April 25, 2019

Intel Firmware Vulnerability (May 7)


Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review Intel Security Advisory INTEL-SA-00075 and updated mitigations and tools:

US-CERT recommends users and administrators review Vulnerability Note VU#491375 for additional information and refer to their original equipment manufacturer (OEM) for updated firmware.

WordPress.com Security Breach

Automattic has reported that there was a recent security incident which could have potentially made account passwords visible.  If you have a WordPress.com account it is highly recommend that you update your password.

NOTE: This does not affect self hosted WordPress sites, but it is still a good idea to update passwords from time-to-time.

WordPress 3.0.5

WordPress 3.0.5, was released on February 9, 2011 and is a maintenance release that addresses two moderate security issues.

While upgrading is not required, it is recommended.

Schedule your WordPress upgrade today via our WordSprung WordPress Upgrade Service.

500 Errors with suPHP

Found in WHM via Main >> Service Configuration >> Apache Configuration >> PHP and SuExec Configuration

We were recently migrating websites from one dedicated server to another dedicated server, both of which had basically the same software setup with an upgrade in the hardware.

For the ease of use in a web based GUI, we recommend cPanel/WHM to facilitate the majority of setup, and this was no different.  You place the order with the dedicated hosting company stating everything that you want, including the control panel, and you’re on your way and able to run through your standard setup procedures.

When you’re done setting up the server you can begin migrating from the old server to the new server (WHM has an excellent tool for migrating between WHM/cPanel based servers).  And most of the time everything is looking good and after a local run-through you can update the DNS and be on your way.

All of that to say, during this recent migration we spotted 500 (generic “internal server”) errors that we had not seen before.  After troubleshooting, it was determined to be due to some .htaccess rules being added and/or certain files and/or folders having write permissions (ex: 777).  Now we knew what was causing it and could fix it to some extent, but we still wanted to know why. What had changed from the last server to the new one?

After looking around for similar situations, we pieced together where we should be looking, the PHP Handler.  The old server was running dso.  The new server was running suPHP which wasn’t even installed on the old server. So we switched the new server to dso (see image above) and things were back to working the way they were before.  (Note: from what we were seeing, suPHP is harder on your hardware resources as well.)

As a word of caution, web hosts do setup suPHP as an additional layer of security and it is advisable to not set directories and/or files to writable unless they need to be.

Related Blogs

WordPress 2.8.3

WordPress 2.8.3 was released on August 3rd, 2009 as is a security release.

Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.

Schedule your WordPress upgrade today via our WordSprung WordPress Upgrade Service.