Charlottezweb

Recent Posts

Pages: [1] 2 3 ... 10
1
The following post is being sent to customers tonight who use our advanced spam filtering add-on service provided by PostLayer:

Quote
Greetings from Charlottezweb!
 
Youíre receiving this email as a customer who is using the Postlayer spam filtering service that we configured for your domain.
 
By now, youíve likely received some emails from them around the conversion of their service to FuseMail, supported by Excel Micro.  
 
If not, hereís a quick summary:  PostLayer (the service you were/are using through Charlottezweb), was acquired a month or so back by a service called FuseMail.  FuseMail  (in North America) is managed by a company called Excel Micro.  You may have received emails directly from Excel Micro or FuseMail.  If not, Iíll give you a summary of whatís going on.
 
Essentially, PostLayer was aquired and FuseMail has been in the process of migrating PostLayer customers to their platform.
 
I ran into a few issues during conversion but I now have access to manage things on the new platform.  I will share more details in the next week or so as I learn more.
 
For now, you may notice that youíre starting to receive quarantine notifications from the address:  spamreport@mailanyone.net
 
This is a legitimate email from FuseMail that youíll want to review for any emails that you want to release.  This is their version of the quarantine alerts you receive from PostLayer.   Iím hoping I can customize these emails a bit but for now, please make sure your mail client is set to accept them.
 
At some point in the near future, the PostLayer emails will cease.
 
A few side comments:  
 
Iíve heard good things on FuseMail but need to do research.  I would *truly* appreciate your feedback in the coming days/weeks on what your experience is with spam.  In other words, does the new solution work as well (if not better) than the old one?  Is it worse?  Any concerns?  EtcÖ
 
Iím a reseller with their offering as of now and they also offer Proofpoint (which is what I have setup on my @charlottezweb.com email).  Itís more expensive than PostLayer/FuseMail but works incredibly for me.  
 
I will continue to explore this platform to decide if this is our forward-model.
 
Your questions and feedback are most welcomed!

Cheers,
 Jason
2
Script Chat / Joomla Security Notice :: July 5, 2017
« Last post by Jason on July 07, 2017, 06:21:42 PM »
Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html


Quote
Joomla! Security News

________________________________________
ē    [20170701] - Core - Information Disclosure
ē    [20170702] - Core - XSS Vulnerability
ē    [20170703] - Core - XSS Vulnerability
[20170701] - Core - Information Disclosure
Posted: 04 Jul 2017 05:00 AM PDT
-  Project: Joomla!
-  SubProject: CMS
-  Severity: High
-  Versions: 1.7.3 - 3.7.2
-  Exploit type: Information Disclosure
-  Reported Date: 2016-Feb-05
-  Fixed Date: 2017-July-04
-  CVE Number: CVE-2017-9933
Description
Improper cache invalidation leads to disclosure of form contents.
Affected Installs
Joomla! CMS versions 1.7.3-3.7.2
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Jeff Channell
 
 

[20170702] - Core - XSS Vulnerability
Posted: 04 Jul 2017 05:00 AM PDT
-  Project: Joomla!
-  SubProject: CMS
-  Severity: High
-  Versions: 1.7.3 - 3.7.2
-  Exploit type: XSS
-  Reported Date: 2017-June-04
-  Fixed Date: 2017-July-04
-  CVE Number: CVE-2017-9934
Description
Missing CSRF token checks and improper input validation lead to an XSS vulnerability.
Affected Installs
Joomla! CMS versions 1.7.3-3.7.2
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Envo
 
 

[20170703] - Core - XSS Vulnerability
Posted: 04 Jul 2017 05:00 AM PDT
-  Project: Joomla!
-  SubProject: CMS
-  Severity: Low
-  Versions: 1.5.0 through 3.7.2
-  Exploit type: XSS
-  Reported Date: 2017-June-22
-  Fixed Date: 2017-July-04
-  CVE Number: CVE-2017-7985
Description
Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.6.5
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Fortinet's FortiGuard Labs
3
Server Updates & Outages / Re: Imunify360 added to all servers - June 2017
« Last post by Jason on June 12, 2017, 06:39:52 PM »
Greetings,

I wanted to clarify a few points as I've had customers reach out with questions today.  :)

We run ModSecurity on all of our servers and have had that in place for at least 1-2 years.  

Imunify360 uses ModSecurity for a *part* of what it does but it works on top of it.  For example, if ModSecurity blocks a function on your site that it thinks is suspicious, Imunify360 may display a warning message and/or an option to unblock yourself.  This isn't Imunify360 blocking you, it's ModSecurity.

That being said, I think Imunify360 (or perhaps ModSec) is driving a more agressive set of security rules.  I've had to whitelist a lot of rules in the past few days that weren't an issue previously.

If you experience any errors in your website that you didn't have before (for example, updating your site via WordPress), please reach out to me.

I appreciate your patience as we try to optimize this solution.  I know it's frustrating when things don't work as expected but I'm hopeful that the security provided by these solutions will outweigh the issues we may see upfront.

Regards,
Jason
4
News & Announcements / Charlottezweb deploys Imunify360
« Last post by Jason on June 11, 2017, 04:55:57 PM »
Please visit this thread to learn more: https://www.charlottezweb.com/forums/index.php?topic=2121.0

5
Server Updates & Outages / Imunify360 added to all servers - June 2017
« Last post by Jason on June 11, 2017, 04:55:02 PM »
June 2017:  Charlottezweb announces Imunify360 deployment.

I'm pleased to announce that Charlottezweb has now deployed Imunify360 to all our shared servers.

I will create a new page on our site as part of our website relaunch in the next 1-2 months with full details but if you're interested now, please visit their site to read full details:

http://imunify360.com/

Cheers,
Jason
6
Script Chat / Joomla Security Notice :: May 18, 2017
« Last post by Jason on May 18, 2017, 08:26:45 PM »
Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html


Joomla! Security News


[20170501] - Core - SQL Injection
Posted: 17 May 2017 07:00 AM PDT
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 3.7.0
Exploit type: SQL Injection
Reported Date: 2017-May-11
Fixed Date: 2017-May-17
CVE Number: CVE-2017-8917

Description
Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs
Joomla! CMS versions 3.7.0

Solution
Upgrade to version 3.7.1

Contact
The JSST at the Joomla! Security Centre.
7
Script Chat / SMF 2.0.14 Released :: May 14, 2017
« Last post by Jason on May 14, 2017, 08:13:20 PM »
Please visit SMF's release post from tonight:

https://www.simplemachines.org/community/index.php?topic=553855


Quote
Dear Members,

Simple Machines Forum has released a new patch to the 2.0.x line, bringing our latest release version to 2.0.14.

This patch adds both security and general maintenance fixes to your forum, so it is imperative that you install this patch quickly. You can view the changelog for this release, per usual, on the downloads page.

The quick summary of changes is as follows:
  • Added PHP 7 support.
  • Ported image proxy support from SMF 2.1.
  • Also added HTTPS for avatars.
  • Accept email addresses with long TLDs.
  • See the changelog for more.

If you are running version 2.0.13, you can upgrade your forum to the latest version by using the package manager. As usual, you should see the upgrade notification in the admin panel notifications and in the package manager, which will allow you to download and install the patch seamlessly.  If you do not see the notification about the upgrade patch, please run the scheduled task "Fetch Simple Machines files" from the Scheduled Tasks page (Admin > Maintenance > Scheduled Tasks > Fetch Simple Machines Files (check the "Run Now" checkbox and click the "Run Now" button)).

If you use older versions of SMF, you can upgrade directly to 2.0.14 from whichever version you are currently using by using the "full upgrade" archive from the downloads page. Be aware that using this upgrade method will require you to reinstall any customizations that you have added to your forum, so if you are running a version of the 2.0.x series, it is recommended that you apply the successive patches instead of using the full upgrade.

Please do not use this topic for support requests.
You will receive a much quicker and better response by posting in the 2.0.x Support Board or the Install and Upgrade Help board.


If you are having problems downloading the patch from the admin panel, you can download the patch package from the upgrade patches page and install it via the package manager, as you would any other mod package.

Please refer to the Online Manual for more details about:

Thank you for using SMF!

Regards,
Simple Machines Forum Team
8
I'd like to add a few updates after playing around with this a bit today.

Several customers (including myself) have purchased/installed new WordFence Premium licenses today which is very exciting.  I'll keep adding to this post but here are a few initial thoughts:

1. The process itself is super simple.  If you're already using the free version of WordFence (which, again, I recommend all WordPress users should do at minimum), it's a matter of going to the WordFence Options page and replacing the "API Key" with the new premium key.  You save, refresh the page and then you're good to go with newly-activated Premium features.

2. I have added an item to our shopping cart (click here for a direct link) if you'd like to purchase this.  If you'd like to order in bulk or have questions, please contact me.  

3. As mentioned above, the Premium option enables "Cell Phone Sign In."  I'd like to expand on this for purposes of understanding.  What this feature does is enable you to require the addition of a single-use code sent to your phone on top of your password in order to login to your WordPress Admin area. This is something I am exploring for the Client Area of Charlottezweb.com as well as an option you can enable.  This means that even if someone had your password due to some sort of virus, hack, or compromise, they wouldn't be able to login as you without physically having your phone where the codes get continuously updated every minute.  

I enabled this on one of my sites today via WordFence and it's great.  To be transparent however, this means that you'd have to have your cell phone with you and you'd need to install Google Authenticator (or a similar app) on your phone.  I already use this for logging into several sites/systems so this was a no-brainer for me but if you've never done this before, it may be something you want to think about.  Ultimately, it adds another layer of protection for you that's going to help keep your site even more secured if you opt to go that route.  All of this being said, there are free plugins from what I'm seeing that can integrate this into WordPress but this is one option that WordFence Premium offers built-in without needing to configure anything.  It also offers the ability to set it up on a user-by-user basis if you so choose.

More details to come as I keep exploring the Premium options.  So far they look great.

Regards,
Jason
9
News & Announcements / WordFence Premium licenses available at 35% Off
« Last post by Jason on May 03, 2017, 09:37:47 PM »
Charlottezweb is now offering WordFence Premium licenses. 

Please visit this post for full details.

https://www.charlottezweb.com/forums/index.php?topic=2117.0
10
If you use WordPress (www.wordpress.com) for your website(s), a fantastic plugin is available called WordFence.  (www.wordfence.com)

There is a Free version of this plugin that I have been recommending to customers for probably close to two years that I personally install on all WordPress sites that I manage or build myself.  It's a FANTASTIC tool that I think ALL WordPress admins should consider as part of their overall security planning.  (I also suggest subscribing to their blog/email list as they send important security news usually once a week that I think is very valuable).

They offer a paid "Premium" version that adds additional features that is $99/year for a single license/site.

They offer bulk discounting and I've opted to start purchasing these licenses and reselling them to offer my customers their Premium features at 35% off the public 1-year pricing if you were to order directly from them.

If you are a Charlottezweb hosting customer, I can offer $65/year for a WordFence Premium license key vs. you paying them $99 for the same key.

What's the catch?
This makes Charlottezweb a reseller of their product.  You won't have direct access to their support however you can raise any issues through Charlottezweb (as you do today) and if it can't be resolved in that approach, I'll open a ticket directly with them on your behalf.

Other than that, there's no catch. :)

For now, I'm extending this offer to customers with hosting accounts.  By this, I mean that I'm not currently going to offer this for purchase without an existing or new hosting purchase.  This is to prevent new customers from purchasing only this key through Charlottezweb and nothing else.  In that scenario, they should go directly to WordFence.  This may be an approach I change later but for now my goal is to pass along bulk-pricing benefits to Charlottezweb customers because I think this is a solution that's well worth the money and bulk-ordering allows me to pass along pricing discounts as a value-add to my customers.  At the end of the day, this tool protects my customer's sites individually which also protects my servers -- It's a win/win for all of us.

What's better about Premium than their Free version?
Again, their Free version is great and I highly recommend using it, especially if you're not already using any WP security plugins.

If you go to the following page, there is a "Compare Our Plans" button that will display a table that compares the differences.

https://www.wordfence.com/#features

To save you time, here are the additional Premium features not included with the Free version.

  • Real-Time Threat Defense Feed
  • Country Blocking
  • Check if Site IP is Generating Spam
  • Check if Site is Spamvertized
  • Remote Scans
  • Cell Phone Sign In
  • Audit Existing Passwords
  • Advanced Comment Spam Filter

How Do I Order This?
This is not yet added to our shopping cart but that will likely happen this coming weekend.  Additionally, as part of the complete redesign of Charlottezweb.com (coming in the next 1-2 months), there will be a page specifically dedicated to WordFence with additional information.  For now, if you'd like to take advantage of this, please email me or open a ticket and I'll update you asap.  I have licenses purchased that are ready to go!  :)


Also, if you have any questions, comments or feedback, please feel free to post them here.  As always, I love to hear directly from you on what ideas are good, bad, need improvement, etc.  :)

Cheers,
Jason


Pages: [1] 2 3 ... 10