Protect your server from ImageMagick vulnerability

A security vulnerability in ImageMagick was announced on May 4th, 2016. If your Linux server uses ImageMagick to handle image uploads, you should make changes to your server immediately to protect it from a possible compromise.

Am I affected?

Not all hosting products are affected by the ImageMagick vulnerability.

Hosting Type Affected?
Shared Hosting (cPanel, Managed WordPress, Plesk) No
VPS or Dedicated Server with cPanel No
VPS or Dedicated server without cPanel Yes
Cloud Server Yes
Warning: If you turned automatic updates off on your cPanel server, you may still be vulnerable.

Protect your server

There are a few options available to you to protect your server from the ImageMagick vulnerability.

Let GoDaddy protect my server for me

For $79, GoDaddy Expert Services will make the necessary changes to your server to protect it from the ImageMagick vulnerability. To buy this service, give us a call at 480-463-8824.

Note: Expert Services are not available for Cloud servers.

Update your ImageMagick policies

To protect your server from the ImageMagick vulnerability, you need to make changes to your policy.xml file for ImageMagick.

  1. Connect to your server with SSH.
  2. Locate your policy.xml file for ImageMagick. The path to this file may be different depending on your Linux version.
    Linux Versions Path
    Ubuntu
    Debian 7
    CentOS
    RHEL
    Arch Linux
    /etc/ImageMagick/policy.xml
    Debian 8
    Fedora
    /etc/ImageMagick-6/policy.xml
    FreeBSD /usr/local/etc/ImageMagick-6/policy.xml
    CentOS 6 with cPanel/WHM /usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml
  3. Open this policy.xml file in a text editor:
    sudo vim /etc/ImageMagick/policy.xml
  4. Add the following lines to the <policymap> section of the file:
    		
    <policy domain="coder" rights="none" pattern="EPHEMERAL" />
    <policy domain="coder" rights="none" pattern="URL" />
    <policy domain="coder" rights="none" pattern="HTTPS" />
    <policy domain="coder" rights="none" pattern="MVG" />
    <policy domain="coder" rights="none" pattern="MSL" />
    <policy domain="coder" rights="none" pattern="TEXT" />
    <policy domain="coder" rights="none" pattern="SHOW" />
    <policy domain="coder" rights="none" pattern="WIN" />
    <policy domain="coder" rights="none" pattern="PLT" />
  5. Save and close the file:
    :wq!

Once these changes have been made, your server will be protected from the ImageMagick vulnerability.


Was This Article Helpful?
Thank You For Your Feedback
Glad we helped! Anything more we can do for you?
Sorry about that. How can we be more helpful?