Home

Weebly
Cloudflare Partner

Drupal Association Member

User menu

Blog

Imagetragick

The talk of the Internet for the last few days has been a new exploit termed ImageTragick - CVE-2016–3714.  It's a potential exploit on any server with the ImageMagick package installed that runs web apps that do not check properly for file type before displaying a file manipulated through the Convert command. It doesn't look like Drupal is VERY exploitable by this (and would only be exploitable if the site used ImageMagick, which is not a lot of them.  Wordpress will also only be vulnerable if it uses an extension that calls ImageMagick. 

However, since our clients run all sorts of code on our servers, we have just taken steps to mitigate this vulnerability on all of our servers. We don't think this will have any bad effects on any production sites - but if you're suddenly having issues with image processing, this may be why.  We've patched the policy.xml file on all of the servers as suggested by Red Hat and CentOS. This should stop any potential exploits until such time that actual patches for ImageMagick are available that are known to actually fix the exploit - probably next week.

Crashplan

For some time now we've offered commercial-quality backup services through the Crashplan Enterprise system. This is a great system for backing up your desktop systems.  Back up your laptops while on the road. Make continual backups with multiple revisions automatically. Restore files from any date with a simple interface on your computer. Best of all - keep a copy of your files both on a local system (for fast restores) and on a remote cloud based system of ours (for safety). All with no manual work on your part - it just happens.

Please get in touch if this idea appeals to you. Our rates for this service are competitive, and we can set you up quickly. Works with Windows, Mac, and Linux.

Drupal 8 and hosting requirements

I'm writing a little bit today about some of the concerns that folks are having about Drupal 8, the new hosting requirements it imposes, and particularly the concerns that smaller organizations will not be able to find Drupal 8 compatible hosting plans. There is a lot going on with us and with other hosting companies at the moment to support Drupal 8 and other PHP software that has more modern requirements.

Pages