Drupal and WordPress websites hosted on Drupion are protected from Meltdown and Spectre Attacks

Recent press reports talk about the latest security issues with CPUs that affect Intel, AMD, and ARM processors. The attacks, named Meltdown and Spectre, take advantage of the same basic security vulnerability in those chips, could hypothetically be used by malicious actors to read sensitive information in the system's memory such as passwords, encryption keys, or sensitive information open in applications.

The good news for everybody, even if you are not a Drupion customer, is that these attacks only work if there is code, or malware, on your database server. It’s not as if the attackers can magically scrape the contents of your RAM through the CPU without having the code present on your system. And even if an attacker somehow did get access, as BBC publication on http://www.bbc.com/news/technology-42564461 explains:

... they would get only “snippets” of data from the processor that could eventually be pieced together to reveal passwords or encryption keys. That means the incentive to use Meltdown or Spectre will at first probably be limited to those prepared to plan and carry out more complex attacks, rather than everyday cyber-criminals.

As for Drupion customers, we would like to proudly inform that we have finished patching all the Drupion severs on BIOS and OS levels. However, for the new patches and OS kernel updates to take effect your server must be rebooted. Taking into considerations only smaller, private blog type websites are hosted on our shared plan accounts, we have effectively rebooted all the Shared plan servers.

In order not to interrupt important ongoing processes on larger corporate projects running on our Cloud VPS and Dedicated servers, we need to schedule such server reboots per tame-frames defined by our customers. So if you are a Cloud VPS or Dedicated plan Drupion customer, then please login to your account at https://dashboard.drupion.com and let us know what is the most convenient time for you to get your server rebooted.

Your Drupion team

P.S. If you have further questions on this, please post them on https://www.drupion.com/blog/drupal-and-wordpress-websites-hosted-drupio...

Comments

Wow Drupion sounds good, so far I have been using Cloudways for my Drupal website and I am very satisfied with it.

Alex Shapka's picture

Dear Hassan,

Thank you for your feedback! We totally acknowledge Cloudways is a really good, but generic vendor. Unlike traditional hosting companies we are in the specific market of Drupal and WordPress-centric hosting providers. Please compare Drupion to other competitors on https://www.drupion.com/about/why-drupion and let us know if you want to drive-test one of our hosting plans.

Add new comment