Important Vulnerability on Advanced Custom Fields Plugin for WordPress

WebShield is a component of the Imunify360 security solution. Its primary purpose is to handle HTTP traffic and prevent HTTP attacks.

As a security solution, WebShield is meant to:

• Block blacklisted traffic
• Redirect graylisted traffic to CAPTCHA until the CAPTCHA is passed
• Act as a proxy service, redirecting remaining traffic to backends
  

It consists of four services:

• WebShield itself
• Shared memory daemon
• SSL-caching daemon
• Sentrylogs daemon
  Shared memory is the component of WebShield that makes it easier to deal with certain aspects of Nginx configuration without reloading. It does this by modifying its shared memory.
  

SSL-caching daemon watches changes to host SSL certificate sets (for known hosting panels only: cPanel, Plesk, DirectAdmin) and updates the WebShield SSL cache when a certificate is added, updated or removed.

Sentrylogs daemon watches WebShield log files to detect errors.

The configuration of WebShield is done by an agent, and direct editing of WebShield configuration files is generally not recommended. This is mainly because after the next reconfiguration all custom changes would be lost. However, there are some items a host administrator may want to set.

Anonymous

'Know your enemy' is an overused cliche in the cybersecurity industry. We take a broader view: Know your world, and your place in it. 

If you think your site won't be hacked because it's too small to matter, think again. I'll show why that is a false and dangerous assumption.

Many site owners and webmasters think that hackers only care about popular, highly-ranked websites. They are wrong.

High traffic volume helps boost earnings on partner programs by redirecting visitors to other sites, gets more views of unauthorized advertisements and attracts more clicks on rogue links. But that is not the only way hackers make money.

Unprotected sites with low traffic volume are equally attractive to hackers. It is the way they are used that differs from how hackers monetize more popular websites. Any normal site, with an audience of as little as 30 visitors a day, can still be threatened by hacking and infection. 

Unfortunately, very often, website owners are 100% sure that they won't ever be a victim, and do not have a valid disaster recovery plan for such cases. Or, if they do, the plan consists of just one bullet point:

• I was unlucky and the plan is to shut down my business.

In this article, I cover that gap and offer you a solid disaster recovery plan if your website got hacked. Additionally, read our website hosting security article and learn how to keep your website secure in 2021.

Twenty years on and spam is still a problem. I'll look at why that is and what we can do to reduce or prevent it.

Contrary to popular belief, hacking a site and uploading malicious scripts onto it is not the only way spamming gets a foothold. There are other ways. For example, it could be because of a compromised account, the use of script vulnerabilities, or an incorrectly configured mail server.

There's only one good reason why the load on your hosting server starts increasing–the rest are bad. I'll look at how and why they all happen.

I was often contacted by site owners who had a problem with high server load. This common condition is first noticed when an owner gets a warning message from their hosting company. Such messages can be precursors to the blocking of the site, and it can happen to almost any site owner or webmaster.

This article covers the different reasons why the load on a site or server might be increasing, and what can be done about it.

In this article, I look at why webmasters, site administrators and their users choose and use weak passwords. Later, I recommend ways to create passwords that are reliable and resistant to brute-force attacks.