Joshua Strebel


We have implemented additional measures to mitigate the ongoing botnet brute force attack.  While we feel we have a handle on the security side of things, the large volume of traffic was adding load to the servers and slowing down the overall user experience  We tightened down rules to drop these requests at the network edge and implemented other changes to regain system performance. In some cases users like yourself will be redirected to simple Captcha page when attempting to access… Read It


Joshua Strebel


You have all likely heard about the recent rise in brute force attacks against WordPress, if you have not: Sucuri has been chronicling it for you. Here at Pagely we have the the best in class enterprise security appliances protecting our network, additional 2nd level mechanisms in place to throttle and block brute force attacks against our clients sites, as well as remediation procedures should something get through. However Regarding brute force attacks; here is the honest truth that most hosting… Read It


Joshua Strebel

This is a partial list of WordPress theme and plugin URLS that bots are scanning for timthumb exploits. If you use any of these, make sure you have upgraded the theme, or at the very least upgraded the timthumb script within. Or said another way, these themes used timthumb at some point and the bots scan for it hoping it is exploitable. We are in no way saying these products are insecure, just be sure to update. If you are… Read It


Text: WordPress Security 58,701,915 WordPress sites in the wild. Due to popularity WordPress presents a large target. Two primary types of malware attacks aimed at WordPress. Injections and Backdoors. Injections Your website code is injected with advertisements or links to another site. Typically adult or pharmacy sites. This code is usually hidden from normal display and only seen by Search Engines resulting in SEO Poison for your site. Drive-by-Downloads like fake virus scanning tool adverts & Iframes are also prevalent in… Read It


WordPress Security has gotten a lot of press (pun intended) of late. Every 3rd day there is new post, or guest post by someone driving home the importance of securing your WordPress install with proper file permissions, choosing strong passwords, and the like. Listen to them, and take heed as they are smart people telling you what you should be doing. Our point of view is that security starts with us, the hosting provider. To that end we have made… Read It


This is the third installment of a mulitpart part series where we aim to share with you some of the technical aspects of what powers the Managed WordPress Hosting system we developed here at page.ly, how we started, the recent server improvements and a bit on the things to come. [Part 1] [Part 2] Page.ly finds a new home and begins to scale. Mid 2010 and Page.ly was really starting to take off. It was time to think about scaling and we also… Read It

Comments Off

Joshua Strebel

We were notified of this security issue  (http://blog.vaultpress.com/2011/08/02/vulnerability-found-in-timthumb/) last night and have been working with Firehost then and today on patching all timthumb.php files with the fix.  Page.ly customers do not need to do anything further, except keep being awesome. If you are not a page.ly customer.  Be sure to read that post and patch your files.