Security Vulnerabilities Discovered in Popular Scripts

At ResellerClub, we’re always looking out for ways to better your reseller experience with us on the service and security front. We’d like to draw your attention to new security vulnerabilities identified in two popular scripts - WordPress & Magneto. Please note that these issues are script-based and are not specific to the ResellerClub platform in any way. Read on to know more about these vulnerabilities, assess whether you could be impacted and take preventive action.

WordPress Vulnerability

This is a new, serious vulnerability, announced recently which has the potential to cause some damage and disruption. Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. Impact: If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system. You can find more details about the impact and solution for the same by clicking here.

Steps you need to take: We would request you to go through the recommendations and update your Wordpress website using the patch available here.

Magento Vulnerability

This is a vulnerability that has been recently reported too. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server. Impact: The attacker can bypass all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system. This attack is not limited to any particular plugin or theme. All the vulnerabilities are present in the Magento core, and affects any default installation of both Community and Enterprise Editions.

Steps you need to take: If you are using the mentioned vulnerable versions of Magento, we would request you to patch it using the updates provided in the following link :

You can test whether your Magento website is vulnerability or not, using this tool.

We strongly recommend you access all your packages and patch them immediately to avoid any issues. In case you require any information regarding this email, please feel free to get in touch with us.

Waycomp Team

April Hosting Fever @ Waycomp Hosting

This April, continue to make the most of our Hosting and Domain promotions! Read on to find out more about how you can experience the April Hosting Fever @ Waycomp Hosting and enjoy irresistible discounts on your favourite products:

What is Ransomware?

Ransomware is the generic term for any malicious software that, as its name suggests, demands a ransom be paid by the computer’s user. Generally ransomware has done something unpleasant to your computer, and potentially to your data. For instance, it might have encrypted your documents and demanded that you pay a ransom to unlock access to them. This type of ransomware is known as a filecoder. The most notorious filecoder is Cryptolocker.

How would my computer get infected by ransomware like Cryptolocker? A typical method of infection would be to open an unsolicited email attachment or click on a link claiming to come from a trusted source.

What can you do about it?

  1. Backup Backup Backup! The single biggest thing that will defeat ransomware is having a regular backup regimen, to an external drive or off-site backup service.
  2. Do not open attachments you were not expecting, or that are from unknown sources. This should be a given, but sometimes the emails look legitimate, or may be coming from someone you know. If you don’t know, then ask before moving forward.
  3. Make sure your software is patched & updated. Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto your system. For additional tips to protect you & your data click here.

Does antivirus software protect me from Ransomware? Majority of antivirus software products will NOT prevent the attack itself, and are generally the last line of defense. Cryptolocker is detected by ESET, however it would only detect the virus after it has encrypted your files; the reason for this is that encryption is an allowed functionality of Windows. i.e. You receive a file attached in an email which appears a a PDF, ZIP etc. and once you've opened the file and allowed the program to run, it creates a process within Windows to start encrypting the files.

The virus signature then gets attached to the files/OS, which is identified by ESET and then removed, but at this point it would be too late to stop the encryption from happening. We urge you to take precautions when opening suspicious attachments. Antivirus software's function is to stop a virus NOT encryption - the way encryption has been used in this attack is to mimic the behaviour of a virus.

Further information

If you are an ESET customer and are concerned about ransomware protection or think you have been targeted by ransomware, call our customer care. They will have the latest details on how to prevent and remediate ransomware attacks. Best practice to protect yourself against data loss is with regular backups. That way, no matter what happens, you will be able to restart your digital life quickly.

Launching Business Email & Deprecating Personal Email

Dear Customer,

We are undertaking a major revamp of our email hosting infrastructure and platform and as a part of this we are happy to announce that email packages associated to your hosting orders on the below domains will be migrated to our new Open Xchange v7 (OX7) powered platform in February 2015.

What this means for you:
  1. Email on the OX7 platform will be launched on 2nd February 2015 at $0.60/ per email /per month
  2. During the transition window of 2nd February to 30th April, your email interface will be migrated from the current interface to OX7 - a modern, intuitive and user friendly interface, and the end date for your package will be set to 30th April 2014.
  3. Email send/receive functionality will stop working on 30th April, 2015. However, you will be able to renew the concerned order and resume all services as per the new billing model.
  4. This change will be irreversible and you do not have an option to stay on the legacy interface.
  5. There will be no downtime during this change and the change for each account will happen almost instantaneously once it has started.
  6. There will be no disruption to email services or loss of email data during this change.
  7. During the migration, all the saved signatures, filters, address book etc. from the current interface will also be ported over without any need for manual intervention.
  8. You can take advantage of superior email reliability, top of the line email infrastructure, enhanced deliverability and cutting edge email editor, search functions that OX7 offers.

What you need to do now:
Check out this demo installation with the following credentials to explore the new features to prepare for this change:
Password: eeliteaccount123

Please contact us in case of any questions or concerns regarding the information in this email.