Archive for the ‘Security’ Category

LiteSpeed Security Patch to Fix Heartbleed Bug in OpenSSL

Tuesday, April 8th, 2014

heartbleed logo

 

LiteSpeed Web Server 4.2.9 was released this morning as a security patch to address the OpenSSL Heartbleed bug. (more…)

Atomicorp Announces LiteSpeed Support for ModSecurity Rules

Friday, March 21st, 2014

Atomicorp logo

Atomicorp, developer’s of the Internet’s most trusted ModSecurity rules, has announced official support for LiteSpeed Web Server with their Realtime ModSecurity Rules. (more…)

Why Your HTTP Server Can't Block SYN Floods (And What You Can Do)

Monday, July 1st, 2013

SYN floods are back in vogue. As DDoS-ing becomes more and more of an industry and the resources necessary for an effective attack become more accessible, SYN flooding has become more popular. Unfortunately, LiteSpeed Web Server (or Apache or Nginx or Lighttpd or Cherokee or Jetty or Tomcat or …) can't help you with SYN floods. Here's why and what you can do (including signing up for our free anti-DDoS proxy service): (Check our wiki for simple steps to hardening your kernel against SYN floods. Both the wiki and this article are geared toward hardening a Linux kernel only.) (more…)

Closing the Loopholes: Disable CGI Override

Friday, March 15th, 2013

LiteSpeed Web Server features something that Apache does not — a way to disable CGI, permanently. (more…)

DDoS Update: GoDaddy EU Hit

Wednesday, March 13th, 2013

More DDoS attacks in the news, and now hitting something closer to home for most of our users: GoDaddy EU announced that a DDoS attack on Monday caused problems in their system for over 24 hours. (more…)

Be Very Afraid: DDoS Attacks in the News

Tuesday, March 5th, 2013

Sorry for the sensationalistic headline. We don't want you to overreact. Yes, the Internet is dangerous now, but it's always been a dangerous place. Below you're going to find a bunch of articles pointing out just how dangerous the Internet is (and especially focusing on DDoS attacks) (more…)

To the Rescue: LiteSpeed's Free Anti-DDoS Service is Back!

Monday, March 4th, 2013

After taking a couple months to retool, we're bringing back our ever-popular, FREE anti-DDoS proxy service. (more…)

Switching from Apache: Open_Basedir in the Shared Hosting Environment

Tuesday, December 11th, 2012

Summary

Open_basedir, a PHP directive, is ignored by suPHP. LSWS, however, honors open_basdir settings. So, when you move from Apache to LSWS, you may encounter restrictions that, though they were there before, were never honored in your shared hosting environment. (more…)

Change php.ini under PHP suEXEC Daemon Mode? Not Possible!

Thursday, November 29th, 2012

We're happy to announce the release of LSWS 4.2.1, both to address an issue with php.ini location, but also to bump up PHP performance through streamlining PHP process launch. (more…)

LiteSpeed Against Thc-ssl-dos

Wednesday, October 26th, 2011

thc-ssl-dos script was published two days ago, and it has been posted all-over the internet. You may wonder if LiteSpeed is vulnerable to this attack. The short answer is (more…)