Black Friday Sale Up to 70% OFF Web Hosting

Are You Ready to Get Hacked?

Are You Ready to Get Hacked?
In the security world, the following advice seems to be gold: keep templates and plugins up to date; use secure passwords and captchas; be careful whom you give access and to what; use a security conscious web host.

While those are all great tips and we encourage them, your website is still (and always will be) hackable. We’ve seen and helped clients with numerous hacks over the years, so we wanted to share some advice that goes beyond following security best practices.

Read More

Linux kernel local root exploit (CVE-2016-8655) fixed

Yesterday a Linux kernel local root exploit was found and reported. One more time our dedicated Linux kernel team acted quickly and was able to apply the official vulnerability patch in less than 24 hours. All our shared and cloud servers are now protected and again we managed to do this with no reboots and downtime. Read below to find out more about the security problem and how we patched it.

Read More

Dirty COW Linux Kernel Vulnerability Fixed

dirty-cow-blogpost
Last week a very serious vulnerability in the Linux kernel, the so called Dirty COW, was reported. Our dedicated Linux kernel team immediately addressed the issues and were able to patch it in less than 24 hours on the majority of our servers. What is more, we managed to do this without server reboot and we avoided the downtime that normally results from such kernel update activities. To learn more about the vulnerability and how we addressed it read below.
Read More

When Your CMS Reaches End of Life

cms-end-of-life

End of Life (EOL) in the CMS world refers to the point in time when an older version stops being supported by the company or community that has built it, and all efforts are focused on current and future versions. No support means performance, and more importantly, security issues, which nobody wants.
Read More

Safe from httpoxy Vulnerability or How Thinking Ahead Pays Off

httpoxy-vulnerability

A dangerous easy-to-exploit vulnerability called httpoxy discovered 15 years ago, reappeared again yesterday, leaving server-side website software potentially open to attackers. This security hole impacts a large number of PHP and CGI web-apps. This means that anything that runs on PHP, Apache, Go, HHVM, Python can be vulnerable. The exploit allows man-in-the-middle attacks that could compromise web servers and potentially access sensitive data or seize control of the code. Thanks to our unique in-house developed systems and some precautions taken ahead of time by our DevOps team, SiteGround customers are unaffected by the return of the vulnerability.

Read More

Jetpack Critical Security Vulnerability

jetpack

Today a critical vulnerability was found in one of the most popular and widely used WordPress plugins - Jetpack. Fortunately, according to the plugin authors there is no evidence that this issue has been used to hack real sites. However, an update of the plugin was released - Jetpack 4.0.3.

As usual, our security team was pro-active and updated our WAF (web application firewall), adding rules to prevent the hack from being used. This means that even if your plugin is not updated to the latest version, your site will still be protected. However, we urge all Jetpack users to update the plugin to its latest version in which the vulnerability is patched.

Critical glibc Vulnerability Patched on all SiteGround Servers

gnu

Hours ago a critical vulnerability in  the GNU C Library (glibc) was announced alongside a proof of concept for the attack. This library is one of the main components in the majority of Linux distributions (if not all) including those, used for server OS'es. Without getting into too much technicalities, the exploit allows an attacker to remotely execute code by following a simple link. That's one of the most severe vulnerabilities discovered in the recent years and potentially affects pretty much any Linux server out there.

Given that all SiteGround servers run on CentOS - a Linux distribution, we took immediate measures to secure our machines. I am happy to announce that a patch has been applied on all our servers and our customers are well protected against this security threat!

Let’s Encrypt is Here – Open Source Security Certificates Available at SiteGround

Let’s Encrypt

In December 2015 the new certificate authority Let’s Encrypt entered Public Beta and caused a wave of excitement. The groundbreaking news meant that website owners can obtain security certificates for their websites for free instead of paying for traditional SSL certificates and install them much easier. Naturally since then many of you have asked us when we would introduce the certificates on our hosting platform. For all of you who have been eagerly awaiting this moment, we are happy to say that Let’s Encrypt certificates are now available at SiteGround!

Read More