Security

We’re Protected from the Log4Shell Vulnerabilities

All of our servers and services are protected from the Log4Shell Vulnerabilities (CVE-2021-44228 and CVE-2021-45046). Apache Log4j is a library for logging functionality in Java-based applications. A flaw was found in Apache Log4j, allowing a remote attacker to execute code on the…

HTTPS is No Longer Optional in 2017

As we usher in the new year, there are major changes coming to the industry which will make SSL Certificates a necessity for every website. These changes are spearheaded by Google and will be rapidly adopted by other web browsers…

We’re Protected from the Dirty COW Vulnerability

All of our servers are fully protected from the Dirty COW Vulnerability (CVE-2016-5195). Dirty COW is a privilege escalation vulnerability in the Linux Kernel which can allow a local user (like a web hosting account) to gain root access to the…

We’re Protected from the HTTPoxy Vulnerability

All of our servers are automatically protected from the HTTPoxy Vulnerability. HTTPoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments which may allow an attacker to proxy outgoing HTTP requests made by your web application, API…

SSLv3 Disabled Due to POODLE Bug

Engineers at Google found a new vulnerability in SSL version 3.0 (SSLv3) and they call it POODLE (Padding Oracle On Downgraded Legacy Encryption). The vulnerability allows an attacker to add padding to a request in order to then calculate the plaintext of…

SSL Transition: SHA-1 to SHA-2

Most, if not all SSL Certificates today are running the SHA-1 cryptographic hash algorithm, which is getting weaker and easier to be attacked.  Google and Microsoft announced SHA-1 deprecation plans that may affect websites with SHA-1 SSL Certificates expiring as early as…

We’re Protected from the Heartbleed Bug

All of our servers are fully protected from the Heartbleed Bug (CVE-2014-0160). The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to…

WP Super Cache & W3TC Security Update

If you have a WordPress blog or website that has the WP Super Cache or W3 Total Cache plugins installed, this will affect you.  Please make sure that your plugins have the following minimum version:- – WP Super Cache: 1.3 – W3 Total Cache: 0.9.2.9  You can find the plugin’s…

WordPress Brute Force Attack

If you have a website or blog that is running on WordPress, this will affect you.  There is a very widespread Brute Force Attack targeting all WordPress installations across the globe. This affects all WordPress installations with any and every hosting providers, not…