The Crocodile Hunter Meets Badware in the Wild
October is a cyber security awareness month so lets start it with the most hilarious web security awareness video I’ve ever seen.
It is brought to you by StopBadware.org and Bluehost.
Continue »»
Millions of Website Passwords Stored in Plain Text in Plesk Panel
After the theft of LinkedIn user database, there was a lot of buzz about how unthoughtful it was to store passwords as unsalted SHA-1 hashes.
What can be even worse is storing user passwords in plain text.
Brian Kreb was recently shocked when his hosting provider sent him his password in plain text. He wrote a post about it and made a conclusion that it is quite a common practice among hosting providers and that “naming and shaming may be the only way to change” it.
But why do hosting providers save passwords in plain text? Maybe because most of them don’t invent anything and just rely on web hosting automation programs?
Continue »»
WordPress Experts Aim to Provide Secure WordPress Hosting
This is the second interview in the “Hosting+Security” series.
WordPress – is the most frequently used tag on this blog. There are two major reasons for this:
- I use WordPress myself and closely track development in this area.
- WordPress is the most popular free open-source blogging engine (according to its developers it is currently used by 25+ million sites), which makes it equally popular for hackers as a target of their attacks.
Thousands (if not millions) of WordPress bloggers have already experienced various security related problems: malicious scripts and spammy links injected into their web pages, rogue users, corrupted databases — they know how much time and efforts it may take to recover their sites, and how it can be frustrating to find their blogs hacked again just a few weeks later.
In this interview, I will talk with Jason Cohen about WordPress security and his new WPEngine hosting company that aims to protect your WP blogs better than any traditional shared hosting provider.
Continue »»
Can Security Be Bread and Butter of a Hosting Provider?
My first interview in the “Hosting+Security” category will be with Jim Walker of TVCNet.
I know Jim for quite some time. I met him in various forums where webmasters discuss security problems. A couple of months ago he started to advertise his malware removal service on my Unmask Parasites site. Before placing the ads, I did some background check and was impressed with their focus on security features and their looong list of signed testimonials.
To find out more about how a relatively small hosting provider can ensure security of their clients’ websites, I asked Jim to answer my questions and tell my blog readers about his company’s security practices.
Continue »»
Who Provides Really Secure Hosting?
Many webmasters are happy with their hosting providers … until their sites get hacked. This is when some of them may get frustrated with their hosts.
There may be numerous reasons for that:
- hoster doesn’t respond to support requests
- or hoster responds with template answers and doesn’t really look at your site (e.g. they say you are using vulnerable scripts while your site is a vanilla plain HTML homepage)
- or maybe they say that their servers are 100% secure, the problem is your fault and it is not their business to fix it
- or they may be very friendly and help you clean up your site but can’t tell you how to protect it from reinfections. As a result, it gets reinfected every few weeks — you just can’t afford spending so much time fixing security problems — malware warnings hurt your site reputation.
- or your hosting provider experiences continuous server-wide or network-wide hacker attacks and there is no sign that they know how to stop them.
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
