Blog Posts

General Information

Mozilla released security updates to address a total of 20 vulnerabilities, 7 of which are critical, found in its Firefox 57 and Firefox ESR 52.5 products.

Impact

Due to existing security vulnerabilities, it is possible for target systems to be compromised by cyber attackers.

Solution

Netinternet recommends its users and customers to review the security advisory published for Firefox 57 and Firefox ESR 52.5 and apply the updates published for these products.

Sources

https://www.us-cert.gov/ncas/current-activity/2017/11/14/Mozilla-Releases-Security-Updates

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/

General Information

Cisco released a security update addressing the unauthorized access vulnerability found in the Voice Operating System software platform.

Impact

Due to the existing security vulnerability, it is possible for affected systems to be taken under control by cyber attackers.

Solution

Netinternet recommends that its users and system administrators review the Cisco Security advisories for the vulnerability stated to be of high importance and take the relevant security measures.

Sources

https://www.us-cert.gov/ncas/current-activity/2017/11/15/Cisco-Releases-Security-Update

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos

General Information

Microsoft released its November updates to address some vulnerabilities found in core systems and applications such as Windows, Internet Explorer, Edge, Office, Chakra Core, ASP.NET and .NET Core.

Impact

Due to existing security vulnerabilities, it is possible for affected systems to be taken under control by cyber attackers.

Solution

Netinternet recommends that users and system administrators review Microsoft’s security bulletins numbered 4048954, 4048953, 4048955, 4048952, 4048956, 4048958, 4048961, 4048957, 4048960 and apply the necessary updates.

Sources

https://www.us-cert.gov/ncas/current-activity/2017/11/14/Microsoft-Releases-November-2017-Security-Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
https://support.microsoft.com/en-us/help/4048954/windows-10-update-kb4048954
https://support.microsoft.com/en-us/help/4048953/windows-10-update-kb4048953
https://support.microsoft.com/en-us/help/4048955/windows-10-update-kb4048955
https://support.microsoft.com/en-us/help/4048952/windows-10-update-kb4048952
https://support.microsoft.com/en-us/help/4048956/windows-10-update-kb4048956
https://support.microsoft.com/en-us/help/4048958/windows-81-update-kb4048958
https://support.microsoft.com/en-us/help/4048961/windows-81-update-kb4048961
https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957
https://support.microsoft.com/en-us/help/4048960/windows-7-update-kb4048960

Introduction

In this article, we will make some Nginx configurations to improve your website’s response time and speed. The goal is to increase the Google PageSpeed score and achieve a score above ⁸⁰⁄₁₀₀.

Requirements

• A server with Ubuntu 16.04 installed.


• Having root privileges.


• nginx web server.

Step 1 - Getting the PageSpeed Score

You can get your website’s current PageSpeed score from this URL.

Step 2 - Enabling Compression

If your CSS, JavaScript and image files are large, the amount of data that site visitors need to download will increase. This can cause slowness. Compression reduces this data to a smaller, more compact version. Gzip compression is a method that can be used in Nginx. When Gzip compression is enabled, browsers can download content faster; therefore, it helps increase the score on PageSpeed.

To enable compression, open your site’s Nginx configuration file with nano or a similar text editor:

sudo nano /etc/nginx/sites-available/default

You will encounter a configuration like the following.

server {

    listen 80 default_server;

    listen [::]:80 default_server;

    …

}

Enter the following lines below the code and set the compression level.

server {

    listen 80 default_server;

    listen [::]:80 default_server;


gzip on;
gzip_comp_level    5;


}

For the compression value, you can choose a number between 1 and 9. The value 5 is a good value in terms of CPU usage and provides approximately 75% compression for most ASCII files (approximately the same as level 9).

…

    gzip_comp_level    5;

    gzip_min_length    256;

    gzip_proxied       any;

    gzip_vary          on;

Let us also explain these few lines we added:
The gzip_min_length value is entered to prevent small files from being compressed further.
The gzip_proxied value enables compression for those using a proxy like Cloudflare.
gzip_vary is entered for browsers to cache both the compressed content and the normal version.

Finally, specify the MIME types for the content you want to compress. We compress images, JSON data, javascript files and other common content:

server {

    listen 80 default_server;

    listen [::]:80 default_server;


gzip on;
gzip_comp_level    5;
gzip_min_length    256;
gzip_proxied       any;
gzip_vary          on;

gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module

location ~*  .(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
    expires 7d;
}


}

We entered the location line for browser cache configuration.

The entire configuration we entered will be like this. Save and close the file.

You can check whether there are any erroneous lines in the configuration we entered with the following command;

sudo nginx -t

Then we restart the nginx service for the configurations we entered to become active.

sudo systemctl restart nginx

Step 3 - Measure the Results

To check which PageSpeed score these configurations affect, analyze your website again through PageSpeed. You will see that the compression and browser caching warnings are gone:

Conclusion

Our goal was to achieve a score above 80. If your results are still below 80 points after making these configurations, there may be other settings you need to pay attention to. The score you receive will vary depending on the content of your website. Google PageSpeed will tell you what needs to be adjusted. Changing your Nginx configuration is just one method of improving PageSpeed and may not be sufficient on its own.

Icinga and Icinga Web on Ubuntu
“Introduction”
Icinga is a flexible and powerful open source monitoring system used to check the health of network-connected servers and services. It can be used to monitor process load and uptime, free disk space on a storage device, memory consumption in a caching service, and more. Once properly installed, Icinga can give you an overview of the status of many hosts and services, as well as notifications, downtime scheduling, and long-term storage of performance data.
“Requirements”
What you need before getting started;
An Ubuntu 16.04 server with LAMP installed. You must enable free SSL for Apache since Icinga Web has a login page, which requires entering some sensitive information during setup.
“Installation”
To get the latest version of Icinga, we first use the following command

curl -sSL https://packages.icinga.com/icinga.key | sudo apt-key add -

This key will be used to automatically verify the integrity of all software we download from the Icinga repository.

Open the file with a text editor “nano”

sudo nano /etc/apt/sources.list.d/icinga.list

This will open a new empty text file. Paste the following line

/etc/apt/sources.list.d/icinga.list

deb https://packages.icinga.com/ubuntu icinga-xenial main

Save and close the file, then refresh the package cache

sudo apt-get update

apt-get will now download information from the repository we added and make Icinga packages available for installation

sudo apt-get install icinga2 icinga2-ido-mysql

This software will load Icinga and other information into a MySQL database and will present a few configuration screens

• Should the ido-mysql feature of Icinga2 be enabled? YES

• Should the database for icinga2-ido-mysql be configured with dbconfig-common? YES

• Then you will be asked to enter a password. Create a strong password and save it so you don’t forget it.

We also enable the command feature that will allow us to execute checks from the web interface.

sudo icinga2 feature enable ido-mysql command

Now you can restart Icinga

sudo systemctl restart icinga2

And finally, let us check to make sure Icinga2 is working properly

sudo systemctl status icinga2

“Icinga Web Installation”
Icinga can be used completely without a web interface, but the web interface provides an overview of the health status of your services as well as the ability to send notifications.

sudo apt-get install icingaweb2

The rest of the setup is done in a web browser. Before proceeding, let us edit the PHP configuration file due to timezone requirements.

sudo nano /etc/php/7.0/apache2/php.ini

We need to find a specific line to update. In Nano, we can press CTRL-W to bring up a search interface, type date.timezone and press ENTER. The cursor moves to the line we will update. First, remove the comment at the beginning of the line by removing the semicolon, and type the correct timezone. You can find the correct timezone format at the following link.
https://secure.php.net/manual/en/timezones.europe.php
When you are done, it should look something like this

date.timezone = Europe/Istanbul

Save and close the file. Restart Apache to apply the update

sudo systemctl restart apache2

Introduction

Whether you use web hosting or a server, there is always a traffic limit on the services you use when publishing your websites or projects on the internet. Although many companies today provide unlimited traffic services, technically nothing in nature is truly unlimited. It is presented as unlimited traffic only because the extra usage you consume is not charged. However, if you are not using unlimited traffic services, it will be useful for you to monitor the traffic you use. This way, you can avoid high-cost overage invoices.

Traffic Usage Monitoring at Netinternet

For the physical dedicated server and colocation services you receive, we allow you to monitor how much traffic your server uses through your customer panel. This way, you can compare the traffic limit you purchased with the traffic you use and switch to a higher traffic package based on your needs. This prevents extra invoices that may be generated as traffic overage charges. Now let us look at how you can monitor traffic usage on the physical server service you have received from our company.

NOTE: In order to monitor traffic usage on your physical server, traffic reports must be active. If you cannot see traffic reports, please contact technical support.

First, log in to your customer panel from the Customer Login section on our website. After logging into the panel, click on the Services section in the top menu to navigate to the section where all your services are listed.

When you enter the Services section, you will see all active and passive services you have purchased from our company as a list. If you have too many services, you can search for your service from the Search section or select the relevant service from the Filter section to display only the service whose traffic reports you want to monitor. After reaching your service in the list, click the View button on the right to navigate to the features section of your service.

When you enter the features section, on the page that appears, you will see the following sections in the left menu,

• Information


• Traffic Reports


• Service Cancellation

When you click on the Traffic Reports section, you will have accessed the traffic reports of your relevant server. You can examine all your traffic consumption in detail, both daily and monthly, from the day your server was activated. Please note that the data here does not come in real-time; daily reports are delivered.

Thanks to this reporting process we provide to you, you can easily monitor how much traffic you use. This way, you can purchase traffic packages according to your needs.

Dear Customers,

With the decline in exchange rates for foreign currency-indexed products, our prices have been updated, meaning a discount has been applied. New prices are valid as of today for newly generated invoices and new orders.

Rest assured that declines in exchange rates will continue to be reflected as discounts on services priced in Turkish Lira.

We also recommend that you review our announcement regarding foreign currency-indexed products; About the Transition to Foreign Currency-Based Pricing

We present this for your information and wish you good work.

Netinternet Bilisim Teknolojileri AS

General Manager - Osman Makal

General Information

Since August 2016, a hacker group called “Shadow Brokers” has been publishing information, exploit codes, and malware belonging to a cyber espionage unit called “Equation Group”. In addition to the published data going back to January 2009, it contains detailed information about cyber security vulnerabilities targeting various operating systems and software published to date.

The published exploit codes also target network devices used in institutions. In addition, it has been observed that malware targeting end-user computers is among the published information. The ‘Wannacry’ malware, which recently affected corporate and individual systems worldwide, uses the aforementioned vulnerabilities and exploit codes that have been published. The hacker group announced that it will publish similar exploit codes and malware on a monthly basis.
Also, as of March 2017, data claimed to belong to foreign intelligence agencies, announced under the name ‘Vault 7’, has been leaked to the internet. This data includes software used to leave backdoors on IT system assets, primarily end-user systems. At the same time, malware that tends to spread through corporate networks using file servers is also included in ‘Vault 7’. It is likely that similar data will continue to be published in 2-3 week intervals.
In order for this leaked data not to affect corporate information security, it is necessary to create an inventory of information systems within the institution and to perform vulnerability detection and impact analysis on this inventory.

Affected Devices

Exploit codes and malware have been developed and spread on the internet that will affect the products listed below by type/brand/model. Therefore, it is important for institutions and organizations to detect these devices in their own information systems inventories (all internal and external networks) and take the necessary actions.

1. Network Devices

• Juniper Netscreen (NS5XT, NS50, NS200, NS500, ISG 1000, SSG140, SSG5, SSG20, SSG 320M, SSG 350M, SSG 520, SSG 550, SSG 520M, SSG 550M)


• Cisco PIX (500 Series) Cisco ASA (5505, 5510, 5520, 5540, 5550 series)


• Cisco Switch/Router (711, 712, 721, 722, 723, 724, 802, 803, 804, 805, 821, 822, 823, 824, 825, 831, 832, 841, 842, 843, 844)


• Fortinet FortiGate (60, 60M, 80C, 200A, 300A, 400A, 500A, 620B, 800, 3600)


• WatchGuard, Huawei


• Solaris 6 – 11

2. Operating System

• Windows XP


• Windows Server 2003


• Windows Vista


• Windows 7


• Windows Server 2008


• Windows 8


• Windows 8.1


• Windows Server 2012


• Windows 10


• Windows Server 2016

3. File Server

• Windows File Server

Solution

Institutions and organizations that have the products listed above in their inventories are required to apply the following controls:

• 
  

  Access controls

  
  
  
  
  • Access to management ports of network devices should be restricted on the internal network (access should be allowed only from certain interfaces and IPs) and access from the Internet should be blocked.
  
  
  • Access restrictions should be imposed on Windows devices from the Internet, and access to services such as SMB and RDP should be blocked if not necessary.
  
  
  • Access from the server network open to the Internet to the internal network should be restricted and domain structures should be kept separate.
  
  
  
  


• 
  

  Software with Update Support

  
  
  
  
  • It is observed that security patches are being published for products and services affected by published vulnerabilities or exploit codes. Although in exceptional cases, security patches are not published for old version software or operating systems without support. Institutions must use supported software and operating systems in their IT system assets, especially those accessible to the internet or to everyone or other systems on the network.
  
  
  
  


• 
  

  Password management

  
  
  
  
  • Use of simple and default passwords on servers, end-user devices and network equipment should be avoided.
  
  
  
  


• 
  

  Patch management

  
  
  
  
  • Security patches on network devices should be tracked and up-to-date firmware versions should be used.
  
  
  • Patch management platforms for Windows environments should be reviewed and security patches, especially those for remote code execution vulnerabilities (e.g. MS17-010), should be applied as soon as possible.
  
  
  
  


• Antivirus usage
  
  
  
  • Attention should be paid to the use of up-to-date antivirus/antimalware on end-user devices and servers.
  
  
  
  

Note: Cyber incident detection in the product families mentioned above; the control of possible compromise situations on network devices, servers and end-user computers can be ensured as follows;

1. 
   

   The following controls are recommended for detecting possible intrusion situations on network devices:

   
   
   
   
   • Network device configuration files should be examined and compared with backup files to detect possible anomalies.
   
   
   • Log records (self log) on network devices should be examined; possible anomalies in admin/system/root activities should be detected.
   
   
   • Processes on network devices and firewalls should be examined.
   
   
   
   


2. 
   

   Doublepulsar; this malware published to open an authorized backdoor on the system in Windows operating system exploit codes can be controlled over the network. A scan can be performed using the “nmap” tool on the SMB and RDP ports of the compromised machine:

   
   

   https://nmap.org/nsedoc/scripts/smb-double-pulsar-backdoor.html

   
   


3. 
   

   The Pandemic malware has been developed to spread to other devices on the internal network using file servers. This malware creates the following registry variable on Windows File Server; this record should be searched on the relevant servers.

   
   

   HKLMSYSTEMCurrentControlSetServicesNull -> Null value in the Instances sub-key.

   
   

The 4.7.5 version released by WordPress as a security update is now available for download. Please complete your update immediately for the security of your system.

The security vulnerabilities identified by the WordPress security team in version 4.7.4 are as follows:

• Cross Site Request Forgery (CSRF) vulnerability in the file system credentials dialog box.


• Cross-site scripting (XSS) vulnerability when attempting to upload very large files.


• A cross-site scripting (XSS) vulnerability related to the Customizer.

Source: [https://wordpress.org/news/2017/05/wordpress-4-7-5/]