

Web hoster Antagonist automatically fixes vulnerabilities in customers' websites - wwdevries
https://www.antagonist.nl/blog/2012/11/hosting-provider-antagonist-automatically-fixes-vulnerabilities-in-customers-websites/

======
davedd
That's a good approach, but not novel and not the first host doing that.

Many hosts automatically scan and fix their clients sites and have been doing
that for a while. Specially when you are talking about popular CMSs like
WorPress, Joomla and drupal.

thanks,

~~~
wwdevries
I'm sorry, I think due to our lacking description of how the technology
exactly works you're confusing it with existing technologies. What we
announced today is not comparable with something like Installatron, they do
just version updates. Those automatic updates usually breaks plugins. We only
patch the vulnerabilities, without modifying any functionality.

~~~
devicenull
Sorry, but you definitely aren't the first: <http://support.wpengine.com/wp-
engines-security-environment/>

~~~
Thomvis
To my understanding, the page you are linking to describes a sandbox
environment, which is different from what the poster is doing.

------
belorn
Do they automatically fixing themes to CMS'es? Updating the engine is one
thing, WorPress, CME, and so on, but that only takes care of a tiny portion of
the attack vectors. In my experience, if a wordpress or a phpbb forum was
hacked, then its the user installed/programmed theme that was the cause and
not the engine itself.

~~~
wwdevries
You're right many vulnerabilities exist in the plugins/themes. We do fix these
as well.

~~~
westi
Are you reporting these issues back to the authors of the plugins/themes and
providing your fixes for them to include?

------
wwdevries
Thanks for taking a look! I will be available here to answer any questions you
might have about this new technology.

------
skrebbel
I think this is lovely. From first-hand experience, I know how often something
as trivial yet important as "updating that horrible Joomla website to the
latest bug-fixed version" gets low on a company's priority list. It's really
just a reason to host your site in a SaaS CMS instead of uploading a bunch of
PHP files yourself, but in case it's too late for that, having the hosting
provider take care of this is lovely.

That said, I think the article is an odd mixture of business-speak and nerd-
speak. As a coder, I'd like to know whether it fixes my handwritten SQL
injection vulnerabilities too (probably not). My boss, however, probably will
need a simpler version to get the point.

~~~
wwdevries
Thank you for your interest. The service focuses on fixing vulnerabilities in
commonly used and popular software solutions such as WordPress, Drupal and
Joomla. So, currently, we do not fix handwritten SQL injection
vulnerabilities.

On a technical level it differs primarily on that it's not an external service
that can only start responding after the website has been hacked; they treat
the damage caused by a successful hack instead of preventing the hack in the
first place. Because we can scan the code itself, we can actually patch
vulnerabilities before they are being exploited. The beauty is in that we do
not do "normal" updates but just patch the vulnerabilities in a non-obtrusive
way, this prevents the website to fail because of incompatibilities.

~~~
bsaul
"The beauty is in that we do not do "normal" updates but just patch the
vulnerabilities in a non-obtrusive way, this prevents the website to fail
because of incompatibilities"

Does this mean you're writing your own custom patches for every single
versions of the software solutions you're supporting ?

------
themgt
Can you you say which languages/platforms your system is able to analyze/patch
and explain some basic technical details of how it understands arbitrary
customer code well enough to find and patch vulnerabilities?

Can it fix bugs and write a few new features for me too?

------
zout
This thing is awesome!

~~~
wwdevries
Thank you! :-) We think so too!

