Major Bash Vulnerability Fixed on All Servers

bash

A major security flaw was discovered in the most popular shell (Bash) which is used by default in many Linux and Unix distributions. A shell is a program that takes your commands (accessing folders, listing files, etc.) that you type and sends them to the operating system to be executed. The Bash vulnerability, also known as Shellshock, allows attackers to issue arbitrary commands via crafted environment variables.
Read More

SiteGround Customers Protected Against Serious VirtueMart Vulnerability!

vulnerability

A serious vulnerability in the popular Joomla extension VirtueMart was discovered by the awesome people at Sucuri during one of their regular security audits. It allows regular users to gain Super Administrator privileges to a Joomla website with VirtueMart 2.6.8c and below installed on it. If a site with an older version of VirtueMart allows user registration (which is a default mode in VirtueMart) it can be hacked through this vulnerability.
Read More

Joomla! Kunena Vulnerability Fixed on all SiteGround Servers

blog

Critical vulnerability in the famous Kunena forum component for Joomla! were announced three days ago and a new version of the component that addresses the issue was released. According to the official Kunena blog post all extension that are not updated to the latest version are vulnerable and the attackers may use XSS and SQL injection to gain full access to a Joomla! site.

Read More

Two-factor authentication now available for your SiteGround account!

twofactor

If you have gone through the anguish of having your personal information exposed to theft and abuse, you probably already realize that even the best password is not always enough to protect your data against unauthorized access. There are many ways how you can find yourself exposed: lost/stolen electronic devices, electronic fraud (phishing, scam, etc.), and hacking of popular service providers have all become widespread. Read More

TimThumb Critical Vulnerability Fixed on SiteGround Servers

header

Another serious security issue was reported earlier today within one of the popular WordPress plugins for managing thumbnails - TimThumb. This plugin already has a history of causing security issues in the past with which we dealt with. The current vulnerability allows the attacker to gain unauthorised access to your hosting account and even execute shell commands on it. Needless to say, this is not something we can allow to happen.

Our security team has reacted immediatelly after the vulnerability was disclosed. We have applied a patch in our in-house system to protect all our customers from getting hacked through TimThumb. Currently, if you're hosted on SiteGround, you will be protected against hacking attempts that try to utilise this problem.

However, we strongly recommend that you switch plugins or update TimThumb as soon as new version is released.

Jetpack Critical Vulnerability Fixed on SiteGround Servers

jetpack

Yesterday, on April 10th, a critical security flaw in the popular Jetpack plugin was made public in an official statement by the Jetpack developers. If the vulnerability was exploited, an attacker could publish new posts in any WordPress installation using Jetpack and possibly get even more access to that site. Although we did not detect any hacked sites through that exploit on our servers, that was a critical security hole and we took several actions to patch it.

Read More