BitFolk Users December 2014

users@mailman.bitfolk.com

10 participants
4 discussions

SSL POODLE (CVE-2014-3566) vulnerabilities amongst the customer base

by Andy Smith

Hi, By now you have probably been made aware of a security deficiency in the design of SSL 3.0 which has been dubbed "POODLE". Here's some more info: http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploi… I am writing to you because, unless this script is flawed: https://gist.github.com/bitfolk/18e8f48ebe937e802967 then there are over 150 customer IPs at BitFolk that are still supporting SSLv3 on port 443. I don't intend to open tickets with individual customers and nag until this is fixed, because it's very time-consuming to do that. To check if your server needs reconfiguring: https://www.tinfoilsecurity.com/poodle To disable SSLv3 on Apache newer than 2.2: Add "-SSLv3" to the end of the "SSLProtocol" line which can normally be found in /etc/apache2/mods-available/ssl.conf on Debian and Ubuntu. On Apache 2.2 or older: You'll need to use "SSLProtocol TLSv1" Nginx: Make sure that the "ssl_protocols" line does not contain the string "SSLv3". e.g.: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; is good. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

10 years, 1 month

system time oddness at dunkel?

by Andreas Olsson

Greetings Anyone else seeing system time oddness at dunkel? By the end of October I had one of my VMs moved to dunkel. Since then there have been five occasions where my monitoring have reported that that VM's system time being way off. Actually, on all occasions the reported offset was the same: -46.87s. On all occasions the system time was afterwards restored by ntpd. Based on my monitoring, this is when the time lapses happened. Tue Nov 4 00:37:20 UTC Sun Nov 9 09:52:21 UTC Thu Nov 20 01:52:29 UTC Sun Nov 23 21:37:31 UTC Sat Dec 13 00:12:26 UTC // Andreas

10 years, 1 month

Multi-Tenancy Setup

by Nigel Rantor

I am talking to a friend of mine about heroku vs AWS vs other hosting. I am trying to find out how many tenants each host has on bitfolk but I'm coming up short. I'm sure I saw this on the wiki a while ago but simply cannot find it now. Does anyone have a quick answer to this without bothering Andy? n

10 years, 1 month

Server time

by Mike Zanker

Just installed a kernel update and noticed that the time was way out upon reboot, until ntpdate ran: Dec 5 15:41:24 osprey xinetd[1409]: Started working: 1 available service Dec 5 15:41:24 osprey snmpd[1386]: NET-SNMP version 5.3.2.2 Dec 5 11:49:22 osprey ntpdate[1421]: step time server 94.228.40.3 offset -13923.906495 sec Is this a problem with the host server (kahlua) or my VM? Thanks, Mike

10 years, 1 month

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

BitFolk Users December 2014