Revolution Slider – Critical Vulnerability Discovered

Written by Mike Helly on . Posted in Bug Fix, Domains, Support, WordPress

Today, we learned of a critical vulnerability in the Revolution Slider plugin that is used on many WordPress sites.

The vulnerability was patched by ThemePunch in version 4.2, but that still leaves many sites with no protection. The fact that Revolution Slider is a popular plugin which is sometimes bundled with the purchase of a theme only complicates matters, as it does not update due to this. You might even have the plugin installed but never use it.

With this vulnerability, a remote attacker is able to download any file from the server. Database credentials are at risk in this scenario and the attacker is able to compromise a site via the database. This kind of vulnerability is a Local File Inclusion (LFI) attack. Local files on the server are able to be accessed and reviewed, completely compromising your site’s security.

Upon learning of the vulnerability with Revolution Slider, BWG quickly took action. We went through all our clients’ sites, one by one, to identify if they had the Revolution Slider plugin, and if they did, what version. After identifying where there was a threat we upgraded to the most recent version of the Premium plugin and tested for the vulnerability. Now our sites are all safe from this vulnerability caused by Revolution Slider.

Breaches of security and vulnerabilities happen more often than you think. The web is made up of thousands of different parts. All it takes is for an attacker to find a tiny crack in the system and they can exploit it. Personal files, medical records, credit card information, mailing lists and many more types of documents all have the potential to be stolen without the proper types of security in place.

BWG takes security very seriously. We keep tabs on what is going on around the web on a daily basis so that we can stay on top of issues like this. Upon hearing of a vulnerability, our team will spring into action to ensure our clients’ data is safe. Security needs to be a chief concern at any web design firm today.

Setting Up Google Apps for Business (Gmail) with your Domain

Written by bryan on . Posted in Domains, Email Support, Google Apps

Do you have Google Apps for Business, and want to use your own domains email address to send and receive mail? Here are some settings to help you set it up

Here are the values to be included when you configure MX records for Google Apps with your domain host. Please note the initial numbers in the Value / Answer / Destination column show MX record priority. See understand MX records for details about adding MX records to your domain.

Name/Host/Alias Time to Live (TTL) Record Type Value/Answer/Destination
Blank or @ 3600 MX 1 ASPMX.L.GOOGLE.COM
Blank or @ 3600 MX 5 ALT1.ASPMX.L.GOOGLE.COM
Blank or @ 3600 MX 5 ALT2.ASPMX.L.GOOGLE.COM
Blank or @ 3600 MX 10 ASPMX2.GOOGLEMAIL.COM
Blank or @ 3600 MX 10 ASPMX3.GOOGLEMAIL.COM

Any MX record that is currently set up, set the priority to a number higher than 10, which will allow mail to go through to your own server as a fallback if Gmail fails.

Host Your Website With Us And Keep Your Email Server Elsewhere

Written by Anthony D on . Posted in Domains

How do I point my domain at Boston Web Group?

Without affecting my email server settings!

If you want to continue using your email with another service provider (like Go Daddy or Network Solutions) and have us host your website at Boston Web Group – all you have to do is edit your DNS settings in your domain control panel.  Those DNS settings are going to be found at the registrar – the place where you bought your domain. Once you are in there, you want to point only your A Records to us.  Simply paste in the IP address that we give you.  An IP address looks like a phone number – 192.168.15.1 – in fact it behaves a lot like a phone number as well ! Updating the A record will point your domain to our hosting service – without disrupting the MX records, which control your email service with your domain provider, such as Go Daddy or Network Solutions.  

SSL Certificates (Required For Shopping Carts)

Written by BWG on . Posted in Domains

GeoTrust SSL Certificates

QuickSSL® Premium (best value) $99/yr


RapidSSL® QuickSSL® QuickSSL® Premium True BusinessID True BusinessID
with EV
(recommended)
True BusinessID Wildcard
Validation Type Domain
Validation
Domain
Validation
Domain
Validation
Organization
Validation
Organization
Validation
Details of Validation
Validates Domain is registered and approved by an admin for commerce.
Validates Domain is registered and approved by an admin for commerce. Validates Domain is registered and approved by an admin for commerce. Validates Domain ownership, plus information in the certificate (name, city, state, country)
Validates Domain ownership, plus information in the certificate (name, city, state, country)
Trust Level Standard Standard Standard Deluxe Deluxe
Green Bar
Warranty $10,000 $10,000 $100,000 $250,000 $125,000
Subdomains Secured Single Single Single Single Unlimited
Issuance 1-2 hours 10 minutes 10 minutes 1-2 days 1-2 days
Validity Options 1-4 years 1-4 years 1-4 years 1-4 years 1-4 years
Site Seal Static Static Dynamic Dynamic Dynamic
Server Gated Cryptography
SSL Encryption up to 256-bit up to 256-bit up to 256-bit up to 256-bit up to 256-bit
99% Browser Compatibility Yes Yes Yes Yes Yes
Browser Security Lock Yes Yes Yes Yes Yes
Mobile device compatibility Yes Yes Yes
IDN Support
EV Upgrader
Installation 24 hours 24 hours 24 hours 24 hours 24 hours
Free Customer Support Yes Yes Yes Yes Yes
Auto renewal reminders & early renewal benefits Yes Yes Yes Yes Yes
Revocation and Replacement Free Free Free Free Free
Product Name

RapidSSL®

QuickSSL®

QuickSSL Preium®

True BusinessID

WildCard

Pricing

$9.95/yr

$69/yr

(best value) $99/yr

$114/yr

(multiple sites) $499/yr

DNS Explained

Written by BWG on . Posted in Domains

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.

DNS associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.

A good analogy to explain DNS is that it serves as the “phone book for the Internet” by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6). Unlike a phone book, however, DNS can be quickly updated and these updates distributed, allowing a service’s location on the network to change without affecting the end users, who continue to use the same hostname. Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail addresses without having to know how the computer actually locates the services.

The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. Additionally, the responsibility for maintaining and updating the master record for the domains is spread among many domain name registrars, who compete for the end-user’s, domain-owner’s, business. Domains can be moved from registrar to registrar at any time.