Top Navigation

RackSpace DFW Switching Loop

Many cloud and dedicated servers in the RackSpace DFW datacenter have been offline for the last hour due to a switching loop. Official statement from RackSpace is:

Switching Loop in DFW1

On 26 May 2016, at 21:26 CDT, engineers were alerted to a switching loop occurring in the DFW1 data center. Engineers are engaged and working to resolve the issue. During this time, Customers may be unable to access their Cloud instances hosted within the DFW1 data center. If you have any further questions, please reach out to a member of your support team.

Posted on May 26, 2016 at 9:05 PM

We are closely monitoring this situation and will update as more information becomes available.

11:53PM EST UPDATE

New statement from RackSpace:

Switching Loop in DFW1

Engineers continue to work with DCOPS in isolating the switching loop occurring in RackConnect within the DFW region. Engineers have begun to remove interfaces to help alleviate impact to customers and help in isolating the switching loop. During this time, customers may be unable to access their Cloud instances hosted within the DFW1 region, Cloud DNS records pointed to DFW may give errors, and may be unable to reach parts of the dedicated environment through RackConnect, If you have any further questions, please reach out to a member of your support team.

Posted on May 26, 2016 at 9:51 PM

Some affected servers have come back online but we’re still seeing a many offline.

12:41AM EST UPDATE

New statement from RackSpace:

Switching Loop in DFW1

On 26 May 2016, from 21:26 to 23:00 CDT, engineers worked to resolve a switching loop with RackConnect within the DFW region. The interface that the loop was occurring within has been isolated, and other interfaces are being tested for confirmation of resolution. During this time, impact has been mitigated, however, services may experience latency or loss of connection intermittently during testing. If you have any further questions, please reach out to a member of your support team.

Posted on May 26, 2016 at 10:21 PM

4:20AM EST UPDATE

Switching Loop in DFW1

From 27 May 2016, at 21:26 to 00:34 CDT, engineers worked to resolve a switching loop issue occurring withing the DFW1 region. Engineers identified the loop occurring within RackConnect and disconnected RackConnect interfaces to isolate the loop and restore stability to the network. Interfaces and port channels were brought back online slowly to maintain network stability. The final port channel was restored at 00:34 CDT. Many services have been restored at this point. During the time of impact, customers may have experienced 400 errors when managing PTR records for Cloud DNS. Customers configured through RackConnect connections may have experienced downtime as the interfaces were brought back online.

Cloud Block Storage customers and other bootable volume services may be currently in a read-only state, engineers continue to work towards resolving these issues.

If you have any further questions or concerns, please reach out to a member of your support team.
Posted on May 27, 2016 at 12:05 AM

 

Ninja Forms Shell Upload Vulnerability – Very High Risk

A severe vulnerability in Ninja Forms has emerged within the last 48 hours. Ninja Forms versions 2.9.36 to 2.9.42 contain multiple vulnerabilities. One of the vulnerabilities results in an attacker being able to upload and execute a shell on WordPress sites using Ninja Forms. All customer are advised to Update Ninja Forms immediately to at least version 2.9.45 if you haven’t already.

Additional information can be found here:

Ninja Forms Shell Upload Vulnerability – Very High Risk

If you would like to add WordFence to you site, Reliable Penguin can install and configure with Premium license for just $18/year.

 

Glibc Vulnerability – RHEL/CentOS 6/7, Ubuntu, Debian

On 16 February 2016, Red Hat identified the glibc getaddrinfo stack-based buffer overflow vulnerability as described here:

Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547)

This vulnerability is rated Critical and has been confirmed to impact RHEL 6, RHEL 7, CentOS 6, CentOS 7, Debian and Ubuntu.

Linux vendors have released updates to address this vulnerability. It is critically important that all vulnerable servers be updated as soon as possible.

If you need help to determine if you are vulnerable or if you need assistance with upgrading the please contact Reliable Penguin at 866-649-7984 or support@reliablepenguin.com.

 

 

 

 

WordPress 4.4.2 Security Release

There was an important WordPress security release today. Here’s the release notes:

— start —

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

Thank you to both reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.

Download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.

— end —

As stated in the release, all WordPress users are advised to upgrade immediately to one of the following versions:

3.7.13

3.8.13

3.9.11

4.0.10

4.1.10

4.2.7

4.3.3

4.4.2

If you need assistance with upgrading, please contact Reliable Penguin at support@reliablepenguin.com or 866-649-7984.

Vulnerabilities in WP Core and Four Plugins

Here’s a round up of security issues in WordPress this month.  January 6th saw a WordPress core security update. Upgrade immediately to version 4.4.1 of WordPress core if you haven’t already.

The vulnerability that WordPress 4.4.1 fixes is a cross site scripting or XSS vulnerability. The Automattic team did not release details of the vulnerability in the announcement, but the patch was reverse engineered by several security teams and they used the code change to come up with a proof of concept exploit. The exploit has also been posted on twitter. The result is that the exploit for this security issue is now in the wild so it’s very important that you update asap.

The following plugins also had vulnerabilities reported and in most cases, fixed, this month:

If you need assistance with upgrading WordPress or any of these plugins then contact Reliable Penguin by email to support@reliablepenguin.com or on the web at https://help.reliablepenguin.com.

Magento – New JavaScript Malware Issue

Magento Commerce has received reports of a JavaScript malware exploit that forwards credit card information from checkout pages to an external site.

Attacks are likely using Admin or database access to implement the exploit. It appears most impacted sites have not implemented the February 2015 Shoplift patch , or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities. More information about this malicious code is available on the Magento Security Center .

All merchants should take this opportunity to make sure that their sites are secure. We recommend that you:

  • Scan your site with a tool like magereport.com
  • Apply all patches available on the Community Edition Download Page and in MyAccount
  • Check for any unknown files in the system
  • Review and remove all unknown Admin accounts
  • Change all remaining Admin passwords to strong ones (e.g., they should be long, and include symbols, upper and lower case letters, and numbers)
  • Follow security best practices outlined in the Magento user guides

If you need assistance with your store then please contact Reliable Penguin at support@reliablepenguin.com or 866-649-7984.

Magento Security Alert

Magento has released the following critical security announcement:

https://magento.com/security/news/important-security-update

In light of the concerns raised in this alert, we advise all store owners to:

  1. Confirm that your Magento install is running the latest version and that all security patches have been installed.
  2. Test the site on https://www.magereport.com to identify any potential vulnerabilities.
  3. Run a diff comparison of core Magento files against a freshly downloaded copy to see if there are any modified or extra files.

Please contact Reliable Penguin if you need assistance with any of these tasks.