Security

Free SSL replacement for Symantec certificates

14:13 30 March in Magento, News, Security, Specials by Simple Helix Marketing

Google plans to downgrade the level of trust for Symantec SSL certificates in the Chrome browser. If this will negatively impact your traffic Simple Helix will issue you a free SSL replacement.[caption id="attachment_18719" align="alignright" width="178"] The inviting green lock indicating a secure connection to your website may soon be a thing of the past for websites using an SSL certificate issued by Symantec.[/caption]Google has proposed...

Linux Security update for CVE-2017-6074

12:31 27 February in Security by Simple Helix Marketing

A new security vulnerability in the Linux Kernel was recently disclosed to the public by security researchers. Luckily (as we saw with the Dirtyc0w exploit) this does not allow remote execution of code and is only useful to attackers whom already have access to a compromised account on the server. However, this vulnerability could allow a compromised account to execute arbitrary code in the Linux...

Security Vulnerability in Zend Framework

09:06 16 January in Magento, News, Security by Simple Helix Marketing

The Zend Framework announced a potential remote code execution on December 20, 2016. Magento followed up with an announcement on January 13, 2017, explaining that this exploit makes Magento 1 and Magento 2 installations vulnerable if the zend-mail function is used in combination with the Sendmail binary.In conjunction with the original announcement on December 20, 2016, Zend Framework also released patched software that resolves...

Dirty COW exploit

13:44 25 October in Maintenance, News, Security by Simple Helix Marketing

Over the last several days a new security exploit has gained a lot of attention online. CVE-2016-5195 also known as “DirtyCOW” is a vulnerability affecting any distribution using Linux kernel 2.6.22 and later. The exploit allows a regular user to escalate privileges on the server to the highest level. While this is an important issue to deal with there are actually a couple of reasons...

Image Upload Issue with Magento after the SUPEE-7405 Patch

11:48 29 January in Magento, Security by Steve Shickles

The latest Magento security patch SUPEE-7405 tightens file permissions on images uploaded from the Magento admin dashboard. Before the patch, the Varien file uploader used 0777 permissions for image uploads. Part of the patch installation changes these permissions to 0640 for files and 0750 for directories, which means only the user and group on the server can read these files. This is inconvenient for hosting...

Nginx and HTTP Authentication

10:35 08 January in Security, Tips by Simple Helix Marketing

This article will teach you how to implement HTTP Authentication to password-protect a site, subdomain, or specific server block using the powerful Nginx webserver.  Nginx is an HTTP server that has gained considerable popularity in recent years due to its small footprint, modular architecture, load-balancing reverse proxy, and acceleration features. Implementing HTTP Authentication is a great security layer to help protect your high performance sites running on...

Simple Helix chooses CloudFlare to ignite white-hot Magento performance

10:42 01 September in CDN, Events, Magento, News, Security by Simple Helix Marketing

Some months ago, we made a big bet on partnering with CloudFlare for performance improvements and website security for our Magento hosting customers.  Customer experience is core to our business and relying on another company is a major deal.  CloudFlare is now included in Default–On mode for select Simple Helix hosting plans and can be added to any existing plan. The results have been great...

Magento Team releases vital SUPEE 6482 patch

11:53 04 August in Magento, News, Security, Uncategorized by Steve Shickles

The Magento team has released a critical patch to address four serious vulnerabilities with the Magento suite. It is imperative that you install these patches at your earliest convenience to address these vulnerabilities.The four issues resolved with the patch include:Cross-site Scripting Using Unvalidated Headers Autoloaded File Inclusion in Magento SOAP API XSS in Gift Registry Search SSRF Vulnerability in WSDL FileExplanations of each of these vulnerabilities can be...

Security Notice for Magmi Product Importer

13:51 22 October in Magento, Security by Steve Shickles

The Magmi product importer is used by many Magento stores to quickly and easily import a large number of products. Unfortunately, a recent security vulnerability has been found in Magmi that can allow an attacker to upload malicious code if the Magmi installation is publicly available. This could allow the attacker to gain credit card information or other confidential data from your store. If...

CVE-2014-3566 – Padding Oracle On Downgraded Legacy Encryption attack (POODLE)

16:02 20 October in News, Security by Steve Shickles

A new vulnerability has been found in OpenSSL, the open-source software used to encrypt and secure web communication, that could potentially allow attackers to steal sensitive information normally protected by SSLv3 encryption protocol via a man-in-the-middle style attack. The vulnerability CVE-2014-3566, dubbed the “Padding Oracle On Downgraded Legacy Encryption attack” or "POODLE," does require access between network devices which makes this less severe than Heartbleed discovered earlier this year.Even though...

Bash Security Vulnerability CVE-2014-6271

14:05 26 September in Security by Steve Shickles

A serious security vulnerability has been found in the GNU Bourne Again Shell (Bash) commonly used on many Linux and Unix systems. The vulnerability was found in the way that Bash evaluates certain environment variables and could allow a malicious attacker to execute shell commands. This vulnerability is being tracked under CVE-2014-6271.At Simple Helix, we take this matter very seriously. We closely monitor security reports...

Google to Give Search “Edge” To Websites Utilizing Encryption (SSL)

21:09 07 August in eCommerce, News, Security, Tips by Steve Shickles

Google will soon begin using a new ranking signal based on the encryption utilized by websites (SSL and HTTPS). While this move is welcomed by site owners that already make use of encryption, it may serve as a wake-up call for those developers that still do not implement secure connections by default.For Magento and e-commerce stores, we highly recommend using encryption to protect the checkout process. This...

Securing E-Commerce Emails with DMARC

14:09 28 July in Dedicated Hosting, eCommerce, Magento, Security, Server Technology, Shared Hosting, Tips, Tutorials by Steve Shickles

Securing E-Commerce Emails with DMARCWhat is DMARC?As E-Commerce sites have gained popularity in recent years, malicious activity such as spamming and phishing has also been on the rise. DMARC addresses these issues by providing a way for E-Commerce site owners (and mail senders) to protect their end users by securing and verifying communication channels. DMARC stands for “Domain-based Message Authentication, Reporting, and Conformance.”How does...

Secure Checkouts in Magento with SSL

19:10 09 July in eCommerce, Magento, Security, Tips, Tutorials by Steve Shickles

An important upgrade that all Magento store owners should consider is the installation of an SSL certificate to provide the secure processing of sensitive information such as credit card data and login credentials. SSL stands for Secure Socket Layer and is used by web servers to encrypt data between the client and server to protect against a wide variety of malicious attacks. Not only will...

Using Two-Factor Authentication with Magento

13:15 30 June in eCommerce, Magento, Security, Tips, Tutorials by Steve Shickles

Humanity has three methods of implementing security and authenticating themselves to a system: Something you know: This refers to a password, PIN or some other knowledge that is kept secret from others that the system knows and can authenticate the user by. Something you have: The best example of this type of authentication is a debit card or ATM card. The card carries information that it shares...

Magento Admin Password Recovery

19:57 26 June in eCommerce, Magento, Security, Tips by Steve Shickles

Accidentally forgetting the admin password to your Magento store can be devastating. Luckily, password recovery is a fairly simple process! In the following examples, we will walk you through the process of recovering a Magento admin password. The examples will be using MySQL from the command line, but you can slightly modify these steps to work with PHPMyAdmin.Before we begin, you need to either know...

In order to help keep the C-suite informed, we've gathered details about emerging cloud trends. Let's examine how the cloud will impact enterprise processes next year.

Securing Magento: Beyond the Password

19:22 26 June in eCommerce, Magento, Security, Tips by Steve Shickles

As with any online account, Magento security starts with a strong, unique password that is not used for any other accounts. Passwords such as “admin123”, “password” and “magentostore” are literally begging to be guessed with minimal effort by an attacker. Make sure that your password is: 1) Strong: at least eight characters, a mixture of capital / lowercase letters and numerals and even special characters.KcYQX*6RwWFPC 5IL6M!(two3E# 9ZoyfvWL7g5ch 2) Unique:...

CVE-2014-0160 Heartbleed SSL Vulnerability

00:17 09 April in Security by Steve Shickles

A major vulnerability has been found in OpenSSL, the open-source software used to encrypt and secure web communication, that could potentially allow attackers to steal sensitive information normally protected by SSL/TLS encryption. The vulnerability CVE-2014-0160, dubbed the "Heart Bleed Bug," does not require authentication or local access to be exploited which makes this a very severe problem.Simple Helix takes this matter very seriously. To secure...

Increase Security with a Cloud Server!

14:49 17 July in Cloud Computing, Security by Steve Shickles

It's no overstatement to say you can never have too much security for your site. How can you tell which hosting options are the most secure? Let's look at a summary of how the Simple Helix cloud differs from other hosting options when it comes to secure hosting.The two most common traditional hosting options for small and medium sized websites are shared servers and VPS...

Emergency Maintenance Thursday Feb. 7

22:54 06 February in Maintenance, News, Security by Steve Shickles

Beginning at 12:01 AM EST on Thursday, February 7, and ending at 1:00 AM EST on Thursday, February 7, we will be performing an emergency maintenance. This maintenance will require a full reboot to implement software upgrades.We anticipate each individual reboot to last no longer than 15 minutes. If you plan on making any changes to your website during this maintenance period, you may want...

GlobalSign SSL Certifications

15:18 05 February in Security by Steve Shickles

 Did you know that Simple Helix is now an Authorized Partner of GlobalSign, a WebTrust accredited Certification Authority (CA) with over 10 years experience. This allows Simple Helix to offer a wide range of publicly trusted SSL Certificates.GlobalSign has issued 2048 bit SSL encryption since 1998, years ahead of other SSL providers and through a partnership with CloudFlare, GlobalSign provides enhanced reliability when delivering certificate...

PHP 5.3 Updates Coming Soon

19:26 29 May in Hosting Tools, Magento, Maintenance, News, Security by Steve Shickles

As you may know, PHP 5.2 is no longer supported and for reasons of security and stability, we will be updating our servers to run PHP 5.3 in the coming weeks.Our target version is PHP 5.3.8, up from 5.2.17 on most servers.Please bear in mind that there are some applications, and older versions thereof, that do not run on PHP 5.3. Most notably are Magento...

October 1st Maintenance – 10:00AM EST – 10:00PM EST

05:03 01 October in Dedicated Hosting, Maintenance, News, Security, Shared Hosting by Steve Shickles

This is the notice of an upcoming network/server migration that will take place on October 1, 2011, from 10:00 AM EST to 10:00 PM EST. Some customers may already be on the new network, or in our LA data center where they will not be affected - if you would like confirmation , please email [email protected] During the aforementioned window, Simple Helix network engineers and...