The unfortunate reality is that the nasties that exploit security flaws like these are becoming increasingly aggressive and not discriminating. Largely, from crawlers and bots that systematically crawl the Internet looking for holes wherever they exist, and Liferay servers can be susceptible. The great news is that aggressive security practices can protect against these threats. Hardened configurations, strong firewalls, and timely patching strategies are key.
If your servers aren’t patched, they really should be, and all known exploits should be locked down. Especially for Shellshock and Heartbleed, as well as several older exploits known to come out of the box with Liferay. Many hosting providers do not secure these holes for you. So, be sure to know if you need to address this directly and to take action!
If you host your Liferay infrastructure with us here at Omegabit, we’ve already got you covered. Our first line of defense is active intrusion prevention firewalls that update hourly against new known published threats (thousands of them). In the case of this latest Shellshock hole, IPS rules were deployed and we were aggressively patching servers with newly released fixes the instant they became available last week - before the story had even hit mainstream media. This is one example of the many benefits provided Liferay installations that host with us, as part of our standard service and is included free of charge.
If you are not sure if your servers are secure, or would like help, please don’t hesitate to reach out. The important thing is that you make sure your servers are locked down and well maintained. That, BTW, is our specialty.
So . . . if you are need of support to secure your Liferay infrastructure, then, my advice to you is to let us help - it would be our pleasure to assist! For more information or help, feel free to reply to this post or contact us here - I promise to respond personally: