Every day, cyber criminals use malicious bots extensively to infect websites, send spam, and take down websites with DDoS – all for money.
As a server administration company, we often act as the 911 Emergency Rescue for websites under bot attacks.
WordPress powers 19% of the web, and 48 of the top 100 blog sites online. With a strong community of users and developers, the WordPress platform is evolving day by day, with more features and Add-ons.
This, in turn, poses some threats as well. Vulnerabilities and hacks can end up disrupting the website functioning. There have been many instances where a blog owner lost complete access to his site. (more…)
Outgoing spam is a major head ache for many web hosts. Spammers use compromised websites or mail accounts to send thousands of spam mail within a few mins.
By the time the web host comes to know about it, the server IP would be blacklisted (eg. SpamHaus SBL), and legitimate mails would be bouncing left and right. (more…)
“Can you manage my server? I want it to be fast and secure.”
This is a typical request we receive at our Server Management Services. While many customers are happy to have a professional company take care of their servers, some have asked us what exactly is it that we do to make their servers stable.
Fool-proof security, but at a huge cost ! That’s what traditional SSL certificates are. Many website owners choose not to secure their sites, due to the SSL costs involved.
But absence of TLS/SSL encryption make websites vulnerable to attack. Customers trust secure websites for their transactions and data storage. Security is a crucial aspect that determines the credibility of a website.
On Dec 6th, a Command Execution Vulnerability was disclosed in the open source webmail software called RoundCube. Using this vulnerability, an attacker can easily execute arbitrary system commands, which could be used to inject malware or take control of the server.
If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:
- CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
- CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.
If you have a website, chances are that it’s running on a Linux server. And the latest news is that, Linux servers with kernel versions 3.6 to 4.6 are vulnerable to malware injection attacks.
This was demonstrated on Aug 10th, when security researchers injected phishing content “on the fly” on USA Today website.
The good news is, you can protect your servers. Today, we’ll see how. (more…)
Setting up SSL is a costly, and often tedious process.
A decent 2048-bit certificate costs at least $149/yr, and requires the webmaster to generate a CSR, submit it to the CA, reconfigure the web server, and troubleshoot any errors. (more…)
On 18th July, our security team was alerted to a series of vulnerabilities called HTTPoxy. It allows attackers to steal data from CGI enabled web servers.
As of this writing, patches only available for Litespeed, but we’ve identified ways to mitigate this vulnerability in Apache, Nginx, IIS and other web servers and proxies.
[ Update 21st July – cPanel released patches for Apache. Click here to know more ]