
If you are not an MNX Solutions customer, you should read the following page for details on how to correct the problem: Read more
Hiring a PHP Programmer: Part #3, Frameworks & Licensing
This is the third and concluding part of our short series on what to look for when hiring a PHP programmer for your company. In part #1 we took a look at ensuring the programmer was vigilant against SQL injection vulnerabilities. In part #2 we reviewed code formatting & commenting practices. For this final portion we will tackle a set of topics more directly related to your business’ intellectual property interests.
Read more
Hiring a PHP Programmer: Part #2, Code Organization & Commenting
In part #1 of our short series on hiring a quality PHP programmer, we spoke about SQL injection security. In today’s post we are going to look at an outwardly less important but crucial aspect to any programmer: what their code looks like.
Read more
Hiring a PHP Programmer: Part #1, SQL Security
PHP is a fantastic web development language if for no other reason than its low learning-curve to create dynamic, database-driven web sites quickly. For this reason and others, there has been an obvious influx of web developers ready to hire-on to create your company’s next web application or site. Just like any other employee, contractor or otherwise, you want to be sure that the work being done isn’t just quickly thrown together by a novice, but that there is consideration with regard to appropriate programming practices and security being thought of during development. Read more
ProFTPD Remote Code Execution Vulnerability and exploit
A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521
All MNX Solutions Linux Server Management customers have been patched.
Read more
Server Management and Terminating Access
What if you had to let someone go tomorrow for some unforeseen reason. Would you know all of the points that this person or company has access to? How can you be certain unless you keep track of these locations?
Even if you know all the locations, do you understand the impact of modifying the users access? Was this users access tied to a critical cron job? Was this user account tied to MySQL access for performing monthly billing? What if this employee happened to own one of your domain names? Surprisingly, we see scenarios like this too often.
Ksplice Provides Patch for Linux Kernel Exploit CVE-2010-3081
It has been mentioned in many places on the web, that a vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges.
The folks over at Ksplice have put together a patch that fixes this vulnerability, and a tool to check if your system has been compromised. More detail is available on the Ksplice Blog.
Read more
