Patchman | http://patchman.co | ONSITE or REMOTE | Enschede, The Netherlands

Our customers comprise of large web hosting providers all around the globe. Security is – obviously – extremely important to them. However, there’s one layer of the security stack they have little or no control over: the code of their end users. Most websites use standard software as a foundation. Did you know that about 30% of the web is running on WordPress, Joomla or Drupal? Hackers continuously exploit security vulnerabilities in these foundations to upload and execute malware. Effectively, this allows hackers to run any malicious code they want. For example: to send spam, launch DDoS attacks or inflict far worse damage.

Patchman comes to the rescue! We offer web hosting providers a fully automated SaaS solution to index security vulnerabilities/risks and resolve them by automatically applying safe backported patches and by defusing malware. On top of that, we offer a web app that helps all stakeholders (including security officers, system administrators, helpdesk employees and end users) to operate Patchman and keep the web secure.

We're currently hiring for three positions:

### Software Engineer: Threat Analysis & Response (PHP) ###

Info & apply: http://jobs.patchman.co/software-engineer-threat-analysis-re...

### Software Engineer: Back-end (Python/Django) ###

Info & apply: http://jobs.patchman.co/software-engineer-back-end

### Software Engineer: Linux Security R&D (C/C++) ###

Info & apply: http://jobs.patchman.co/software-engineer-linux-security-rd

We run scheduled scans and very soon we'll be hooking into Apache, FTP, etc. But Patchman is actually preventing malware from being uploaded in the first place by fixing vulnerabilities before they get exploited.

Also, most malware is not executed right after uploading. They usually wait for the weekends.

Founder here, let me know if you have any questions! Upvotes would naturally be greatly appreciated to get the word out in the US :-) Right now we mostly have large (and small) hosting providers in the EU as customers.

Hi, founder of Patchman here! Patchman was built for hosting providers as a tool to stop the endless stream of abuse. I'm happy to answer your questions!

Can you elaborate a bit on how it solves the problem of quarantining the malware without actually editing the customer's website?

Malware is by definition self contained and can simply be removed. We move the file to another directory, so it cannot be executed.

Regarding security vulnerabilities, we specifically patch only those vulnerabilities. This way you can be rest assured that your customer's websites continue to function properly.

"Malware is by definition self contained and can simply be removed. We move the file to another directory, so it cannot be executed."

Wouldn't this require un-obfuscating the exploit page because the malware can be basically innoculous looking like an image file? I ask because I am just curious how the tool manages to do this so automated.

Also, props on starting this company. I have been thinking about starting some kind of cybersecurity startup or newer tech startup for a while but haven't produced much yet.

E-mail me at wouter @ patchman . co

Would love to talk to you

Sure I will email you in a bit.

@switch33 No, our detection method is hash based. We also have on our roadmap to to content based scanning, that would indeed require un-obfiscating the code.

One thing that I see as problematic is that there are many custom themes from specific CMS involved. And hashing would be rather not good at that unless you have access to clean theme type files.

Patchman (http://www.patchman.co) - Enschede, The Netherlands (or remote) - Full time

Hosting providers suffer on a daily basis from the consequences of the many security vulnerabilities found in commonly used PHP applications such as WordPress, Drupal and Joomla. It is a frequently used entry point to deface customer’s websites and upload/execute malware. Besides this being a significant security risk, it also causes an unstable hosting platform and unhappy customers.

Patchman patches vulnerabilities before they get exploited. Best of all, customers won't even notice! Patchman helps hosting providers to achieve substantial savings in operational costs, increase customer happiness and reduce their churn rate. To support Patchman’s rapid growth, we’re looking to expand its team.

Read more: http://patchman.co/downloads/software_engineer.pdf

Shameless plug: if you're a shared hosting provider you should check out http://www.patchman.co.

Approximately 30% of your hosting accounts run an outdated version of WordPress, Joomla or Drupal with serious security vulnerabilities. These vulnerabilities can be easily exploited to run malicious code. But you already know that, since you're getting sick of all the spam runs and DoS attacks that are continuously being launched this way from your platform. Not to mention the more serious attacks. Aren't you tired of cleaning up after your customers?

Patchman runs on your platform and automatically detects and patches vulnerabilities in WordPress, Joomla and Drupal core (without breaking the application!). It will also automatically remove malware. On top of that, it takes care of all communication with your customers. It integrates with all the popular control panels, such as cPanel, Plesk and DirectAdmin. Saves you a lot of headaches and puts you in control of this mess :)

Now that Google is pushing Google+ even harder in everything new they launch.. I just wish Google would somehow make it possible to merge two Google Apps accounts into one public Google+ account. Now I have to manage multiple Google+ which makes me feel a little schizophrenic and it's confusing to other people who aren't sure on which account to connect with me. It's getting messy.

I successfully merged my Google Apps Google+ account with my regular Google+ account. Have you tried this?

https://support.google.com/plus/answer/1716102?hl=en&top...

You get this error when you compile the exploit incorrectly.

Compile like this and it works:

  gcc -O2 semtex.c && ./a.out

Didn't work

[user@host ~]$ uname -a Linux host.company.com 3.8.11-200.fc18.x86_64 #1 SMP Wed May 1 19:44:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [user@host ~]$ gcc -O2 semtex.c && ./a.out a.out: semtex.c:51: sheep: Assertion `!close(fd)' failed. Aborted (core dumped)

Me too, didn't work:

me@myServer:~$ uname -a Linux KALIDHCP 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64 GNU/Linux me@myServer:~$ cat /etc/debian_version 6.0.7 me@myServer:~$ gcc -O2 semtex.c me@myServer:~$ ./a.out a.out: semtex.c:51: sheep: Assertion `!close(fd)' failed. Aborted me@myServer:~$

You get this error when you compile the exploit incorrectly. Compile like this and it works:

  gcc -O2 sheep.c && ./a.out

Tested the exploit on CentOS:

Linux 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux (latest CentOS kernel):

  [user@centos ~]$ gcc -O2 exploit.c 
  [user@centos ~]$ ./a.out 
  2.6.37-3.x x86_64
  sd@fucksheep.org 2010
  -sh-4.1#

I tested on two Ubuntu systems:

* Linux beqbrgbrg1ux006.tpvision.com 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

* Linux DrinkCoffee 3.5.0-25-generic #38-Ubuntu SMP Mon Feb 18 23:27:42 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

And the process gets killed because of a kernel oops in both.

Kernel panic on Ubuntu 12.04

* Linux bk-ak 3.2.0-40-generic #64-Ubuntu SMP Mon Mar 25 21:22:10 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Same on Ubuntu 13.04 w/ 3.8.0-19-generic.

Tested on Arch Linux x64: [test@libros-dev tmp]$ uname -a Linux libros-dev 3.8.5-1-ARCH #1 SMP PREEMPT Fri Mar 29 19:18:14 CET 2013 x86_64 GNU/Linux

[test@libros-dev tmp]$ ./a.out

Killed

This is in dmesg:

[2112052.363397] Oops: 0000 [#1] PREEMPT SMP

[2112052.363890] CPU 0

[2112052.363969] Pid: 3775, comm: a.out Not tainted 3.8.5-1-ARCH #1 innotek GmbH VirtualBox/VirtualBox