Site: US UK AU |
Nexcess Blog

Posts by: Security

Three Signs Your Website Is Insecure

February 28, 2018 0 Comments RSS Feed

How safe is your website from hackers, really? If you don’t already know the answer to that question, it’s probably between ‘not very’ and ‘not at all.’ And you certainly aren’t alone in that.

In a lot of ways, we think about cybercrime the same way we look at real-world crime. It’s something that happens to other people. Hackers aren’t interested in breaking into our site and stealing our data – why would they be?

Criminals love that attitude, as it makes it much easier for them to target their victims. Read more

Posted in: Security

Why Do eCommerce Stores Need An SSL Certificate?

January 19, 2018 0 Comments RSS Feed

SSL, SecurityWhen you see the address bar of your browser turn green, you know it’s safe to send sensitive data over the internet to that site. All eCommerce stores need an SSL certificate to keep shoppers safe, but what exactly does an SSL certificate do?

An SSL certificate has two jobs: to prove that a web page is controlled by the people who are supposed to control it and to encrypt all of the information sent from the shopper to the store and back again. Read more

Posted in: Security

How to Be a Shark in Today’s Phishing Pond

January 18, 2018 0 Comments RSS Feed

Would you do business with somebody you don’t trust? Neither would your customers. Phishing attacks are at an all-time high, with 1.4 million new phishing sites being created each month so they have good reason to be suspicious of any website—including yours.

When it comes to gaining your visitors’ confidence, the rules have changed. On today’s fraud-filled web—it’s no longer who you think you are, it’s who a globally trusted third-party Certificate Authority (CA) says you are. Read more

Posted in: Security

Update #2: Side-Channel Speculative Execution (Meltdown & Spectre) Vulnerabilities

January 14, 2018 1 Comment RSS Feed

Where we are today
We are pleased to announce that we’ve completed the first round of update reboots as of the evening of Thur Jan 11th. These reboots consisted of updated kernels with Kernel Page Table Isolation (KPTI) and CPU firmware (microcode) updates for a handful of our production systems, namely Intel Haswell, Broadwell, Skylake architectures.
Read more

Posted in: Linux, Nexcess, Security

Update #1: Nexcess Response to Side-Channel Speculative Execution (Meltdown & Spectre) Vulnerabilities

January 7, 2018 0 Comments RSS Feed

This is a follow up to our original post.

We’ve had an incredibly busy couple of days and wanted to take a few minutes provide an update on where Nexcess is at with Meltdown & Spectre patching.

As is often the case with these kind of situations, the landscape has evolved a bit since our original posting. The most notable of which is that there is an increasing amount of Proof-Of-Concept (POC) code in distribution that demonstrates taking advantage of Meltdown & Spectre vulnerabilities. This raises the threat of the vulnerabilities as quite often these POC’s are used as the basis for creating malicious exploits. At this time however, we have not seen nor have industry peers we work with, any targeted attacks or exploits against these vulnerabilities.

Read more

Posted in: General, Linux, Nexcess, Security

Nexcess Response to Side-Channel Speculative Execution (Meltdown & Spectre) Vulnerabilities

January 4, 2018 0 Comments RSS Feed

As you may be aware, a number of serious vulnerabilities have been disclosed that affect a wide set of CPU architectures. These vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) were disclosed this week by Google’s Project Zero team and other information security professionals. A rapid response strategy is currently under review for emergency maintenance to patch these vulnerabilities, which will require a reboot of all shared, dedicated and cluster systems. Read more

Posted in: Linux, Nexcess, Security

OpenVPN Helps To Keep Your Magento And WordPress Dedicated Servers Safe

December 8, 2017 0 Comments RSS Feed

OpenVPN Helps To Keep Your Magento And WordPress Dedicated Servers Safe

Photo by Matthew Henry on Unsplash

When a user connects to your Magento store, they connect over HTTPS, a secure protocol that uses an SSL certificate to encrypt data sent between the shopper’s browser and the server that hosts the store. Without HTTPS, it is possible for a third-party to intercept the data, putting the shopper and the store at risk. But shoppers aren’t the only people that might need to access your store and its “front-entrance” isn’t the only way in.

In some cases, making a change to a store may require a developer or other professional to connect using a service like FTP. FTP is an old protocol that is often still used to upload files to a server. It doesn’t have any built-in encryption, so data is sent in the clear. There are several services a dedicated server hosting client might want to make available, but that are inherently insecure. Usually, insecure services like FTP are blocked by a firewall that prevents anyone from accessing them, but that may be inconvenient.

Read more

Posted in: Magento, Security, WordPress

What’s Wrong With Security By Obscurity For WordPress?

November 29, 2017 1 Comment RSS Feed

What's Wrong With Security By Obscurity For WordPress?

Photo by iAmMrRob on Pixabay

We instinctively hide the things we find valuable. It makes sense: if thieves and other bad actors can’t find our valuables, how can they take them? In the digital age, we act on the same instinct. A common security precaution taken by WordPress site owners is to move the login page to a different location; if hackers can’t find the login page, they can’t launch a brute force attack against it. Hiding things, moving them, making it difficult to figure them out — these are examples of security by obscurity.

Read more

Posted in: Security, WordPress