Today’s guest blogger is George Cagle. George is a system administrator at Simple Helix, a CloudFlare partner. Some months ago, we made a big bet on partnering with CloudFlare for performance improvements and website security for our Magento hosting customers. Customer experience is core to our business and relying on another company is a major […]
Archive | Security
RSS feed for this sectionDemystifying File and Folder Permissions
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-clickRead […]
Railgun v5 has landed: better, faster, lighter
Three years ago we launched Railgun, CloudFlare’s origin network optimizer. Railgun allows us to cache the uncacheable to accelerate the connection between CloudFlare and our customers’ origin servers. That brings the benefit of a CDN to even dynamic content with no need for ‘fast purging’ or other tricks. With Railgun even dynamic, ever-changing pages benefit […]
SXSW Interactive 2016: Vote for CloudFlare’s Submissions
It’s that time of year again, when the end of summer is in sight, students are back in school, football is on TV again, and your social feeds are flooded with “vote for my panel at SXSW” updates. While it feels like our team was just at SXSW, it’s already time to start planning for […]
FunWebProducts UserAgent Bloating Traffic
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an educated guess. Our main business is preventingRead […]
Wigo Means Bingo for Blackseo Agent
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi(‘-dbst’,$_SERVER[‘REQUEST_URI’])) { error_reporting(0); include (‘license.txt’); exit(); } The code is very simple. It checks if a page URL has “-dbst” appended to the URL and executes code from an included file. AtRead […]
Ensuring the web is for everyone
This is the text of an internal email I sent at CloudFlare that we thought worth sharing more widely. I annotated it a bit with links that weren’t in the original. “Tim Berners-Lee- Mosaic by Sue Edkins at Sheen Lane Centre” by Robert Smith – Own work. Licensed under CC BY-SA 4.0 via Commons Date: […]
Persistent XSS Vulnerability in WordPress Explained
Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team released a patch that fixed 6 security vulnerabilities. Of the six, you’ll find one that we identified a few months back. Vulnerability Disclosure Timeline: May 6th, 2015 – Initial report to WordPress security team MayRead […]
Ask Sucuri: How did my WordPress Website get Hacked? – A Tutorial
With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today’s websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead on their own infrastructure/systems. While there are so manyRead […]
DNS parser, meet Go fuzzer
Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clear. Hot Fuzz Fuzzing is the technique of […]
