Security and You, Ghost Vulnerability 2015
Running a website can sometimes be difficult, you have to make sure your software stays up to date, make sure your blog is running the latest versions of your plugins and also make sure your password is secure to your admin areas. That’s a lot of work, sometimes, we forget some things.
A lot of people are not as technically savvy with their servers, as they are with their WordPress or other website software. So sometimes, things get forgotten or go without maintenance for some time. This can sometimes include doing system updates, making sure you enforce good password policy on your system level accounts that give you access to your hosting server or a list of other things.
At Namecheap, even if you’re unmanaged, we have never believed that our relationship with you ends after you click check-out. We want to make sure that you’re receiving the best care all the time. So, we have pre-emptively started notifying customers about a new threat to the hosting world called “Ghost”. Ghost is a security bug that interacts with the underlying operating system, specifically, how your server connects to the internet; among various other places. With the critical nature of this, we are beginning to preemptively scan for rootkits or other infections on all servers, managed or unmanaged. We will notify individuals who are indeed prone to this bug or have any security issues we notice.
We believe this type of preemptive approach to securing both your site, and sometimes, your livelihood is important. We know it’s important to us to make sure that you’re safe and secure with your hosting here at Namecheap. If you receive an email from us in the coming days, please read it and reply if needed so that we can better help you understand issues on your server if they exist. We’re more than happy to complete the patching, scanning or anything else for you on your servers in relation to this bug. We may also send you some notifications on other security related issues that we see while conducting our quality of service scans for you.
Of course, like always, if you have any questions or comments, please contact us through normal support channels (https://support.namecheap.com/) and we will be more than happy to discuss with you any issues or concerns you may have.
A more technical check for the Ghost bug can be done like so:
If the command “rpm -q glibc” shows a version less than “glibc-2.12-1.149.el6_6.5” you are vulnerable to this issue.
In which case you can issue the command “yum update glibc” and then “reboot” afterward to make sure that the update takes effect properly.
We appreciate you choosing Namecheap, and we look forward to serving you throughout 2015!