Critical glibc Vulnerability Patched on all SiteGround Servers

gnu

Hours ago a critical vulnerability in  the GNU C Library (glibc) was announced alongside a proof of concept for the attack. This library is one of the main components in the majority of Linux distributions (if not all) including those, used for server OS'es. Without getting into too much technicalities, the exploit allows an attacker to remotely execute code by following a simple link. That's one of the most severe vulnerabilities discovered in the recent years and potentially affects pretty much any Linux server out there.

Given that all SiteGround servers run on CentOS - a Linux distribution, we took immediate measures to secure our machines. I am happy to announce that a patch has been applied on all our servers and our customers are well protected against this security threat!

Let’s Encrypt is Here – Open Source Security Certificates Available at SiteGround

Let’s Encrypt

In December 2015 the new certificate authority Let’s Encrypt entered Public Beta and caused a wave of excitement. The groundbreaking news meant that website owners can obtain security certificates for their websites for free instead of paying for traditional SSL certificates and install them much easier. Naturally since then many of you have asked us when we would introduce the certificates on our hosting platform. For all of you who have been eagerly awaiting this moment, we are happy to say that Let’s Encrypt certificates are now available at SiteGround!

Read More

Critical Vulnerability in Joomla Fixed on Zero-day

joomla-vulnerability

Yesterday, a serious vulnerability that affects all major Joomla versions was disclosed. Using this security breach a hacker could do a full remote command execution on the targeted site. We have worked together with the Joomla Security teams and came up with a rule in our WAF (web application firewall) that would block hacking attempts using this vulnerability and we don't have reports for hacked accounts through this exploit.

Read More

Core Joomla! Vulnerability Patched in Version 3.4.5 Security Release

joomla-vulnerability

A few days ago, a critical vulnerability in the Joomla! core was found. It comes from an unsanitized input in the Joomla! core, which makes an SQL injection possible. The result of such an attack can lead to totally compromised websites - stolen login details, hijacking website access, malicious file uploads, etc. It’s a serious threat, without a doubt, and one that applies to all Joomla! 3.2 versions and above.
Read More

JetPack XSS Security Issue – What We Did to Protect You

jetpack
On October 1st, a security issue in JetPack, one of the most commonly used WordPress plugins, was disclosed by our partners from Sucuri. The vulnerability was severe because an attacker could exploit the contact form feature of the plugin to insert and execute JavaScript code as an admin of your site. Needless to say, that could lead to all sort of problems - injecting black SEO links, adding backdoors for full access to your account, accessing private information, etc. In this recap post, we would like to summarise what we did to protect SiteGround users with this plugin installed.

Read More