Web hoster Antagonist automatically fixes vulnerabilities in customers' websites (opens in new tab)

(antagonist.nl)

23 pointswwdevries13y ago18 comments

18 comments

17 comments · 6 top-level

davedd13y ago· 5 in thread

That's a good approach, but not novel and not the first host doing that.

Many hosts automatically scan and fix their clients sites and have been doing that for a while. Specially when you are talking about popular CMSs like WorPress, Joomla and drupal.

thanks,

wwdevriesOP13y ago

I'm sorry, I think due to our lacking description of how the technology exactly works you're confusing it with existing technologies. What we announced today is not comparable with something like Installatron, they do just version updates. Those automatic updates usually breaks plugins. We only patch the vulnerabilities, without modifying any functionality.

davedd13y ago

Nope, we work with hosts that do exactly that. Patch and update if it is outdated, fix if it is broken and even remove any malware if it is infected.

Again, what you guys are doing is great, and I don't want to take that way. My only point is that you were not the first and some have been doing that for a while.

thanks,

moepstar13y ago

>>> I'm sorry, I think due to our lacking description of how the technology exactly works you're confusing it with existing technologies.

Well, please, then already describe how it works. And don't forget technical details as we're quite technical 'round here..

devicenull13y ago

Sorry, but you definitely aren't the first: http://support.wpengine.com/wp-engines-security-environment/

1 more reply

danso13y ago

I don't know if this is the same thing, but I know Dreamhost auto-updates my abandoned Wordpress sites (is that triggered through Wordpress itself, even on independent WP installations?)

skrebbel13y ago· 3 in thread

I think this is lovely. From first-hand experience, I know how often something as trivial yet important as "updating that horrible Joomla website to the latest bug-fixed version" gets low on a company's priority list. It's really just a reason to host your site in a SaaS CMS instead of uploading a bunch of PHP files yourself, but in case it's too late for that, having the hosting provider take care of this is lovely.

That said, I think the article is an odd mixture of business-speak and nerd-speak. As a coder, I'd like to know whether it fixes my handwritten SQL injection vulnerabilities too (probably not). My boss, however, probably will need a simpler version to get the point.

wwdevriesOP13y ago

Thank you for your interest. The service focuses on fixing vulnerabilities in commonly used and popular software solutions such as WordPress, Drupal and Joomla. So, currently, we do not fix handwritten SQL injection vulnerabilities.

On a technical level it differs primarily on that it's not an external service that can only start responding after the website has been hacked; they treat the damage caused by a successful hack instead of preventing the hack in the first place. Because we can scan the code itself, we can actually patch vulnerabilities before they are being exploited. The beauty is in that we do not do "normal" updates but just patch the vulnerabilities in a non-obtrusive way, this prevents the website to fail because of incompatibilities.

bsaul13y ago

"The beauty is in that we do not do "normal" updates but just patch the vulnerabilities in a non-obtrusive way, this prevents the website to fail because of incompatibilities"

Does this mean you're writing your own custom patches for every single versions of the software solutions you're supporting ?

Ergomane13y ago

> The service focuses on fixing vulnerabilities in commonly used and popular software solutions such as WordPress, Drupal and Joomla.

What does this mean? Can you perhaps explain the service? Are these patches based on Drupal/Joomla security releases?

belorn13y ago· 2 in thread

Do they automatically fixing themes to CMS'es? Updating the engine is one thing, WorPress, CME, and so on, but that only takes care of a tiny portion of the attack vectors. In my experience, if a wordpress or a phpbb forum was hacked, then its the user installed/programmed theme that was the cause and not the engine itself.

wwdevriesOP13y ago

You're right many vulnerabilities exist in the plugins/themes. We do fix these as well.

westi13y ago

Are you reporting these issues back to the authors of the plugins/themes and providing your fixes for them to include?

zout13y ago· 1 in thread

This thing is awesome!

wwdevriesOP13y ago

Thank you! :-) We think so too!

wwdevriesOP13y ago

Thanks for taking a look! I will be available here to answer any questions you might have about this new technology.

themgt13y ago

Can you you say which languages/platforms your system is able to analyze/patch and explain some basic technical details of how it understands arbitrary customer code well enough to find and patch vulnerabilities?

Can it fix bugs and write a few new features for me too?

j / k navigate · click thread line to collapse

18 comments

17 comments · 6 top-level

davedd13y ago· 5 in thread

That's a good approach, but not novel and not the first host doing that.

Many hosts automatically scan and fix their clients sites and have been doing that for a while. Specially when you are talking about popular CMSs like WorPress, Joomla and drupal.

thanks,

wwdevriesOP13y ago

davedd13y ago

Nope, we work with hosts that do exactly that. Patch and update if it is outdated, fix if it is broken and even remove any malware if it is infected.

Again, what you guys are doing is great, and I don't want to take that way. My only point is that you were not the first and some have been doing that for a while.

thanks,

moepstar13y ago

>>> I'm sorry, I think due to our lacking description of how the technology exactly works you're confusing it with existing technologies.

Well, please, then already describe how it works. And don't forget technical details as we're quite technical 'round here..

devicenull13y ago

Sorry, but you definitely aren't the first: http://support.wpengine.com/wp-engines-security-environment/

1 more reply

danso13y ago

I don't know if this is the same thing, but I know Dreamhost auto-updates my abandoned Wordpress sites (is that triggered through Wordpress itself, even on independent WP installations?)

skrebbel13y ago· 3 in thread

wwdevriesOP13y ago

bsaul13y ago

"The beauty is in that we do not do "normal" updates but just patch the vulnerabilities in a non-obtrusive way, this prevents the website to fail because of incompatibilities"

Does this mean you're writing your own custom patches for every single versions of the software solutions you're supporting ?

Ergomane13y ago

> The service focuses on fixing vulnerabilities in commonly used and popular software solutions such as WordPress, Drupal and Joomla.

What does this mean? Can you perhaps explain the service? Are these patches based on Drupal/Joomla security releases?

belorn13y ago· 2 in thread

wwdevriesOP13y ago

You're right many vulnerabilities exist in the plugins/themes. We do fix these as well.

westi13y ago

Are you reporting these issues back to the authors of the plugins/themes and providing your fixes for them to include?

zout13y ago· 1 in thread

This thing is awesome!

wwdevriesOP13y ago

Thank you! :-) We think so too!

wwdevriesOP13y ago

Thanks for taking a look! I will be available here to answer any questions you might have about this new technology.

themgt13y ago

Can it fix bugs and write a few new features for me too?

j / k navigate · click thread line to collapse