Security ICDSoft RSS news feed Learn How to Secure WordPress in 2021 We have prepared a great YouTube video about the best practices when it comes to securing WordPress. Check it out below: Thu, 15 Apr 2021 04:00:00 GMT Learn How to Enable HTTPS (SSL) In WordPress 5.7 Check out our new YouTube video on how to enable encrypted (HTTPS/SSL) connections in WordPress 5.7: Mon, 22 Feb 2021 15:50:16 GMT All Let's Encrypt Certificates Affected by the CAA Rechecking Bug Have Been Reissued On February 29, 2020, Let’s Encrypt found a bug in their Certificate Authority Authorization (CAA) code related to their CA software called Boulder. Over three million certificates issued by Let's Encrypt were affected. The bug itself, as per the official 2020.02.29 CAA Rechecking Bug thread, was: The bug: when a certificate request contained N domain names that needed CAA recheckin... Tue, 03 Mar 2020 05:00:00 GMT Microarchitectural Data Sampling (MDS) vulnerabilities patched on all ICDSoft servers In regards to the recently discovered MDS vulnerabilities (also known as Zombieload, RIDL, and Fallout) in Intel CPUs, we want to assure our clients that all of our machines have been secured. Since our servers use Intel CPUs, our system administrators have applied the necessary security updates in order to protect our customers from these Microarchitectural Data Sampling vulnerabilities... Sat, 18 May 2019 04:00:00 GMT ICDSoft servers not affected by Apache vulnerability CVE-2019-0211 A privilege escalation vulnerability (CVE-2019-0211) in the Apache web server was recently discovered. This vulnerability is particularly bad for some shared hosting providers, as it may allow unprivileged scripts to take over the main Apache process. The Apache instances running on our servers are not affected by this vulnerability, as they are protected by the suEXEC security mechanism. Nonet... Fri, 05 Apr 2019 04:00:00 GMT Meltdown, security issue resolved If you are following news on the Internet, and especially if you have any interest in security matters, then probably you have heard about Meltdown. This is a security vulnerability in popular CPUs, that affects most devices on the Internet, including servers, personal computers, and smartphones. Although the technical details of the vulnerabiliy are rather long, in a summary - they allow unauthor... Mon, 08 Jan 2018 05:00:00 GMT Let's Encrypt certificates Today, our in-house developed hosting Control Panel got another feature - an installation utility for the SSL certificates of Let's Encrypt. Our customers can now install Let's Encrypt certificates for any of the domains they host with us. Let's Encrypt is a certificate authority that provides free domain-validated SSL certificates. Its activity is aimed towards providing secure con... Tue, 11 Oct 2016 04:00:00 GMT Critical vulnerability in ImageMagick discovered and immediately resolved on our servers Recently, sources on the Internet reported a critical security vulnerability in the ImageMagick library. ImageMagick is a popular image processing utility for web sites, and it is utilized by many image processing plugins and tools. The vulnerability allows execution of remote code and file manipulation on the server. Server security is a concern of an utmost importance, and our system administ... Wed, 04 May 2016 04:00:00 GMT Highly-critical SQL injection vulnerability for Drupal - mass-fixed on our servers On Oct 15, 2014, Drupal developers issued a notification of a critical SQL injection vulnerability, which affected all current Drupal 7.x versions. More information on the matter can be found at The existing proof of concept allowed hackers to turn the SQL injection vulnerability into a remote code execution / file upload, and there are reports of many h... Fri, 17 Oct 2014 04:00:00 GMT WordPress sites with us are now protected against botnet brute-force attacks During the last week, there is a massive botnet attack against random WordPress sites on the Internet, attempting to brute-force their administrative sections. To protect the WordPress sites of our customers, we have set up an automatic brute-force protection for all of them. In case of too many unsuccessful login attempts against a WordPress site, its administrative section login screen will s... Fri, 12 Apr 2013 04:00:00 GMT Prevention of unauthorized access to customer mailboxes As a part of our security and abuse prevention plan, today we automatically changed the passwords of all mailboxes on our servers, which we found to be insecure. The weak password detection was performed by using automated tools utilizing swaks (Swiss Army Knife SMTP) and simple brute-force attempts, performed on our side against each mailbox. Weak passwords may result in successful authenticat... Fri, 19 Dec 2008 05:00:00 GMT New anti-virus solution We are glad to announce that we have integrated a new anti-virus feature into our system. When enabled, the anti-virus software will scan all incoming messages. In case viruses are found, the server will not deliver the infected messages to the user's mailbox. This is the most effective and modern anti-virus solution, and will certainly eliminate a lot of junk e-mail on our servers. Customers... Thu, 13 Jan 2005 05:00:00 GMT