Sucuri has recently announced a WordPress vulnerability regarding XSS script attacks. While this would have affected all WordPress sites using JetPack or the 2015 theme, we have already patched our servers to prevent any attacks regarding this nature. The attack leaves any plugin or theme that uses genericons vulnerable. Server? Patched? Further Action? All Servers Read More >
Security
Security Alert – 4/30/2015 – Magento code execution vulnerability
Magento Critical Vulnerability Issue: Magento has discovered a code-execution hole in both the community and enterprise editions. Status: Update has been released. Who is impacted? Community and Enterprise editions of Magento. Why was this update released? The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new Read More >
Important iThemes Security Update Alert
A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro). What was patched? iThemes fixed a stored XSS (Cross Site Scripting) issue that could have allowed dangerous Javascript to run when viewing 404 logs. When the 404 detection feature is enabled, the list of non-existent Read More >
Security Alert – 4/14/15 – BuddyPress Plugin for WordPress
Issue: BuddyPress has released a security update (version 2.2.2). They are recommending to update to this latest version. Status: Update has been released. Who is impacted? Websites running the WP REST API Plugin for WordPress. Why was this update released? BuddyPress version 2.2.2 was released to address two potential security issues and has a few Read More >
Security Alert – WP Rest API plugin for WordPress
Issue: WP REST API plugin has released a critical security update (version 1.2.1). They are urging everyone to update to this latest version. Status: Update has been released. Who is impacted? Websites running the WP REST API Plugin for WordPress. Why was this update released? WP REST API plugin version 1.2.1 was released to address Read More >
Security patches to OpenSSL on all servers
Issue: Critical security patches to OpenSSL on all servers. Status: Our System Administration team is applying critical security patches to OpenSSL on all servers. As the patch is applied, a brief restart of the apache service will result in a temporary unavailability of websites housed on the server being patched. Who is impacted? Customers on Read More >
How to Modify Max User Connections on VPS and Dedicated Servers
Occasionally, you may find yourself in a situation where you need to allow additional simultaneous connections to your MySQL database server. You may need to add more connections in order to accommodate an increased load from your database server or handle increased web traffic caused by search bots, By default, all InMotion Hosting servers allow Read More >
WordPress Critical Security Announcement
As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2. Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were Read More >
Prevent WordPress brute force attacks with BruteProtect
When running a website, especially with the increase in brute force attacks against WordPress sites, it is important to protect yourself. Thankfully, BruteProtect will allow you to easily and automatically block attacks. As BruteProtect stores known attack sources in its database, many attacks are stopped before they even begin. In this article, we will show Read More >
ModSecurity Multipart Request Body Failed Strict Validation Error
In this guide, we’ll discuss what causes and how to fix the multipart request body failed strict validation ModSecurity error. When uploading images (or other files) to your website you may see that there is an error within your site that is preventing your content from uploading. This will typically come as a 406 error Read More >
Avoiding Phishing Scams
Over the past few years, malicious internet and e-mail activity has increased exponentially. Included in this malicious activity are phishing scams. The following article discusses the definition of “phishing” and provides information and best practices on how to avoid being taken in by these scams. Phishing is the attempt to gather private information, such as Read More >
Resetting your admin password in PrestaShop 1.6
If you happen to forget your admin password (you know, the one that you made so complex no one including yourself can remember it?) never fear! PrestaShop has an easy way to reset it so you can access your admin dashboard once again. How to reset your admin password Visit your PrestaShop admin dashboard login Read More >
All About File Permissions
In this tutorial: User Types Permission Types The Mode Understanding how permissions work when you set them within your cPanel or using SSH (Shell) access is very important. If permissions are too lax, they may be accessed by unwanted users who may alter or remove them. If the permissions are too strict, then they may Read More >
OpenSSL 1.0.1 and 1.0.2-beta1 security upgrades
Back on April 7th there was something called the Heartbleed Open SSL bug that caused some security issues for servers running certain versions of OpenSSL. There was a new OpenSSL security advisory posted earlier today disclosing seven additional security flaws found in OpenSSL 1.0.1 and OpenSSL 1.0.2-beta1. There was also a new OpenSSL 1.0.1h patch Read More >
Heartbleed 0-day OpenSSL security bug
On Monday, April 7th, 2014, a critical bug in OpenSSL was discovered which allows attackers to read memory information from servers with OpenSSL installed. As many of InMotion servers run OpenSSL, our system administrators have diligently patched the exploit on all affected systems. Update: Mashable has released a list of possibly compromised sites that you Read More >
Increase in Joomla Brute Force Attacks
What’s happening? Over the past several weeks, our System Administration Team has identified an exponential increase in brute force attacks against Joomla driven websites. Question What is a brute force attack against a Joomla website? Answer A brute force attack against a Joomla website involves bots repeatedly trying to login to your Joomla /administrator by Read More >
IP Changed Due to DDoS attack
A DDoS attack recently affected the server that houses your account. In order to mitigate the attack, we are changing the IP address of your account. What is a DDoS? Was I hacked? How does this affect my website? Help! My site still isn’t working! What Can I Do While I Am Waiting for Propagation? Read More >
Password Strength and Security
These days on the Internet all of your important information could be just a website request away. This is why it’s important as ever to ensure that you’re using a secure password to restrict access to your private information. You should keep your AMP, cPanel, and Email passwords secure, as well as any CMS such Read More >
Dealing with the Adobe Security Breach
The following article discusses the recent security issues as announced by Adobe Systems Incorporated on October 3, 2013. We will summarize the issue and then describe the steps you should take as a customer of both Adobe and InMotion Hosting. Adobe Security Breach Adobe’s security recently discovered that they were the victims of a highly Read More >
How to Reset the PrestaShop Administrator Password
The following article tells you how to recover or reset the Prestashop administrator password in two ways. It is assumed that you have access to the cPanel and will be using the cPanel File editor to obtain necessary information. We will also use phpMyAdmin to enter and edit the database in the process of resetting Read More >
