Home

Email

Deliverability

IT & Engineering

Product

Dev Life

Company

Jobs

Home-Icon

Home

Blog

IT & Engineering

GHOST mitigated and our patching methodology

Back to IT & Engineering

IT & Engineering

GHOST mitigated and our patching methodology

Mailgun has completed patching all of our infrastructure against the recently announced GHOST security vulnerability.

PUBLISHED ON

FacebookTwitterLinkedIn

PUBLISHED ON

This was originally posted on January 29, 2015.

Mailgun has completed patching all of our infrastructure against the recently announced GHOST security vulnerability.

GHOST is a security vulnerability in the gethostbyname*() family of functions of GNU C Library (glibc). This particular vulnerability allows an attacker to potentially take over a server via either a local or remote exploit.

We have monitored our logs and have no reason to believe an attacker exploited our infrastructure, this was an entirely a preventive measure. No customer data was lost or affected.

We strongly recommend all customers review and patch their infrastructure accordingly as well.

Table of content

01

Our patching methodology

Our patching methodology

To provide a little insight into our security posture here at Mailgun, I’d like to share the following information about how we deal with security vulnerabilities.

  • We try to minimize the effects on our customers. That means we typically do rolling updates to ensure that a part of Mailgun is always running. This takes longer, but it allows us to minimize downtime.

  • For security vulnerabilities that come with either a proof of concept (POC) and/or are remote exploits for services we run, we apply these patches immediately. We also check our logs to ensure that no one was able to successfully exploit the vulnerability before we were able to patch it.

  • For security vulnerabilities that do not come with a POC and/or are local exploits, we typically patch our infrastructure according to our patching schedule. We do this because it takes longer to go from bug to exploit than our patching period.

We are pretty diligent about applying security updates whenever they become available. While it may seem like a low payoff way to protect server infrastructure, it actually raises the bar for the attacker. Keeping your infrastructure patched makes automated tools ineffective and requires the attacker find a bug in either our server configuration or our application itself which raises the bar for the sophistication of the attacker significantly.

The Mailgun Team

The Sinch Mailgun team

The team at Sinch Mailgun

Related readings

Deliverability

Inside the seedy underworld of spammers and phishers

We announced some improvements to our reputation algorithm which helps us fight spam while still welcoming new customers without setting arbitrary sending limits. The biggest...

Read more

Deliverability

5 phishing email warning signs

When you get an email from a company that you recognize, you assume that the message you get is legitimate, why wouldn’t it be?. Unfortunately, scammers have gotten...

Read more

IT & Engineering

What are SYN flood attacks and how can you defend against them?

“We’re under attack!” It’s a line that could very well be taken directly from Star Wars or The Matrix, but it’s also a cyber security reality. These attacks are not only sneaky but can be...

Read more

Recent articles

Black Friday & Cyber Monday 2023: Unleashing the power of email

6 fundamental tools for better email results

Six deliverability strategies to keep you off ISP naughty lists this holiday season

Popular posts

Email inbox.

Email

4 min

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Product

4 min

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Deliverability

5 min

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon