WordPress CVE Vulnerability Monitoring and Patching Using cPGuard

WordPress CVE Vulnerability Monitoring and Patching Using cPGuard

In our ongoing commitment to enhance website security, we have explored various options to monitor and patch vulnerabilities in WordPress and its components. Given that WordPress holds a significant share of compromised websites, particularly in shared hosting environments, it is crucial to prioritize its security. Throughout this journey, we’ve implemented numerous explicit rules in our scanner engine and introduced measures such as detecting outdated installations, sending related notifications to end-users, identifying suspicious processes, and verifying WordPress file checksums. These efforts have already proved effective in detecting many infections.

The Importance of Detecting and Patching Vulnerabilities

As we delved deeper into our security measures, we recognized the importance of detecting outdated WordPress versions and components with known vulnerabilities. Ensuring no website with a known vulnerability remains publicly accessible and open to exploit is paramount. While our Web Application Firewall (WAF) can mitigate many such attacks and is continually updated to block the latest threats, the most effective practice is to patch the actual vulnerabilities. With this in mind, we introduced CVE (Common Vulnerabilities and Exposures) monitoring for WordPress in the latest versions of cPGuard.

Introducing New Updates: CVE Monitoring and Patching for WordPress Using cPGuard

We are excited to announce a significant update aimed at enhancing WordPress security through comprehensive CVE (Common Vulnerabilities and Exposures) monitoring and patching.

Detailed Monitoring of WordPress Installations

With our latest update, cPGuard now provides a detailed list of all WordPress installations and their components (assuming no errors in the installations). This list allows you to:

– Identify WordPress installations with outdated cores, plugins, and themes.
– Detect installations with a CVE alert and view their CVSS (Common Vulnerability Scoring System) scores.

Manual and Automated Threat Management

Our enhanced system gives you the power to:

– Manually review CVE threats and apply available patches.
– Update each component individually when updates are available.
– Enable auto-updates for WordPress components, providing a more security-oriented approach similar to a WP toolkit.

Future Enhancements: Automatic Patching

Looking ahead, we plan to introduce automatic patching for CVE-affected installations. This means if a client fails to address an alert and update their WordPress installation within a certain period, cPGuard will automatically apply the necessary patches.

We are trying to add more features to ensure WordPress security in upcoming releases. In 2024, we expect to add more such features to ensure secure WordPress hosting servers for our clients

What’s New with cPGuard in June 2024

What’s New with cPGuard in June 2024

2024 has been an engaging year for our team, bringing numerous features and improvements to cPGuard. We’ve added enhancements to existing modules, with several more innovations still in development. As we reach mid-2024, let’s discuss the major updates available now and those coming soon with cPGuard.

IPDB Enhancements

The IPDB is a distributed firewall crucial in blocking live attack attempts, currently intercepting over 15 billion attacks monthly. We’ve reworked the IPDB rule-building algorithm to make it more efficient, faster, and less resource-intensive. The latest version includes:

  1. Options to temporarily block IP addresses.
  2. Better integration with CSF.
  3. A URL-based whitelist for centralized whitelist management.

WordPress Security

WordPress is a prominent CMS and a primary target for web attacks. cPGuard offers multiple options to protect your WordPress sites. We continuously update our WAF rules to shield WordPress sites from known vulnerabilities. We use web traffic traps on some live sites to gather real-time attack evidence, enhancing our rule-building efficacy.

Key features include:

  • Alerts for outdated WordPress components.
  • Verification of WordPress checksums.
  • CAPTCHA-protected WordPress login pages.
  • CVE alerts for WordPress and its components. (These alerts are sent to end-users and displayed on the CMS Threats page, helping identify vulnerabilities.)

Scanner Updates

We release regular updates for the scanner and its rules. This year, we’re planning significant changes to detect modern malware hidden in files. Recent updates include:

Revamped HTTP upload scanner.

  • Enhanced event logging in the scanner for better visibility for admins.
  • Improved cleanup processes to prevent web-injected content.

Upcoming Major Changes

AI Integration with the Scanner

We’ve been testing AI integration in our lab with promising results. The AI scanner is partially enabled in the current version and will be expanded in upcoming updates, enhancing virus detection.

Automatic Patching of WordPress Components with CVE Alerts

Building on our CVE alerts for WordPress components, we’re developing an option to enable auto-patching after notifying end-users. This will help server admins maintain client websites with known CVE vulnerabilities.

Log Analyzer and IDS/IPS

We’re working on a system to monitor logs for website and service security. Based on Fail2ban, this solution will soon be released in beta. It will enhance log analysis, catch bad accesses faster, and improve IP reputation calculations in IPDB.

Are These the Only Changes Coming?

These are not the only changes. We continue to refine the software based on user feedback, so expect many other improvements and bug fixes in upcoming releases. Stay tuned to our social media pages and change log for detailed updates on each version.

Some points that you need to notice about cPGuard V4

Some points that you need to notice about cPGuard V4

We are happy to announce that we expect to start cPGuard v4 client beta testing by the first week of April 2022. Version 4 of cPGuard is not just a typical update with some UI improvements and new features. It is a complete revamp which introduces a fresh UI with an incredible new workflow. We have built a new framework that opens endless possibilities for integrations onto multiple platforms. We are trying our best to make each component perfect and for a trouble-free upgrade from V3 to V4.  As it is a new software model, there are a few things you need to notice about V4 features and requirements.

What are the new features in V4?

  • Centralized server management :- In cPGuard V4, you have an option to view and manage all your servers from our Cloud-based user interface. This will make your life easier especially when you need to check cPGuard on multiple servers.
  • User-based access :- You can define an access matrix for your server managers to your servers without giving them root access. You can create multiple users and grant access flexibly on your servers
  • Server overview reports :- From the centralized UI, you will get an overview of the attack rate against your servers,  servers with alerts, etc 
  • Control Panel independent :- We are crafting cPGuard V4 as control panel independent.  So we can support more control panels soon and can introduce more features into cPGuard. 

Requirements for cPGuard V4

As it is a new software model, the requirements to run cPGuard also change a bit compared to previous versions.

  • App Cloud should be able to communicate to the agent installed on the customer’s servers. So the cPGuard Cloud IPs must have whitelisted on client servers or the software will not function well. We will add an automatic whitelist for CSF and in other cases, the user must do manual whitelisting of the IPs that we provide. 
  • The supported Operating System list is updated and we support almost all RHEL and Debian derivatives now. But cPGuard version 4 will not support CentOS 6.x and Debian 9.
  • The UI will be centralized, so you need to login into the cPGuard dashboard separately using your OPSSHIELD client area login credentials. 
  • You may notice some missing data in V4 dashboard initially, which is fine because those are the new metrics for V4. We try to import all V3 data to V4 during the upgrade but new metrics need to populate from the new data collecting system  

Do you need to take any action now?

You do not need to take any action now. We will roll the existing servers into V4 sequentially with multiple updates. During the process, we will alert the customers if any of the requirements cannot meet and you can resolve it manually to prepare your servers for V4 update.  We hope that we can release V4 within a couple of weeks. 

Stay tuned to our Social media accounts to get additional information about cPGuard V4. 

Release note for cPGuard version 3.69

Release note for cPGuard version 3.69

We have released cPGuard version 3.69 on January 26 2022 and the update is available on all servers automatically. We encourage our customers to make sure that they use the latest version always as we follow sequential updates and every update is applicable for the latest versions of the software.

What is up with version 3.69?

We release regular updates to our software, scanner rules, WAF rules, etc to make sure that everything is up to date to detect the latest threats. For a person who follows the release notes of cPGuard, the new version may not feel anything exciting!

But it took up almost 2 months to complete this build as it has a completely revamped scanner engine code. Our developers have re-written the whole code from scratch to make it more efficient and organized. As a project which is running for over 4 years and started as a specific control panel plugin, we believe this is the right time to start working on the project revamp to enter into new areas

The major changes

Our team is working on some cPGuard enhancements and internally calls it cPGuard V4. So version 3.69 is the first step towards V4 release and we will soon release the following updates in the upcoming versions.  In 3.69, the major changes include

  • Revamped scanner engine code
  • Eliminated the dependency with system ClamAV
  • Enhanced file checks and improved scanner speed
  • etc

What is next?

As I mentioned above, 3.69 is just the first step towards a milestone. Our team is working hard to increase the cPGuard productivity and reduce the admin overhead. We will have some major updates this year and we believe that it can help our customers to manage cPGuard and the servers easily. 

What are the recent changes in IPDB?

What are the recent changes in IPDB?

What is IPDB Firewall?

In cPGuard, we have multiple modules that work at different layers to stop various attacks. The IPDB firewall module is a system-level firewall that can block many of the attacks before it reaches your application servers.

The main components of the IPDB firewall are

1. The Cloud Advisor:– is a server cluster containing multiple servers dedicated to collecting, building and distributing a list of unsafe IPs. We have a huge list of bad IPs built on data collected from attacks we have blocked (WAF, Bruteforce, CSF and access logs), our partners like Malware.Expert and other 3rd party sources. Our algorithms, after whitelisting major providers like Cloudflare, Google etc to avoid false positives, dynamically score IPs based on various parameters to build a refined list containing only the latest and relevant threats

2. The Server Agent: cPGuard server application downloads the list of bad IPs from the cloud advisor and creates a blocklist using IPSET and IPTABLES to effectively block requests from these IPs. The block list is periodically reloaded to fetch the latest IPs and drop old IPs from the list

What are the recent updates in IPDB?

Over the past few versions after the initial release of IPDB, we have been continuously working on it to enhance the performance of IPDB module. With that said, we were able to bring in so many updations so block more attacks with fewer false positives. Few of the major changes include

  • Refined blacklist Logic:- We now have a better algorithm to mark an IP address as bad and put it into the global blacklist. That helps to eliminate a significant share of false positives from the total blacklist.
  • Enhanced whitelist:- Based on the feedback from our clients, we have added many more major players including search engines, CDN providers, monitoring agents, etc into the blacklist which helped to refine the central list.
  • Better CLI Tools:- For a Linux geek, it is always handy to work from CLI than doing any tasks from GUI. So we have added more CLI tools to handle IPDB using commands
  • Network whitelist:- Now you can whitelist a Network using a defined format. This will help to whitelist a range of your IP address and that makes the tool handier. You can add whitelist from cPGuard settings or via our command line utility
$ /etc/cpguard/scripts/cpgbin allowip <ip address/range>
 
$ /etc/cpguard/scripts/cpgbin allowip 208.xxx.xxx.xxx
$ /etc/cpguard/scripts/cpgbin allowip 208.xxx.xxx.xxx/24 

 

  • New IPDB stats UI:- You can now view requests being blocked in realtime from the new IPDB section in cPGuard UI. We will be rolling out more reports and stats on IPDB in coming versions.

Wait…I have some complaints or suggestions

We would love to hear from you and our team can work based on your feedback. Kindly reach our support team with your feedback and we will process it accordingly.