Select Page

apache security


Apache PCI Compliance : How to avoid Payment Gateway penalties

Payment gateways such as Stripe and Authorize.net handle billions of dollars worth of business per month.

That is why payment gateways and shopping carts are juicy targets for hackers to steal Credit Card info, User identity, etc.

As a defense, Payment Gateways require all eCommerce sites to be fully secure against common attacks, which is ensured through PCI DSS security standard.

Sites that are not PCI DSS compliant can face penalties or even lifetime bans if there is a data breach. (more…)

10 ways how server security services can protect your servers

10 ways how server security services can protect your servers

Everyday, around 30,000 websites are getting hacked (source Sophos Lab). You wouldn’t want your business to be one among them. With new malware and threats emerging on a daily basis, one should always be on a constant alert.

By hiring an expert server security services, you can prevent a security attack before it strikes your servers. Bobcares helps server owners protect their servers from all sorts of exploits.

(more…)

Why you should disable SHA1 and how to secure web hosting servers

Why you should disable SHA1 and how to secure web hosting servers

SHA1 (Secure Hash Algorithm 1) is a popular cryptographic method used to secure eCommerce websites, backups, software updates, document signatures and more.

On 23 Feb 2017, Google announced that they were able to crack SHA1 by using a collision attack dubbed Shattered. This means any server that still uses SHA-1 are vulnerable to attacks. (more…)

How to disable apache SSLv3 protocol for your web server security

How to disable apache SSLv3 protocol for your web server security

With most businesses moving online, internet security has become a crucial aspect. Vulnerabilities are being exposed so constantly in the web world that any day you can wake up to a new exploit or a hack.

To be on the safer side and to protect the data and transactions from attackers, all server owners have secure protocols such as SSL or TLS installed in their servers.
(more…)

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE  and Windows

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE and Windows

Over 80% websites in the internet are vulnerable to hacks and attacks. In our role as hosting support engineers for web hosts, we perform periodic security scans and updates in servers to protect them from hacks.

A recent bug that affects the servers is the SWEET32 vulnerability. By exploiting a weak cipher ‘3DES-CBC’ in TLS encryption, this bug has caused many server owners to panic about their data security.

If you see that your website is failing security scans with this message, that means your server is vulnerable to SWEET32 attacks.

“SSL/TLS server supports short block sizes (SWEET32 attack)”

(more…)