A dangerous easy-to-exploit vulnerability called httpoxy discovered 15 years ago, reappeared again yesterday, leaving server-side website software potentially open to attackers. This security hole impacts a large number of PHP and CGI web-apps. This means that anything that runs on PHP, Apache, Go, HHVM, Python can be vulnerable. The exploit allows man-in-the-middle attacks that could compromise web servers and potentially access sensitive data or seize control of the code. Thanks to our unique in-house developed systems and some precautions taken ahead of time by our DevOps team, SiteGround customers are unaffected by the return of the vulnerability.
Recently a new Joomla! version (3.5) was released. We are really excited about it because it offers new features and also fully supports PHP 7.
The Internet as we all know it today wouldn’t have existed without the HTTP protocol. It is the heart and soul that pumps content to all of us. It makes it possible for us to read the latest news, order stuff online, watch videos on YouTube and get to our favourite websites on all types of devices - workstations with 27-inch displays, laptops, mobile phones, tablets and even e-readers that offer browsing capabilities. Sadly, that protocol has not been changed since 1999 when version 1.1 was released so, when HTTP/2 was released earlier this year, it was a source of major excitement. Of course, the SiteGround team has immediately started working on it and we are now happy to announce that all our shared and cloud servers support HTTP/2.
A few days ago, a critical vulnerability in the Joomla! core was found. It comes from an unsanitized input in the Joomla! core, which makes an SQL injection possible. The result of such an attack can lead to totally compromised websites - stolen login details, hijacking website access, malicious file uploads, etc. It’s a serious threat, without a doubt, and one that applies to all Joomla! 3.2 versions and above.