No Image

New Joomla Exploit CVE-2015-8562

2015-12-16 KENNETH 0

There is a new zero day exploit in Joomla. Details are described in CVE-2015-8562. It is recommended that you update Joomla immediately, but if you cannot do that or cannot change the files on your backend servers, you can apply a fix in NGINX or NGINX Plus on the frontend. Note: We strongly advise to update your Joomla installations as soon as possible, even if you patch your site today with this NGINX config. You can read about the exploit and the patch at the Joomla site, the Sucuri blog, or Ars Technica, among others. Identifying the Attack The original attacks came from these IP addresses: On 12 December 2015 – 74.3.170.33 On 13 December 2015 – 146.0.72.83 and 194.28.174.106 The attack is usually performed by modifying the User-Agent header and can be identified by these values inside the header: JDatabaseDriverMysqli and O: (capital [ more… ]

Installing NGINX and NGINX Plus with Chef

2015-12-16 KENNETH 0

In an earlier blog post, we talked about using Ansible to install NGINX or NGINX Plus. As for many other types of software out there, there lots of alternatives when it comes to configuration management software. Along with Ansible, one of the most popular is Chef. Both tools have their fans, and there are plenty of articles that compare them. Here we’ll focus on showing how to use Chef to install and configure NGINX and NGINX Plus. Opscode, the company behind Chef, provides an extensive collection of cookbooks that are easy to install onto your Chef server with a single command. Out of the box, the base cookbook for NGINX is a very powerful tool for installing and configuring NGINX. It can be rather overwhelming for newer Chef users, however, so in this post we’ll go over how to use it to [ more… ]