Security Announcement: Sucuri XSS Vulnerability

Sucuri has recently announced a WordPress vulnerability regarding XSS script attacks. While this would have affected all WordPress sites using JetPack or the 2015 theme, we have already patched our servers to prevent any attacks regarding this nature. The attack leaves any plugin or theme that uses genericons vulnerable. Server? Patched? Further Action? All Servers Read More >

Security Alert – 4/30/2015 – Magento code execution vulnerability

Magento Critical Vulnerability Issue: Magento has discovered a code-execution hole in both the community and enterprise editions. Status: Update has been released. Who is impacted? Community and Enterprise editions of Magento. Why was this update released? The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new Read More >

Important iThemes Security Update Alert

A security release for ithemes Security was released last night (April 13) that immediately affects versions 4.6.13 and 1.14.18 (Pro). What was patched? iThemes fixed a stored XSS (Cross Site Scripting) issue that could have allowed dangerous Javascript to run when viewing 404 logs. When the 404 detection feature is enabled, the list of non-existent Read More >

Security Alert – 4/14/15 – BuddyPress Plugin for WordPress

Issue: BuddyPress has released a security update (version 2.2.2). They are recommending to update to this latest version. Status: Update has been released. Who is impacted? Websites running the WP REST API Plugin for WordPress. Why was this update released? BuddyPress version 2.2.2 was released to address two potential security issues and has a few Read More >

Security patches to OpenSSL on all servers

Issue: Critical security patches to OpenSSL on all servers. Status: Our System Administration team is applying critical security patches to OpenSSL on all servers. As the patch is applied, a brief restart of the apache service will result in a temporary unavailability of websites housed on the server being patched. Who is impacted? Customers on Read More >

WordPress Critical Security Announcement

As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2. Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were Read More >

Prevent WordPress brute force attacks with BruteProtect

When running a website, especially with the increase in brute force attacks against WordPress sites, it is important to protect yourself. Thankfully, BruteProtect will allow you to easily and automatically block attacks. As BruteProtect stores known attack sources in its database, many attacks are stopped before they even begin. In this article, we will show Read More >

Avoiding Phishing Scams

Over the past few years, malicious internet and e-mail activity has increased exponentially. Included in this malicious activity are phishing scams. The following article discusses the definition of “phishing” and provides information and best practices on how to avoid being taken in by these scams. Phishing is the attempt to gather private information, such as Read More >

Resetting your admin password in PrestaShop 1.6

If you happen to forget your admin password (you know, the one that you made so complex no one including yourself can remember it?) never fear! PrestaShop has an easy way to reset it so you can access your admin dashboard once again. How to reset your admin password Visit your PrestaShop admin dashboard login Read More >

All About File Permissions

In this tutorial: User Types Permission Types The Mode Understanding how permissions work when you set them within your cPanel or using SSH (Shell) access is very important. If permissions are too lax, they may be accessed by unwanted users who may alter or remove them. If the permissions are too strict, then they may Read More >

OpenSSL 1.0.1 and 1.0.2-beta1 security upgrades

Back on April 7th there was something called the Heartbleed Open SSL bug that caused some security issues for servers running certain versions of OpenSSL. There was a new OpenSSL security advisory posted earlier today disclosing seven additional security flaws found in OpenSSL 1.0.1 and OpenSSL 1.0.2-beta1. There was also a new OpenSSL 1.0.1h patch Read More >

Heartbleed 0-day OpenSSL security bug

On Monday, April 7th, 2014, a critical bug in OpenSSL was discovered which allows attackers to read memory information from servers with OpenSSL installed. As many of InMotion servers run OpenSSL, our system administrators have diligently patched the exploit on all affected systems. Update: Mashable has released a list of possibly compromised sites that you Read More >

Increase in Joomla Brute Force Attacks

What’s happening? Over the past several weeks, our System Administration Team has identified an exponential increase in brute force attacks against Joomla driven websites. Question What is a brute force attack against a Joomla website? Answer A brute force attack against a Joomla website involves bots repeatedly trying to login to your Joomla /administrator by Read More >

IP Changed Due to DDoS attack

A DDoS attack recently affected the server that houses your account. In order to mitigate the attack, we are changing the IP address of your account. What is a DDoS? Was I hacked? How does this affect my website? Help! My site still isn’t working! What Can I Do While I Am Waiting for Propagation? Read More >

Password Strength and Security

These days on the Internet all of your important information could be just a website request away. This is why it’s important as ever to ensure that you’re using a secure password to restrict access to your private information. You should keep your AMP, cPanel, and Email passwords secure, as well as any CMS such Read More >

Dealing with the Adobe Security Breach

The following article discusses the recent security issues as announced by Adobe Systems Incorporated on October 3, 2013. We will summarize the issue and then describe the steps you should take as a customer of both Adobe and InMotion Hosting. Adobe Security Breach Adobe’s security recently discovered that they were the victims of a highly Read More >