Release-4176: Enhanced brute-force detection, NeoPi and libfcgi
Today we deployed some changes to the code of our emergency rescue strategy. In case a Hypernode goes down as a result of a saturated PHP-FPM queue we try to detect malicious patterns in the pending requests running on the FPM workers. If the request pattern across the server looks like a brute-force attack or…
Read moreRelease-4164: Varnish 4.1.3 and Nginx 1.13.1
Today we will be gradually rolling out a version update of Varnish and Nginx on the Xenial Hypernodes. Nginx will be upgraded from nginx/1.10.2 to nginx/1.13.1. The changelog for the differences between these versions can be found here. Our current 1.10.2 build has IPv6 disabled, which we expected to be fine since the Hypernodes do…
Read moreRelease-4091: Varnish improvements
We’ve improved how our code manages the varnish installation for Ubuntu 16.04 Xenial and Ubuntu 12.04 Precise nodes. fixed configured vcl being lost on full update (16.04 Xenial) fixed configured vcl being lost between node migrations (16.04 Xenial) fixed varnish getting reinstalled on full update (16.04 Xenial) fixed varnish getting restarted on full update (12.04…
Read moreRelease-4046: whitelisted Ayden’s user agent
We’ve whitelisted the Ayden’s HTTP user agent, from the bot ratelimiting. It’s no longer subject to the bot ratelimiting mechanisms.
Read moreRelease-3981: Deny specific configuration files on magento1 installations
We’ve moved certain security restrictions from the magento2 configuration into the global magento1/2 security configuration file. In specific the following files are no longer reachable from external: auth.(json|lock) package.(json|lock) composer.(json|lock) Gruntfile.js cron.php Hidden files are also denied with a 403 now instead of a 404. Furthermore we’re working hard on the Xenial migration. Many changes…
Read moreRelease-3943: Xenial hypernode-vagrant
Over the past couple of weeks we’ve been very busy preparing to upgrade Hypernode to the latest LTS version Ubuntu 16.04 Xenial. While for Hypernode we highly modify the Ubuntu base, upgrading to this newer version will have many advantages like newer releases of various packages. For Hypernode we build all important parts of the…
Read moreRelease 3914: n98-magerun weak password tester
We’ve released a new version of the Hypernode plugin for n98-magerun, that you can use to test weak admin passwords. As admin accounts are increasingly brute forced, it is essential that you don’t use “guessable” passwords (such as steven123). This plugin will show you weak passwords in your store. More information, run magerun hypernode:crack:admin-passwords –help…
Read moreRelease-3864: IP authentication exceptions on development plans
In this release it becomes possible to whitelist IP addresses on development plans, so that they are exempt from the basic authentication requirements. This may be useful to test external payment providers or other kind of external services which do no support basic auth. The whitelist file is placed in /data/web/nginx/whitelist-development-exception.conf and looks like this:…
Read moreRelease-3774: Mitigate CVE-2017-6074 and firewall known bot networks
Today’s release implements two security measures on Hypernode. Yesterday a new double-free vulnerability was announced in the Linux kernel. We’ve implemented some rules to mitigate this vulnerability until all nodes are running the new patched kernel. Additionally we’ve seen an increase on brute-force attacks on the Magento /downloader. In this release we blacklist a range…
Read moreRelease-3760: Updated monitoring for development plans
We’ve updated the monitoring of development nodes. The alerting for these plans has been changed to only alert during business hours.
Read moreRelease-3732: Let’s Encrypt Nginx configs are generated without www. prefix
Today we will update the hypernode-ssl-config-generator so that it generates Nginx server definitions without a www. prefix in the server name. This additional server_name was unneeded because dehydrated only creates certificates for the domain you specified, not automatically also a www. domain. A new config will automatically be generated the next time you run dehydrated…
Read moreRelease-3728: allow let’s encrypt on dev plans. fix ibdata1 shrink automation
On development plans it’s now possible to use let’s encrypt again. The relevant requests have been made exempt from the basic auth. We fixed a regression in our shrink_ibdata1 automation. A regression had been introduced by the MySQL version update end November. We added an alias `sf2` which shows all magento2 storefronts. It executes `cd…
Read moreRelease-3657: Whitelist Sendcloud
This release contains a change to the default Nginx whitelist that makes SendCloud exempt from the standard bot ratelimit. The FPM slot limit still applies. Users can further configure their ratelimiting settings in the Nginx config in /data/web/nginx. Also in this release: more tweaks to the WAF for yesterday’s RCE mitigation The Cart2Quote development team…
Read moreRelease-3636: New WAF rules to mitigate RCE in two plugins
We’ve added new rules to our web application firewall to block hacking attempts relating to a remote code execution exploit found in the EM_Ajaxproducts and Ophirah_Qquoteadv plugins. We scanned all Hypernodes, if your shop had any of these two plugins installed you will have received an email with more specific information. Other changes in this…
Read moreRelease-3586: Updated composer
We’ve changed our composer update itself with the –stable flag. Freshly provisioned nodes however did not understand this flag yet, due to the initially deployed composer being too old. We’ve updated composer in our repository so that all new nodes will be able to update themselfs to the latest stable composer.
Read moreRelease-3540: fix CVE-2016-8655, disable the freshclam daemon and more
Because it is December we have done our best to make as little alterations to the platform as possible to provide the most stable hosting experience for our customers during these busy holiday months. However we do have some updates to share. These are some of the things we have been up to since the…
Read moreRelease-3523: block Visbot user-agent
We now block all user-agents which contain the term “Visbot” inside the user-agent string.
Read moreRelease-3513: Updating MySQL to 5.6.33
We are in the process of updating MySQL to the latest version, to get the latest improvements and security fixes. Last night we updated all Hypernodes with starting letters U-Z. Tonight we will update all Hypernodes with starting letters M-T. Tomorrow night all Hypernodes with the starting letters A-L and 0-9 will be updated. …
Read moreRelease-3512: More granular hypernode-importer error logging and more
This release implements Magento 2 detection for the hypernode-importer so that a message can be displayed that we at this time do not support Magento 2 in the hypernode-importer yet when a Magento 2 shop is attempted to be imported with this tool. The message reads “importing Magento 2 with the hypernode-importer is not supported…
Read moreRelease-3480: Additional PHP modules
Today we are installing two requested packages on all PHP 7 Hypernodes. php7.0-odbc php7.0-sybase
Read moreRelease-3470: Improved auto recovery
We’ve improved our auto recovery to automatically attempt fix filesystem inconsistencies on boot. In rare occasions a Hypernode would be forced to reboot off an uncleanly closed filesystem. On boot it would then prompt asking what to do (if it should recover). A recovery is now automatically attempted, reducing recovery time for these cases.
Read moreRelease-3347-1: update PHP7 to 7.0.13-1
Today’s release updates PHP on PHP 7 Hypernodes and other minor changes. PHP 7 updated from 7.0.12-1 to 7.0.13-1. You can look at our packaging here if you are interested in that sort of stuff. The hypernode-importer can skip Magento path autodetection If the host has many files in the directories where the hypernode-importer will…
Read more