Whatsapp/ Telegram: 65 97765889 Live Chat Submit Ticket   Login

Popular WordPress Plugin ‘SEO by Yoast’ Vulnerable To Hackers

Yoast, a popular SEO plugin for wordpress version 1.7.3.3 and below have been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.
Customers are advised to take immediate action and upgrade their Yoast to the lastest 1.7.4 and 1.5.3 for Premium version.

Cisco IPv6 Denial of Service Vulnerability

Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System X (CRS-X) running an affected version of Cisco IOS XR Software are affected by this vulnerability.

Users and administrators are encouraged to review the Cisco Advisory (link is external) and apply the necessary updates.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6

What is IP Reputation Protection?

What is IP Reputation Protection?

IP Reputation Protection monitoring your IP reputation and DNSBL statusDNSBLs and RBLs are general used on mail servers to reject or flag messages sent from sites that have been Blacklisted. If your mail server has been added to the DNSBL’s database, emails sent are likely rejected or identified as SPAM.

Our IP Reputation Protection System queries major DNS-based Blackhole List databases and SenderBase which is one of the world’s largest email and web traffic monitoring network, and process these results to send alerts to our support team to take immediate action. We help customer to identify the root cause, contacting the various DNSBL agency to request removal and mitigate the impact on emails returned to sender due to blacklist.

If the event your mail server has been blacklisted, we usually take less than an hour to restore your mail service with IP Reputation Protection.

For SmarterMail user, seriously consider upgrade to Version 13.3.5535

If you have a backdated copy of the SmarterMail, in particular to two of the vulnerabilities found in the earlier version I would suggest to get the latest copy and move up to 13.3.5535. You can download the latest from here: http://smartertools.com/smartermail/mail-server-download.aspx.

Just in case you have forgotten the steps on how to “properly” upgrade your SmarterMail. Please make sure you have a backup before proceed.

  1. Stop IIs www publishing service or SmarterMail web service.
  2. Uninstall SmarterMail without removing the existing folders or files.
  3. Install the latest copy of SmarterMail.
  4. Once it’s completed, start SmarterMail web service or IIs www publishing service.

 

Wait for a minute or so, sign in to admin portal to make sure everything is working. Sometime it might take a little longer to start up if you have a slower server and many mailboxes. Just be patient, do not attempt to restart your Smartermail Service unless it has stopped for some reasons.

 

  • ADDED: Updated administrative logging to include the friendly name of the event that was fired in addition to it’s id number.
  • FIXED: A temporary disk error when reading an account’s userConfig.xml file will no longer result in the user’s settings being reset to the defaults, including a blank password.
  • FIXED: A user with read-only control of a shared calendar can no longer delete instances of a recurring event.
  • FIXED: A zero byte fileStore.xml file will no longer prevent SmarterMail from starting properly.
  • FIXED: Adding a calendar event using Android’s default calendar app with Exchange ActiveSync now syncs correctly.
  • FIXED: Adding a recurring event that occurs on a specific week of each month now syncs correctly using Exchange ActiveSync.
  • FIXED: Adding a task using Outlook 2013 with Exchange ActiveSync now syncs correctly.
  • FIXED: Adding duplicate entries to trusted senders is no longer allowed.
  • FIXED: Availability conflicts are now calculated correctly when adding or editing a new calendar event in webmail.
  • FIXED: Birth dates set on iOS devices using Exchange ActiveSync now sync correctly.
  • FIXED: Changing an event’s start time that includes a domain resource now properly updates the availability of that domain resource.
  • FIXED: Contacts imported from a CSV file that include only white space in certain imported fields are now saved properly, such that they can be successfully synced with Exchange ActiveSync.
  • FIXED: Creating a calendar and immediately deleting an event using the Mac OSX calendar app with Exchange Web Services now syncs correctly.
  • FIXED: Declude spam weights now save correctly.
  • FIXED: Domain resource availability is now calculated properly when determining scheduling conflicts.
  • FIXED: Editing a password brute force or denial of service abuse detection rule for XMPP now correctly sets the service field to XMPP.
  • FIXED: Email folders that contain special characters are now sorted correctly in webmail.
  • FIXED: Exchange ActiveSync responses will no longer send an empty Exceptions tag, which would cause Outlook 2013 to crash.
  • FIXED: Folders with special characters in their name now sync correctly using Exchange ActiveSync.
  • FIXED: Made changes to how folder renaming is handled to prevent a scenario that could cause mailbox corruption.
  • FIXED: Renaming a folder that contains special characters using Exchange ActiveSync no longer causes an error in webmail when trying to view that folder.
  • FIXED: Setting a contact’s birth date on a client synced using CardDAV will no longer save as one day off for users in time zones with positive offsets from GMT.
  • FIXED: Temporary files created during Exchange ActiveSync SmartForward, SmartReply and other email attachment operations are now immediately cleaned up when no longer needed.
  • FIXED: The number of items sent back per Exchange ActiveSync response is now correctly determined using the WindowSize specified by the client.
  • SECURITY: Resolved an XSS vulnerability related to replying to an email.
  • SECURITY: Resolved an XSS vulnerability related to viewing email.
Speed Up WordPress with Cloudflare

Speed Up WordPress with Cloudflare

One weakness that WordPress is usually very slow. Vastspace’s website is built with wordpress and installed with many plugins rely on jQuery file and CSS style sheet that hurt the loading time. Result in poor website performance grades with test tools like pingdom website speed test and Google PagesSpeed insights.

We could end up with a very sluggish site that will not only be a hassle for repeat visitors, but will most certainly lose your subscribers and customers due to the impatient nature of web browsers. Also not forgetting that customers are visiting you from different geographical locations.

Think about this, someone just gave you a good reference with a link, and yet you are doing both of you a disservice by having a slow loading site that nobody would want to wait around for. That means if your site takes longer than 10 seconds to load, most people will leave, lost before you even had the chance to convince them to stick around and give your website a glance.

On top of that, many SEO experts have claimed site’s speed affects rankings in search engines. If your site is slow, you are not only losing visitors out of impatience, but you are also losing them by having reduced rankings in search engines.

On wordpress we have tried plugins like WP Super Cache and W3 Total Cache, load time has improved but result is still below satisfactory. We barely passed the 50/100 marks with both pingdom website speed test and Google PageSpeed insights. The load time took much longer because Vastspace server is located in Singapore Data Center was quite a distance from the test locations.

 Cloudflare makes your site faster

Unlike the traditional CDN, CloudFlare is basically a Web Application Firewall, a distributed proxy server, and a content delivery network (CDN). It optimizes your website by acting as a proxy between visitors and your server which helps protecting your website against DDoS attacks.

Unlike many CDN services, CloudFlare does not charge for bandwidth usage on basis that if your site suddenly gets popular or suffers an attack, you shouldn’t have to dread your bandwidth bill. According to CloudFlare, on average a website using the CDN will load twice as fast, use 60 per cent less bandwidth, have 65 per cent fewer requests, and it is more secure with the Web Application Firewall. CloudFlare operates out of 28 data centers around the world and uses a technology called Anycast to route your visitors to the nearest data center.

And most importantly, Cloudflare is free (https://www.cloudflare.com/plans). However,  Vastspace uses Cloudflare PRO for real-time statistic and additional page rules.

With Cloudflare, Vastspace’s website speed test scores 85/100 from 6 different locations and 87/100 for Google PageSpeed insights. Despite of the slower load time was caused by the plugins known as Revolution Slider at the front page we are extremely happy with the result.

web_test

pagespeed insights result for Vastspace