Protecting your websites from Tragick

Published 2016-05-05 by Jochen Lillich

The ImageMagick tool suite is a popular solution for the processing and modification of image files in web applications. Many Drupal and WordPress websites use it behind the scenes. On freistilbox, ImageMagick is installed on both the web application and shell login boxes.

On 3 May 2016, a whole list of vulnerabilities in ImageMagick, nicknamed “ImageTragick”, was published. Due to an insufficient sanitisation of command arguments, these vulnerabilities allow attackers to execute arbitrary commands and connect to remote websites.

Immediately after the publication of ImageTragick, the freistilbox operations team implemented a workaround that blocks these exploits. Thanks to our automated system management, this workaround has been installed consistently on all servers that use ImageMagick.

The security of our customers’ websites is our first concern, and we’re doing our best to make sure that you can work efficiently and sleep peacefully.