A domain name is your web address, the URL of your website and the basis for your e-mail addresses.
Get your website, web store or application online using our reliable and fast hosting.
Create a website or web store you will be proud of by yourself.
Work online without any problems thanks to your mailbox, the Office Suite, etc.
Powerful solutions to keep your website, shop or app online.
Tailored IT advice to improve your business and make it more successful. Whatever your needs, we will always find a suitable solution. From €199 per month.
Take advantage of being a Combell partner.
Lees in het Nederlands - Lisez en français
The importance of installing updates as soon as they become available has once again been highlighted with the Panama Papers leak. Indeed, it has been reported that the information was not stolen by an insider, but rather obtained via a vulnerability that was not patched in time…
In the past few days, many highly placed individuals and ordinary people from all over the wold have been extremely embarrassed when it was revealed that they had set up offshore shell companies in Panama, using services of law firm Mossack Fonseca. Such companies can be used to hide money and other assets from tax authorities and other public organisations, which is why the world’s media was so shocked by the news. We will not discuss these companies’ intentions, just as we will not attempt to determine whether these practices are ethically responsible. But, as a hosting company that cares about users’ data protection, we really wanted to find out how this data leak occurred.
Such a huge leak never occurred before: 2.6 terabytes of data, made up of 11 million documents. By way of comparison: Wikileaks Cablegate hackers accessed 1.7 GB of data, Sony Pictures 230 GB and Ashley Madison 30 GB.
The worst thing about the Panama Papers is that the revelations are most probably not the work of an insider who released the data to reporters. Everybody seems to believe that the leak was caused by an unexplainable lack of security measures implemented by Mossack Fonseca.
Although the law firm handled very confidential information regarding its clients, all e-mail correspondence was apparently not encrypted. WordFence, a company that produces security software for WordPress websites, also noticed that the web server did not sit behind a firewall and was even on the same network as the Panama-based mail servers. In addition, the clients’ sensitive data were served via the web portal via a simple client login.
Forbes also noticed that the client portal ran an outdated version of Drupal (7.23), while version 8 was already available. The old version has at least 25 known vulnerabilities and, in 2014, Drupal had already issued a warning about these exploits. In other words, Mossack Fonseca’s servers have been vulnerable to attacks for more than two and a half years.
According to WordFence, it is more likely that the WordPress plugin Revolution Slider made the hack possible. In fact, due to a coding error, the plugin allows users with no privileges to run an AJAX (or dynamic browser HTTP) request that only privileged users should be able to run, since is allows any hacker to upload a file. In this video, you can see how this exploit works and how simple it is.
But there is more: a working exploit for this vulnerability in Revolution Slider was published in October 2014… and a website that is vulnerable to this exploit is quite easy to spot by setting up a robot that searches for URLs like http://mossfon.com/wp-content/plugins/revslider/release_log.txt.
In many forums, such as The Register and Slashdot, all users are puzzled by this lack of security considering the sensitive nature of the data to be protected.
The lesson to be learned here is that it cannot be stressed enough that updates and patches are essential for all operating systems, content management systems and their add-ons or plugins that connect to the Internet. You should always install all available updates as soon as you receive a notification.
If you use Combell’s web hosting services, you are always informed about the most critical updates. Thanks to Combell Shield, all CMSs are regularly checked and customers are notified when critical bugs or issues are detected. Soon, we will also be able to install updates automatically, but more about this later. Stay tuned!
Check out the different hosting possibilities by Combell
Almost 40% of all websites worldwide are WordPress websites. And rightly so! This simple and intuitive CMS (Content Management System) turns everyone into webmasters. Whether you have many years of...
For many years, WordPress has unquestionably been the most popular CMS for building a website. Today, however, website builders such as Wix and SquareSpace have made great progress. And with...
While human capital is one of the most valuable trump cards of any business, at the same time those very same employees may create dangers when it comes to cybersecurity....
© 1999 - 2021 Combell nv.All prices exclude VAT.
| General conditions