Important: GHOST vulnerability

January 28, 2015

Last night a security vulnerability was discovered that affects Linux distributions, allowing hackers to potentially execute code to gain control of hardware. It has been named GHOST (CVE-2015-0235) and is a critical glibc vulnerability.

Immediately following the discovery, our security engineers began actioning the official patch for all our Linux shared web hosting servers, and this has now been completed.

Shared Web Hosting

If you have Web Hosting with us, you don’t need to take any action. All these web servers have been patched and secured accordingly by our system administration team, and we are closely monitoring industry updates so that if any further fixes are needed we can implement them as quickly as possible.

VPS & Dedicated Servers

If you have an unmanaged server (this includes all Virtual Private Servers and Dedicated Servers running any flavour of Linux), you will need to check to see if it is vulnerable to GHOST, and then implement the official patch if needed. We strongly recommend you do this as soon as possible.

To do this:

1. Test to see if your server is vulnerable by running the following command.

http://mirrors.uk.heg.com/ghost/ghost-checker
chmod +x ghost-checker
./ghost-checker

2. If this returns “segmentation fault”, your server is vulnerable and will need to be patched as follows:

If you’re running Ubuntu:
sudo apt-get update; apt-get install –only-upgrade glibc*

If you’re running CentOS:
sudo yum clean all; sudo yum update glibc

3. Reboot your server to complete the install. This is essential in order to ensure you are no longer running vulnerable processes and files.

Please note that this is a general Linux security issue, not one unique to The Hosting Folks. Therefore, if you have Linux hosting with any other providers anywhere in the world, we strongly recommend you find out if they have taken action to secure their servers or if you need to take action in order to be protected against GHOST.

If you’re interested in finding out more about GHOST, check out Linux hit by critical security hole at http://www.itworld.com/article/2876098/linux-hit-by-critical-security-hole.html