Blog Header Banner

Moving your Business to the Cloud – Why it Makes Sense   no comments

Aug 23, 2016 @ 8:16am cloud

cloudknifeToday’s fast-paced and competitive business market demands that you keep up with the latest technology if you want to outperform your rivals. One of the greatest challenges with running a business today centers on storing your business’s information securely and efficiently. Rather than get bogged down with costly, time-consuming, and outdated IT infrastructures, you can increase your profits, expand your brand, keep your information secure, and outpace your business competitors by moving your small business to the cloud today.

Serving Your Customers Better

Time is money when it comes to serving your customers. When your IT infrastructure goes down, you are unable to help your clients and thus end up losing money that your business needs to survive and grow. You could even lose sales and profits to your competitors.

Because it is not prone to costly, time-consuming outages, the cloud proves to be the better, more affordable option for your business. You avoid losing time and money and your business can grow and profit at a pace that is not available with outdated database technology.

Growing Your Corporate Brand

Onsite or in-office data centers only allow your business to grow and expand so far in the market. When you want your company to go beyond your current limitations, you can go just about anywhere when you move your business to the cloud.

With its mobility, easy access, and user-friendly design, the cloud does not limit you to a physical location or within a specific boundary in the local market. You can access your company’s information from any location as well as send out projects to your employees regardless of where they are when you move your company’s operations to the cloud. This mobility puts you on target to reaching more customers and getting your business’s brand before an even larger audience.

Staying Up with the Latest Trend

You are not alone in your decision to move your business to the cloud. In fact, you will find yourself in great company as more business owners likewise decide to take advantage of this technology.

The latest studies show that more companies of all sizes are deciding to switch to cloud technology and away from outdated, costly, and time-consuming IT databases. By 2020, close to 80 percent of all businesses worldwide will have made use of cloud technology. Why be one of the last ones to take advantage of the newest and most innovative technology when you can make the switch today to the cloud? By moving your business to the cloud, you stay on top of your competition and make available technology that will let you serve your customers better and increase your profits to even higher levels.

Running a business of any size today requires that you make use of today’s most innovative and affordable technology. Whether it’s to improve performance or Disaster Recovery planning, utilizing cloud-based servers and backup solutions is essential. When you want to expand your brand without putting a lot of money into a restrictive and outdated IT infrastructure, you can stay at the top of your competitive game by moving your company to the cloud today.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on August 23rd, 2016

Tagged with , , , ,

Dedicated Server: 4 Reasons Why Your Business Needs One   no comments

Aug 16, 2016 @ 11:47am dedicated servers

dedicatedserverblogBoth large and small businesses are faced with a wide variety of choices and options when it comes to finding a server and hosting solution for their website, company email and data. One option is shared hosting, in which a single server’s resources are shared by a number of different websites and users.

However, if you’re a business looking for more power, control, and flexibility, the solution for you may be a dedicated server. With a dedicated server, your business has exclusive use of that server’s resources. You also have the flexibility of customizing the server’s CPU, RAM, and disk space based on the needs of your business.

Let’s take a look at 4 specific advantages of choosing a dedicated server:

  1. No Shared Resources

When using a dedicated server, every bit of power, storage, and bandwidth is exclusive to you and no one else. Not only will this give your business more room to work with and expand, it will also prevent issues with your site caused by other websites. For example, if you’re site is hosted on a shared server where there is another website that is being attacked or hogging up resources, this can affect the performance of your company’s site.

2. Flexibility & Customization

A dedicated server allows your business to customize the hardware and software based on your company’s unique needs. Things like CPU, Memory, Hard Drive, even the speed of the server’s network port, can all be customized and upgraded on dedicated servers. With shared hosting, you are limited to the software already installed on the server, and sometimes it may lack a requirement or feature your business needs. But with a dedicated server, you have full flexibility over which software the server runs, even down to the Operating System.

3. Administrative / Root Access

Another downside of shared hosting is the lack of Administrative or root access to the server. This limitation affects what software you can install as well as the settings and options that you can configure on the server. This can greatly impact the potential of what you are able to do with your website. Another advantage of administrative/root access is the ability to better monitor and troubleshoot your website, with full access to the server’s logs.

4. Dedicated IP Address

Each dedicated server comes with its own dedicated IP address. With shared hosting, your site may be sharing an IP address with multiple websites. If your website happens to share an IP with a site that spams or contains malware, this can cause multiple problems. Your website can end up getting blocked, your email rejected as spam, even your search results can be affected. Another thing to consider is whether or not you’ll be running an e-commerce or selling things on your site. If so, you will need to have an SSL for your site, which in turn requires a unique dedicated IP.

Now if you’re worried that you’re not tech savvy enough to run your own dedicated server, consider the option of going with a Managed Dedicated Server solution, which will provide many additional benefits on top of what’s listed above. Also if cost is a concern, check out our latest ‘Best Value’ Dedicated Servers. There are countless other advantages to using a dedicated server, however the 4 above are some of the most notable. So before you decide to host your website on a shared server, consider the added flexibility, reliability, and performance that only a dedicated server can provide.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on August 16th, 2016

Tagged with , , ,

WordPress, Joomla, Drupal – Which CMS is best?   1 comment

Aug 11, 2016 @ 10:32am Web hosting

CMSIn the world of Content Management Systems (CMS) there are 3 major contenders: WordPress, Joomla, and Drupal. If you are creating a new website, you may be asking yourself which one is best. All three have their own pros and cons, and all three are free to use, open-source software. Let’s take a brief look at each one to see which CMS is right for you.

WordPress – Created back in 2003 and currently running on more than 70 million websites, WordPress is by far the most popular CMS out there. It started out as just a simple blogging tool, but has evolved into a full, feature-rich, content management system. With it’s extremely easy to use interface, you can create a website in only a matter of minutes. Plus, with the endless amount of free themes and plugins available for WordPress, it’s easy to make your website look great. However, popularity does have it’s drawbacks. For instance, WordPress is one of the biggest targets for hackers. It is critical you keep it up-to-date to prevent attacks on your website. Regardless, with it’s intuitive design and countless number of free customizations, this easy to manage CMS demonstrates why it’s a popular choice.

Joomla – Considered the second most popular CMS out there, Joomla is also easy to use, but is a bit more complex and requires a higher skill level than WordPress. It has less free customizations when compared to WordPress, however when it comes to E-Commerce sites, Joomla excels and tends to be a favorite choice. It is also considered to have one of the strongest developer communities. Joomla is based on PHP and MySQL, giving more advanced developers the ability to create a powerful web application. With a minor amount of effort into learning Joomla’s terminology and structure, you can go on to create a fairly complex website. If you are looking for something still fairly easy, but with more flexibility than WordPress, Joomla might be the one for you.

Drupal – Drupal is ranked as the third most popular CMS in the world. It is regarded as the most complex, with the highest learning curve of the three. Drupal has a greater amount of free customizations and themes available when compared to Joomla, but less than WordPress. It is considered to be one of the most versatile and robust content management systems available today. When it comes to websites that contain a large amount of complex data with heavy visitor traffic, Drupal is an excellent choice due to the speed and strength from its advanced structure. However, all of this comes at the cost of needing more experience and expertise to truly utilize this powerful, developer friendly CMS. If you are looking for an enterprise-ready CMS that will scale with your growing business, look no further than Drupal.

Whether you are a beginner looking to start a blog, an expert developer creating a complex, versatile site, or somewhere in between, one of these three CMS applications will definitely get the job done. Best of all, they are free to use and support simple one-click installations. So if you are currently hosted on TurnKey Internet’s cloud platform, getting started couldn’t be any easier! The question then becomes not which one is best, but instead, which one is best for you.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on August 11th, 2016

Tagged with , , , ,

TurnKey Internet 2016 Expansion – Sneak Peak   no comments

Aug 3, 2016 @ 11:53am New York Datacenter

Ever wondered what goes inside those state of the art datacenters that run ‘the cloud’? Here is a sneak peak on day 1 as TurnKey Internet (https://turnkeyinternet.net) is expanding its New York Datacenter servicing the Capital Region with Colocation, Cloud Services and Disaster Recovery backup solutions.

More videos and pictures coming soon… Stay tuned!

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on August 3rd, 2016

Tagged with , , , ,

Ransomware 2.0 – Are your servers safe?   no comments

Aug 2, 2016 @ 10:53am internet security

Are your servers safe from the latest evolution of malware – Ransomware 2.0?  You better hope so or else you will pay the price, literally.

Ransomware primarily began through email and malicious ads. However, this new breed of ransomware is targeting network and server-side vulnerabilities, with the ability to self-propagate. It will be able to quickly switch methods to maximize efficiency and will evade detection by limiting CPU usage to refrain from command-and-control actions.

Ransomware 2.0 “will start replicating on its own and demand higher ransoms. You’ll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted. That’s really a nightmare scenario,” said Cisco Engineer Jason Brvenik in the Cisco 2016 Midyear Cybersecurity Report. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom demands. It is critical that companies take the needed steps to prepare and protect their network as well as their local and cloud-based servers.

Now you may be wondering “What steps should I take?” Well I’m glad you asked! There are some easy yet vital best practices you should follow to protect yourself. First and by far the most important, backup your data. Second, consistently keep your software and systems up-to-date. Third, make sure you are utilizing some form of antivirus and malware protection software on your PC’s and servers. Finally, BACKUP YOUR DATA! Yes, I know I said that already, but this step is so critical it’s worth mentioning twice. If you don’t currently have a backup solution, there are many cloud-based disastery recovery and backup options to choose from, such as TurnKey Vault or Windows Server Backup.

Your primary goal is to protect your users, not just your network. Whether they are on a laptop, tablet or smartphone, your users need to be protected everywhere.  However, it is unreasonable to assume that you will be 100% protected from every threat that exists. New more advanced methods to attack computers and encrypt their files are popping up everyday. This is why your number one priority should be to backup your data regularly. If that moment comes where you find yourself infected with ransomware, the comfort of knowing your data is backed up, safe and secure, is priceless. However, if you chose not to backup your data… be prepared to pay the price.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on August 2nd, 2016

Tagged with , , , ,

TurnKey Internet is EXPANDING!   no comments

Jul 29, 2016 @ 10:23am New York Datacenter

expansion2016We are excited to share with you a sneak preview of the latest expansion to our New York Data Center.

Today we begin construction on our newest POD as we expand to meet the high demand for Cloud Hosting and colocation services.

We’d love to share more with you however there are still multiple tractor-trailers full of equipment, and unfortunately they won’t unload themselves.

However please stay tuned… there will be more information, photos, and even videos to come!

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on July 29th, 2016

Tagged with , , ,

No not Pokemon, teenage bugs are attacking your website server   no comments

Jul 26, 2016 @ 9:36am Web hosting

httpoxyblogimagepokemonUnfortunately, despite the trend, the bugs I’m referring to are not Pokemon.

Instead, they’re easily exploitable security bugs, discovered 15 years ago, that have reemerged, leaving your website or server potentially open to hijackers.

It’s being called the “httpoxy flaw” and it exists in a variety of server software, including PHP, Go, Apache HTTP server, Apache TomCat, and Python. If exploited, it can potentially be used to seize control of your website and access sensitive data.

Httpoxy is a set of vulnerabilities that affect applications running in CGI, or CGI-like environments. Essentially it comes down to a simple namespace conflict. This, in turn, can be exploited to configure outgoing proxies, allowing attackers to remotely execute malicious code.

Red Hat, Microsoft, The Apache Software Foundation, Ngnix, CloudFlare and others have released security advisories in an attempt to warn users of the httpoxy flaw.

Based on the affected software, specific CVE (Common Vulnerabilities and Exposures) numbers have been assigned: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python. Researches expect more CVEs coming for httpoxy as less common software is inspected.

Luckily if your website is hosted on TurnKey Internet’s cloud hosting platform (https://turnkeyinternet.net/linux-cpanel-web-hosting/) you are already protected. If you have any questions or additional concerns, feel free to email our support team (helpdesk@turnkeyinternet.net) and we would be more than happy to assist you.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on July 26th, 2016

Tagged with , , , , ,

Securing WordPress against the Hordes of Bots   no comments

May 10, 2016 @ 6:20am Web hosting

robots_attack_wordpress_blogWordPress is one of the most popular, third party scripts used on websites.  Each and every time WordPress releases an update or a patch, the reasoning behind the update is publicly released but often its security related.  This is for all developers to be aware and update their code accordingly.  This factor alone, makes your site targeted.  Not to scare anyone reading this, however in a recent study WP White Security reported 70% of WordPress sites are vulnerable to attacks!

The majority of hacked sites are compromised for the sole purpose of sending spam.  TurnKey Internet and other web hosting services cannot guarantee your site will not become compromised due mainly to third party scripted plugins and modules that often modify or alter WordPress in ways that even the main security aspects of WordPress can’t anticipate.   TurnKey Internet makes sure your site is secured against a large scale of attacks and has a restoration plan if needed utilizing our multiple online cloud backup services we offer  with our hosting services .  The last thing a hacker wants to do is spend a large amount of time accessing your site.  The more road blocks, the faster the malicious user will lose interest and move on.

Before I get too far ahead of myself, let me first explain how your site becomes compromised.  I believe this is important when securing your site.  Understanding how malicious users are gaining access and what the user is doing.  While there is a vast scale of techniques a hacker can use, the main way a malicious user will gain entry to your WordPress site was grouped in the following categories by WP White Security:

41% – Security vulnerability on the hosting platform.  Nothing to worry about on TurnKey Internet’s web hosting server platforms, as we are constantly updating the servers with the latest security releases and patches.  As well as keeping all services on the server up to date in addition to having the most advanced firewalls and intrusion detection systems in place.  If you have a dedicated or VPS server and would like to TurnKey to review your server, shoot us a support ticket we’d be more than happy to investigate.

29% – Outdated WordPress Theme which can open security holes

22% – Outdated WordPress Plugins which can open security holes

51% of reported compromised sites are due to an outdated theme or plugin.  This is completely preventable!  When your plugin or theme is compromised, this makes it possible for a hacker to inject an eval base 64 decode code.  This allows the hacker to run a PHP function from the site.  These are PHP mailers the malicious user users to send spam from your account.

8% – Due to a weak password.  This is where brute force attacks are successful.  Hackers use a script to continuously generating random passwords, until they have gained access to your dashboard.

First and foremost, make sure everything is updated to the latest version.  Each time WordPress releases an update, the update is addressing a security threat.  This is why keeping the script updated is important.  As mentioned previously, due to the popularity of WordPress the exploits patched are publicly released.  This allows developers to adjust their coding accordingly.

In version 3.7, WordPress added in the feature to allow automatic updates.  This sounds wonderful, except by default it only applies to minor updates.  The WordPress team did this to prevent sites from automatically breaking when updated.  (Typically this happens if your plugins are not continually updated by the developer.)  You can add the following lines of code to the wp-config.php file and all updates will be automatic.

# Enable all core updates, including minor and major:

define( ‘WP_AUTO_UPDATE_CORE’, true );

Alternatively, if you would like to take control and complete all the updates yourself, you can add these lines instead.

# Disable all core updates:

define( ‘WP_AUTO_UPDATE_CORE’, false );

Since more than half of WordPress sites are hacked due to outdated themes or plugins, be picky as can be with the ones you activate.  Pay attention and investigate the themes and plugins you are using.

Not all plugins and themes are actively maintained by their developers.  Only use plugins that are updated regularly.  If the plugin or theme hasn’t been updated in 6-9 months, there is a good chance the developer is no longer maintaining their theme or plugin.  Stick with WordPress developers.  You can download tons of plugins and themes directly from WordPress.org.

Do you honestly need that plugin?  If it is not necessary for your site, deactivate it and remove it.  Not only does it take your site longer to load, you’re providing more chances for a malicious user to find a backdoor.

Lock down who has access to your WordPress dashboard.  The easiest way to complete this is by adding a few lines of code into your .htaccess file.  As with all aspects of web hosting case sensitivity is important.  Please note where the capitalization is when implementing this code into your .htaccess file.

<Files wp-login.php>

order deny,allow

Deny from all

Allow from 111.111.111.111

</Files>

You will want to exchange 111.111.111.111 with the IP address of the machine you are connecting from.  If you are unsure of the IP, Google “what is my IP” from the device you would like the IP of.

Hey, that’s great but what if I need to access the dashboard from the office and from home?  No worries, you can add additional ‘Allow from’ statements.

<Files wp-login.php>

order deny,allow

Deny from all

Allow from 111.111.111.111

Allow from 222.222.222.222

</Files>

Limit the number of login attempts an IP address can have before your server blocks the IP.  If this is a new install, using Softacoulous, there is an option ‘enable the number of login attempts’ listed in the preinstall screen.  If you have already installed WordPress, I recommend using the Limit Login Attempts plugin.

Do not use the default “admin” username.  On new installs you are given the ability to make the username.  If you already have WordPress installed you can change the username in the dashboard.  Once logged in, access account setting, and click the “change” link next to your username.  From there you can follow along with WordPress to change the username.

Change your passwords often and make sure you are using a strong password.  I know this can sometimes be overwhelming and often hard for some uses to remember.  However, it is extremely important to use.  A good way to remember the password is to use a short sentence or phrase.  Make sure to do something like replace vowels with number or make them capital.

W3bh05t1ngK1ng

1R0ckth3w3B

The above are far more secure than using:

password

123456

Johnny

Change the WordPress default table prefix.  If you’ve noticed all your core WordPress files start with ‘wp’.  wp-config, wp-login, wp-admin, ect.  Changing the prefix can help prevent against SQL injections.

The table prefix is defined in the wp-config file.

$table_prefix = ‘wp_’;

PLEASE NOTE – Changing the table prefix in the wp-config file will not change the tables in the database.

In a fresh install you have the ability to set the table prefix to something other than wp.  If you have already installed WordPress, I have found the iThemes Security plugin to be the quickest way to compete this task.  If you prefer to not have a plugin complete this task, you can do so manually.  It is a bit time consuming and you will need to make sure to rename each WordPress table, update the usermeta table and update the options table.  Of course you will want to backup the database, before making any changes.

Make sure your file permissions are correct.  WordPress states only the following permissions should be used;

Directories should be 755 or 750

Files should be 644 or 640

Your wp-config.php should be set to 600

Your wp-config file is extremely important.  I recommend protecting this file in the .htaccess as well.  To do so place the following lines of code inside your .htaccess file:

<files wp-config.php>

order allow,deny

deny from all

</files>

Speaking of protecting important files.  The wp-includes directory contains the majority of files needed to run WordPress.  There is absolutely nothing in this directory a user will need.  With that being said, I recommend adding the following lines of code to the .htaccess file to protect these files as well.

# Block the include-only files

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^wp-admin/includes/ – [F,L]

RewriteRule !^wp-includes/ – [S=3]

RewriteRule ^wp-includes/[^/]+.php$ – [F,L]

RewriteRule ^wp-includes/js/tinymce/langs/.+.php – [F,L]

RewriteRule ^wp-includes/theme-compat/ – [F,L]

</IfModule>

Block out access to the xmlrcp.php file as well.

<Files xmlrcp.php>

order allow,deny

deny from all

</Files>

xmlrcp.php, this file is the worst!  While the features of using this file sound neat.  (Connect to your blog via text or email, sends tracebacks or pings.) This file has been used to take down a large number of server by implementing DDOS attacks with this file.  You can read more on these attacks here – https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

Since we are already protecting our files in .htaccess, might want to protect .htaccess as well.  To do use this code.

<Files .htaccess>

order allow,deny

deny from all

</Files>

Great, now my site is secured.  What about that restoration plan you mentioned earlier?

Backup, backup, backup!  I cannot stress this enough! If by chance a hacker is able to break through all these security measures we have put in place, the fastest way to get your site backup is by restoring a backup.

Depending on what service you have with TurnKey, we do provide backups.  However, it is not the responsibility of TurnKey to maintain your backups.  You should not rely on our backups and keep your own backups as well.  Our terms of service allows for you to keep one (1) full account backup stored on the server.  TurnKey recommends taking backups of your account weekly or even daily.  Connecting with an FTP client and storing the backup in a secure location.

While WordPress does off automatic updating services, we have disabled some of the PHP features required for this service to work on our shared hosting platforms.  The reasoning on this, we do not allow for the use of PHP execute.  This is for security purposes.

Inside your control panel you have the ability to take full account backups and database backups.  I strongly recommend doing so.

TurnKey also offers a backup add on service called TurnKey Vault which we highly recommend for anyone with a dedicated or cloud-based server, so you can protect your data If you need any assistance with competing any of the tasks listed in this blog, email our support team (helpdesk@turnkeyinternet.net) and we would be happy to assist you.

Happy blogging!

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

It’s 2016 – Is Your Office Server or Web Site Being Held Hostage?   no comments

May 5, 2016 @ 6:07am cloud security

ransomwareThe latest wave of computer security news may sound like the headline of a new Bruce Willis movie – but Ransomware is now part of the daily conversation between not only security experts, but unfortunately by office managers and PC users across the globe having to deal with the ramifications.

This year malware infections, more specifically ransomware, have seen an exponential growth. They are also becoming more sophisticated, using newer methods that are not only harder to detect, but also require less user interaction.

Security researchers report attackers are not only upgrading their malware to make it more unbreakable, they are also using unique methods of distribution. In some cases, these methods require no user interaction at all.

In the past, most ransomware infections occurred via phishing attacks, which required a user to click on a malicious website or email link. But these newer attacks are less dependent on user interaction and more dependent on unpatched vulnerabilities or poor security practices.

These new breeds of ransomware are utilizing more advanced methods to attack computers and encrypt their files, before you even realize what’s happened. You are then forced to either pay the ransom or hope you have a backup recent enough to prevent any lost data.

To protect yourself you need to follow best practices, such as

  1. backup your servers and PC’s
  2. backup your servers and PC’s
  3. see item (1) and (2) above (seriously!)
  4. keep your software and systems patched and up-to-date
  5. Have a corporate gateway firewall with advanced threat protection
  6. Have / Install / Update local AntiVirus and Malware Software protection
  7. Always avoid opening un-expected emails or attachments
  8. Avoid clicking to web sites you don’t recognize (especially if sent in email)
  9. if you aren’t backing up your servers and PC’s already – stop reading and visit https://turnkeyvault.com/

It’s pretty simple – the same things that protect your office data and servers from most threats apply here, but the damage of ransomware encrypting and disabling all your corporate data within seconds or minutes is real and has lead to some high profile cases including hospitals being locked out of all their data due to ransomware!  Don’t let your business fall victim to the bad-named villain of a Bruce Willis movie – ransomware is among the most costly cyber threats actively attacking businesses right this very second.

Make no mistake – backing up your data is a must have in any security policy, and utilizing a secure remote cloud based backup solution such as  TurnKey Vault is ideal.  Make sure whatever backup solution you deploy offers data encryption, supports both desktop PC’s and Macs, as well as Linux and Windows based servers.  A backup solution like TurnKey Vault offers live cloud replication which will get you back on your feet in minutes in case of a true disaster by creating a live cloud-based copy of any PC workstation or Server accessible from anywhere over the Internet to get you access to your data and applications quickly.  If ransomware takes over your office network you can spin up a backup live copy of your servers and PC’s with TurnKey Vault from a time before the ransomware took over your office – and will have you saying “Yippee Ki-Yay” just like Bruce Willis as the ransomeware data hostage takers wont ever see a dime, and you will have all your data safe and secure.

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

DROWN Attacks – Web Encryption No Longer Safe – Is My Web Site at Risk?   no comments

Apr 28, 2016 @ 9:07am Web hosting

drown-attackEncryption fills the headlines with stories of APPLE and decoding iPhones – but with all the security challenges and cyber threats today – its getting hard pressed to have a web site, computer, or mobile device and not realize your data is as private as you once thought.  Encryption is what protects (hides) the details of what we do online certain web sites – keeping your private banking or purchasing data (or online traffic hidden) from prying eyes.  But last month a new threat called DROWN was publicized that essentially made it so many web sites you shop, visit or utilize that you thought were secure and private via their https SSL encrypted access turned out to not be so private.

DROWN, standing for Decrypting RSA with Obsolete and Weakened eNcryption, is an xample of a cross-protocol attack that exploits weaknesses in the widely used online encryption protocol, SSLv2.  Using weaknesses in the SSLv2 implementations against TLS (transport layer security) hackers can “decrypt passively collected TLS sessions from up to date clients.” Or in simpler terms, hackers and anyone can see what you are doing, your personal details, and more when you thought you may of been protected by that SSL ‘lock’ protected symbol next to the web site you were shopping or visiting.

TLS is probably the most important security protocol on the internet.  Almost every action you take on the internet relies on the use of a TLS version.  Not just you accessing a web site, but a lot of the back behind the scenes things like email transmission, to database connections, to sending files between servers for backups.

Fortunately, the latest versions of OpenSSL do not utilize SSLv2 connections by default.  However, if your certificate or key is being used in another location on a server that supports SSLv2, you could be at risk.  For example, the mail service (POP, IMAP, SMTP connections).

A DRWON attack would be able to decrypt HTTPS connections, sending specifically designed packets to another server.  If the certificate is on more than one server, it is possible a MitM (man in the middle) attack can be successful.

Isn’t SSLv2 depreciated?  Why is this still a threat?  In the early 2000’s SSLv2 was still supported by browsers, to be used as a fallback protocol.  An attacker could easily trick the browser into using an older protocol.  Thankfully, this is no longer an issue if you are using a recent version of your web browser.

While browsers are no longer supporting SSLv2, most servers still do.  Most servers are configured to use both TLS and SSLv2.  This means both protocols would use the same RSA private key.  Therefore, any bugs in the SSLv2 protocol that use the private key, potentially could affect the security of TLS.

While this all may sound a little scary, as most security vulnerabilities are.  TurnKey Internet takes all security avenues very seriously.  Our web hosting servers and software are always kept up to date.  If your account is on any of our shared hosting packages, you have nothing to worry about.  Just in case, you want to test your sites security against DROWN or the server your account is hosted on.  Please feel free to do so here – https://drownattack.com/#check  You will need to use the IP address your site is living on and not your domain name – which you can easily find by using a DNS lookup service such as http://www.getip.com/.

If you need assistance finding your web sites IP, or reviewing your security  please send us a support ticket (helpdesk@turnkeyinternet.net) and we would be happy to tell you.

 

 

 

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram