Entries by Jim Carter

PHP 5.6 will go end of life on 31 Dec 2018

Quick Public Safety Announcement, PHP 5.6 goes end of life (EOL) on the 31 December 2018.  This means that known security flaws will no longer be being fixed so any sites you have running on it will become vulnerable, hence it is important you update them to a newer version. We recommend updating to the […]

How to set-up unattended-upgrades

Making sure software is kept up to date is very important.  Especially when it comes to security updates.  Unattended-upgrades is a package for Ubuntu and Debian based systems that can be configured to update the system automatically.  We’ve already discussed manual patching vs auto patching, most of this post will assume you’d like to set-up […]

How will Debian 7 end of life affect me?

On 31st May 2018, Debian 7 “Wheezy” reaches end of life (EOL). We recommend that you update to Debian 9 “Stretch”. Over time technology and security evolves, new bugs are fixed and new threats prevented, so in order to maintain a secure infrastructure it is important to keep all software and systems up to date.  […]

Turning Prometheus data into metrics for alerting

As you may have seen in previous blog posts, we have a Warboard in our office which shows the current status of the servers we manage. Most of our customers are using our new alerting stack, but some have their own monitoring solutions which we want to integrate with. One of these was Prometheus. This […]

Google Chrome to Distrust Symantec SSL Certificates

From 15 Mar 2018 Google Chrome will start distrusting Symantec SSL Certificates. What is happening and why? Over the past few years various concerns have been raised regarding Symantec’s process for issuing and revoking SSL certificates.  As a result Google Chrome have announced that they will be distrusting SSL certificates issued by Symantec. It is […]

CVE-2014-6271 – Shellshock

Shellshock is a bug in the bash shell.  The main issue comes from the fact that commands can be executed if they are crafted into environment variables.  This means anyone who can send a user agent to Apache can run commands as the user running Apache. Am I affected? You can test if your server […]