Increased Application Security with PatchmanEnsuring the security of our customers' web sites is a top priority for us at Kualo. In recent years we have been a dramatic increase in malicious attempts to compromise an innocent web site. Generally these "attacks" are by hackers or spammers, who aim to control a web site in order to send out spam, distribute malware or host phishing content, or to use the compromised site to launch attacks on other web sites or servers. Whilst we maintain excellent server-side security, often these attacks continue due to insecurities in customer code which leave a web site vulnerable to attack.
Today we are introducing a new solution, Patchman, to help protect you in the fight against malware, and this email aims to introduce you to the problem and how we are working to help protect the web sites we host.
Why are web sites vulnerable to attack?A large proportion of our customers use CMS applications such as WordPress or Joomla, or shopping cart systems such as Magento or Prestashop (amongst others). Whilst it may not be apparent to end users, there is a constant arms race under way. Hackers and spammers are continually looking for new ways to exploit these applications in order to gain access to the underlying hosting service. Developers of these software solutions are equally constantly implementing new security fixes to counter these attacks and close any security holes that are found.
You may be wondering: "How can I protect my web site from such attacks?". The answer is actually very simple: "Update, update, update!". The moment you let the software that powers your web site fall behind the latest version, you deny yourself the security patches and enhancements that the developer is implementing, and leave your web site vulnerable to attacks. So the number one priority is to always use the latest version of the software that powers your web site. This applies equally to any plugins, themes, extensions or addon software that you may have also installed in your web site. Even a fully updated WordPress installation can be vulnerable to attack if it is using an out-dated theme or plugin.
In a recent audit of our servers, we found that over 65% of web sites are running on out-dated applications. These means that a staggering number of web sites we host are vulnerable to attack, many of which go on to then be compromised. Generally the reason behind these sites being out of date is simply due to the fact that site owners are unaware of the importance of keeping their software updated. Unfortunately, it is often only after their site is compromised that web site owners become aware of this. By that time, however, cleaning up a compromised web site can become a long and arduous endeavour, compared to the relative ease of keeping on top of updates and ensuring the site is always secure.
What are Kualo doing in the fight against Malware?From today, we are rolling out a new security solution - Patchman. If your web site runs on an application that Patchman supports, it will help protect your web site.
1. Notifications about Outdated Software
Every day, Patchman scans all the web sites that we host and sends you an email notification once it finds that software on your account is out of date. You then have the possibility of updating your software, either manually by logging into the application, or automatically, by turning on Softaculous' automatic update system. This will resolve the vulnerability and ensure your site is fully protected.
2. Automated Application Patching
If an application installed in your account remains vulnerable for 24 hours, providing it is anapplication that it is able to patch, Patchman will detect all of the individual vulnerabilities and patch them. This is achieved by extracting the security fixes in newer versions of the application, and back-porting them to earlier versions. Because of this unique approach, you can rest assured that the web site will continue to function as it did before. Whenever Patchman patches a web site, you will receive a notification of the actions that it has taken. Furthermore, any changes that Patchman applies to a web site are fully-reversible via cPanel if ever the need did arise.
We would continue to recommend that you equally ensure that the application and any installed components such as themes and plugins are also updated to the latest version at your earliest opportunity.
3. Automated Malware Removal
Finally, Patchman also scans your site for any Malware, and automatically quarantines this malware so that the malcious scripts are fully disabled. You are again notified of this action.
With the introduction of Patchman, websites hosted with Kualo are made infinitely more secure, which means that we can help maintain the integrity of your web site data and the stability of our hosting service.
Patchman is being rolled out to all of our shared and reseller customers from today. If any web site software that it supports is out of date, vulnerable or if any malware is found, you will start to reveive notifications by email. These notifications are sent out by Patchman to the email address listed in cPanel. In the case of resellers, notifications are sent out to the email address listed in the reseller's cPanel account.
If you run a virtual or dedicated server with us and would like to add Patchman to your server, please contact us for further information.
If you have any questions on Patchman, the notifications you will soon receive and the cPanel integration, please do review our knowledgebase articles for further guidance, or contact us by reply should you have any further questions that are not answered in our articles.