Easter promo -50%
You are currently using promotional code easter2019, discount 50%.

Apr 5, 2019

ICDSoft servers not affected by Apache vulnerability CVE-2019-0211

A privilege escalation vulnerability (CVE-2019-0211) in the Apache web server was recently discovered. This vulnerability is particularly bad for some shared hosting providers, as it may allow unprivileged scripts to take over the main Apache process.

The Apache instances running on our servers are not affected by this vulnerability, as they are protected by the suEXEC security mechanism. Nonetheless, since our system administrators regularly update all software on our servers, a patch for this vulnerability has already been applied.

Jan 8, 2018

Meltdown, security issue resolved

If you are following news on the Internet, and especially if you have any interest in security matters, then probably you have heard about Meltdown. This is a security vulnerability in popular CPUs, that affects most devices on the Internet, including servers, personal computers, and smartphones. Although the technical details of the vulnerabiliy are rather long, in a summary - they allow unauthorized access to system resources and sensitive data between users, programs, and virtualization platforms.

Our servers were also among the devices that were possibly affected by Meltdown.

Over the weekend, our system administrators performed emergency software updates on our production servers, including kernel updates that fix the Meltdown vulnerability.

Security is a primary concern for us, and our customers can rest assured that we are putting 100% effort to resolve any security issues as soon as possible.

Oct 11, 2016

Let's Encrypt certificates

Today, our in-house developed hosting Control Panel got another feature - an installation utility for the SSL certificates of Let's Encrypt. Our customers can now install Let's Encrypt certificates for any of the domains they host with us.

Let's Encrypt is a certificate authority that provides free domain-validated SSL certificates. Its activity is aimed towards providing secure connection between users and servers, and making encrypted communication a standard on the Internet.

The new utility in the hosting Control Panel provides very easy installation and management of Let's Encrypt certificates - a certificate is requested with a single click, and the whole validation process and following renewals are done automatically on the server side.

The use of Let's Encrypt certificates on our servers is completely free for our customers.

May 4, 2016

Critical vulnerability in ImageMagick discovered and immediately resolved on our servers

Recently, sources on the Internet reported a critical security vulnerability in the ImageMagick library. ImageMagick is a popular image processing utility for web sites, and it is utilized by many image processing plugins and tools. The vulnerability allows execution of remote code and file manipulation on the server.

Server security is a concern of an utmost importance, and our system administrators are constantly monitoring servers software and security lists, to make sure that our service is as safe as possible.

To mitigate the specific security problem, our system administrators immediately applied ImageMagick policy restrictions on all servers. The additional policy blocks certain ImageMagick features, such as the inclusion of remote data and operations with mvg files. The policy effectively resolves the problem with the specific vulnerability. Although unlikely, it is also possible that the policy would break some features of image processing tools and plugins. Nevertheless, we decided that the benefits of the additional restrictions outweigh the risks, as keeping our customers' data safe is of the highest priority for us.

A secure version of ImageMagick without additional restrictions will be mass-deployed on all servers as soon as it is released by its developers.

Oct 17, 2014

Highly-critical SQL injection vulnerability for Drupal - mass-fixed on our servers

On Oct 15, 2014, Drupal developers issued a notification of a critical SQL injection vulnerability, which affected all current Drupal 7.x versions. More information on the matter can be found at https://www.drupal.org/SA-CORE-2014-005.

The existing proof of concept allowed hackers to turn the SQL injection vulnerability into a remote code execution / file upload, and there are reports of many hack attempts against Drupal sites on the Internet. To protect the Drupal sites of our customers until they update their installations, we patched over 3000 Drupal installations on our servers. The applied patch does not affect the operation of the sites, but eliminate the threat which is a result of the announced vulnerability.

Customers still must update their Drupal installations to the latest version from Drupal.org.