Cove builds tools to fight Gumblar

Web hosting provider Cove has developed a scanner to help customers detect infections from new variants of the Gumblar exploit.

The service provider has also set up an Account Lock feature to allow customers to lock FTP and Control Panel access to their accounts and released a long-planned automated backup restore feature.

On Friday, iTnews reported that fellow Australian web hosting company AussieHQ had experienced phenomenal rates of infection from a Gumblar-like exploit since last Wednesday.

Cove managing director Cheyne Jonstone said the scan and account lock features were developed in direct response to both the iTnews report and two Cove customers that reported Gumblar-like symptoms.

But the company claims to have suffered nowhere near the levels of infection experienced by AussieHQ and its subsidiary hosting company, Jumba.

"Of the several thousand customers we host, we have had two, yes two, confirmed cases of this type of attack taking place on their account," said Cove customer relationship manager Paul Lansbury.

"Neither our routers, nor our firewalls, nor our servers, are showing any signs of large amounts of spam originating from customer accounts."

Lansbury said Cove had taken a "proactive approach" to addressing the Gumblar threat. He said the scanner is a "world first" for cPanel-based web hosts, with the capacity to search the public_html folder of user accounts looking for the fingerprints of common exploits such as IFRAME, JavaScript, meta redirect and three dot attacks.

The Account Lock feature enabled customers to "lock" their control panel and FTP (file transfer protocol) log-in account, preventing access until the lock is removed on the customer's dashboard.

The Gumblar exploit specifically targets client machines with FTP access to servers.

The fixes were released to Cove forum users yesterday.

Jonstone told iTnews that of the 52 Cove customers that have used the scanner since yesterday, zero infections have been detected and one false positive recorded which has since been rectified.

The company will allow resellers to access the tools later this afternoon.