Summer Sale - 50% Discount
You are currently using promotional code summer50 , discount 50%.

Oct 17, 2014

Highly-critical SQL injection vulnerability for Drupal - mass-fixed on our servers

On Oct 15, 2014, Drupal developers issued a notification of a critical SQL injection vulnerability, which affected all current Drupal 7.x versions. More information on the matter can be found at https://www.drupal.org/SA-CORE-2014-005.

The existing proof of concept allowed hackers to turn the SQL injection vulnerability into a remote code execution / file upload, and there are reports of many hack attempts against Drupal sites on the Internet. To protect the Drupal sites of our customers until they update their installations, we patched over 3000 Drupal installations on our servers. The applied patch does not affect the operation of the sites, but eliminate the threat which is a result of the announced vulnerability.

Customers still must update their Drupal installations to the latest version from Drupal.org.

Apr 12, 2013

WordPress sites with us are now protected against botnet brute-force attacks

During the last week, there is a massive botnet attack against random WordPress sites on the Internet, attempting to brute-force their administrative sections.

To protect the WordPress sites of our customers, we have set up an automatic brute-force protection for all of them. In case of too many unsuccessful login attempts against a WordPress site, its administrative section login screen will start to display a static page, thus not allowing the botnet to make further password-guessing attempts. When the unsuccessful login attempts cease, the WordPress login screen will return to a normal state.

Internet abuse becomes a more serious problem each day. Thousands of botnets are operating online to spread viruses, steal passwords and identities, send spam, etc. With this protection, our aim is to add more security to WordPress-based sites on our servers. Also, we strongly advise our customers to keep their site software, including themes and plugins, always up-to-date. Very often login credentials are stolen from local computers, therefore everyone must keep their local system protected against viruses and malware.

Dec 19, 2008

Prevention of unauthorized access to customer mailboxes

As a part of our security and abuse prevention plan, today we automatically changed the passwords of all mailboxes on our servers, which we found to be insecure. The weak password detection was performed by using automated tools utilizing swaks (Swiss Army Knife SMTP) and simple brute-force attempts, performed on our side against each mailbox.

Weak passwords may result in successful authentication attempts from malicious users which will lead to spam transmitted from our servers through the hacked mailboxes. To prevent this, we will continue to perform such security tests in the future. This will help us fight outgoing spam from our servers, also this will improve the security of the mailboxes of our customers by preventing unauthorized access to their mailboxes and the content there.

We consider weak passwords most popular words, as well as keyboard combinations such as "qwerty"," asdf", "qaz", etc, combinations such as "1234", "abcdef", "aaaa", "11111" and all similar. Also, there are other patterns of weak passwords and hack attempts such as password same as the mailbox username, email user@domain.com with a password "user1", passwords strings "password", "passw0rd", "changeme", etc.

We recommend to all customers to be careful when choosing the password for their mailboxes. A strong password is considered to be a string of at least 8 symbols, which contain letters and numbers. Having upper and lower cases also increases password security, as passwords are case sensitive.

Jan 13, 2005

New anti-virus solution

We are glad to announce that we have integrated a new anti-virus feature into our system. When enabled, the anti-virus software will scan all incoming messages. In case viruses are found, the server will not deliver the infected messages to the user's mailbox. This is the most effective and modern anti-virus solution, and will certainly eliminate a lot of junk e-mail on our servers. Customers should have in mind that the anti-virus software is disabled by default and can be enabled from the Mail Manager in the online Control Panel.