POODLE – not the dog – the SSL vulnerability is patched system wide.

Another day, another code exploit in the wild to ruin your day. The POODLE bug recently came to light showing SSLv3 connections are insecure. Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all who work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack…

Additional mitigation protocols added to combat botnet load.

We have implemented additional measures to mitigate the ongoing botnet brute force attack.  While we feel we have a handle on the security side of things, the large volume of traffic was adding load to the servers and slowing down the overall user experience  We tightened down rules to drop these requests at the network edge and implemented other changes to regain system performance. In some cases users like yourself will be redirected to simple Captcha page when attempting to access their WP login page. Completing the Captcha will redirect you back to your login page where you may proceed as…

Defeat the WordPress BotNet with this simple solution, use a pass-phrase.

You have all likely heard about the recent rise in brute force attacks against WordPress, if you have not: Sucuri has been chronicling it for you. Here at Pagely we have the the best in class enterprise security appliances protecting our network, additional 2nd level mechanisms in place to throttle and block brute force attacks against our clients sites, as well as remediation procedures should something get through. However Regarding brute force attacks; here is the honest truth that most hosting company’s may not tell you. You the site owner are the first and last line of defense Regarding brute force…

Partial list of WordPress themes scanned by bots for timthumb vulnerability

This is a partial list of WordPress theme and plugin URLS that bots are scanning for timthumb exploits. If you use any of these, make sure you have upgraded the theme, or at the very least upgraded the timthumb script within. Or said another way, these themes used timthumb at some point and the bots scan for it hoping it is exploitable. We are in no way saying these products are insecure, just be sure to update. If you are pagely customer, we scan our file system daily to apply patches for you and you are further protected by firewall…

WordPress Security – An Infographic on common Malware and Attacks

Text: WordPress Security 58,701,915 WordPress sites in the wild. Due to popularity WordPress presents a large target. Two primary types of malware attacks aimed at WordPress. Injections and Backdoors. Injections Your website code is injected with advertisements or links to another site. Typically adult or pharmacy sites. This code is usually hidden from normal display and only seen by Search Engines resulting in SEO Poison for your site. Drive-by-Downloads like fake virus scanning tool adverts & Iframes are also prevalent in this type of attack. Back Doors The successful attack places a shell script or back door on your server allowing…

Securing WordPress. There’s more to it than marketing hype.

WordPress Security has gotten a lot of press (pun intended) of late. Every 3rd day there is new post, or guest post by someone driving home the importance of securing your WordPress install with proper file permissions, choosing strong passwords, and the like. Listen to them, and take heed as they are smart people telling you what you should be doing. Our point of view is that security starts with us, the hosting provider. To that end we have made choices and implemented things that we feel backup our claim of being the most secure WordPress Hosting outfit available. When…

Building Page.ly Part3: Early Scaling and Security

This is the third installment of a mulitpart part series where we aim to share with you some of the technical aspects of what powers the Managed WordPress Hosting system we developed here at page.ly, how we started, the recent server improvements and a bit on the things to come. [Part 1] [Part 2] Page.ly finds a new home and begins to scale. Mid 2010 and Page.ly was really starting to take off. It was time to think about scaling and we also needed a new hosting partner that would help us manage the hardware. We were also very aware of security concerns…

Security Notice: Timthumb

We were notified of this security issue  (http://blog.vaultpress.com/2011/08/02/vulnerability-found-in-timthumb/) last night and have been working with Firehost then and today on patching all timthumb.php files with the fix.  Page.ly customers do not need to do anything further, except keep being awesome. If you are not a page.ly customer.  Be sure to read that post and patch your files.