Think database web applications have to be slow? Think again! With our completely free and open source LiteSpeed Memcached, you can accelerate your site by alleviating database load dynamically!
Recently, there have been a number of large-scale brute-force attacks on WordPress sites. These attacks try to bypass WordPress security by attempting to log in with every possible combination of username and password, sometimes sending thousands of requests per second.
Since these attacks began, one of our clients had all 50 of his hosted WordPress sites simultaneously attacked. He was able to mitigate these attacks using LiteSpeed’s mod_security rules, but wanted a way to easily and automatically block these IPs at the server level.
We responded within an hour – modifying our code and publishing a new build that allowed the client to add offending IP addresses to the blocked IP list using mod_security rules. These IPs can then be easily grabbed from the blocked IP list and added to the server level firewall using a script – stopping the connection at the network level before it ever reaches LiteSpeed Web Server.
That’s the kind of speed you can expect from LiteSpeed!
The latest Google Chrome version 44.0.2403.89 is currently redirecting all HTTP URLs to their HTTPS versions for certain web applications. This is caused by a bug in Chrome causing the “HTTPS: 1” header to be sent by default on every request. This is mainly causing problems for WordPress sites with the WooCommerce plugin installed as well as sites without HTTPS support. Because of WordPress and WooCommerce’s popularity, this bug may be affecting a large number of people.
LSWS boasts two unique features that block symlink hacks: a Follow Symbolic Link setting that cannot be overridden in .htaccess files and strict ownership checking. (more…)
This latest OpenSSL vulnerability affects all versions of OpenSSL, so it is suggested that all users upgrade to 4.2.12. (more…)
LiteSpeed Web Server 4.2.9 was released this morning as a security patch to address the OpenSSL Heartbleed bug. (more…)
Atomicorp, developer’s of the Internet’s most trusted ModSecurity rules, has announced official support for LiteSpeed Web Server with their Realtime ModSecurity Rules. (more…)
SYN floods are back in vogue. As DDoS-ing becomes more and more of an industry and the resources necessary for an effective attack become more accessible, SYN flooding has become more popular. Unfortunately, LiteSpeed Web Server (or Apache or Nginx or Lighttpd or Cherokee or Jetty or Tomcat or …) can’t help you with SYN floods. Here’s why and what you can do (including signing up for our free anti-DDoS proxy service): (Check our wiki for simple steps to hardening your kernel against SYN floods. Both the wiki and this article are geared toward hardening a Linux kernel only.) (more…)