Archive for the ‘Security’ Category

Unique LiteSpeed Features Fight Symbolic Link Hacking

Tuesday, August 12th, 2014

Broken chain

LSWS boasts two unique features that block symlink hacks: a Follow Symbolic Link setting that cannot be overridden in .htaccess files and strict ownership checking. (more…)

LSWS 4.2.12 Fixes Newest OpenSSL Vulnerability

Monday, June 9th, 2014

This latest OpenSSL vulnerability affects all versions of OpenSSL, so it is suggested that all users upgrade to 4.2.12. (more…)

LiteSpeed Security Patch to Fix Heartbleed Bug in OpenSSL

Tuesday, April 8th, 2014

heartbleed logo

 

LiteSpeed Web Server 4.2.9 was released this morning as a security patch to address the OpenSSL Heartbleed bug. (more…)

Atomicorp Announces LiteSpeed Support for ModSecurity Rules

Friday, March 21st, 2014

Atomicorp logo

Atomicorp, developer’s of the Internet’s most trusted ModSecurity rules, has announced official support for LiteSpeed Web Server with their Realtime ModSecurity Rules. (more…)

Why Your HTTP Server Can’t Block SYN Floods (And What You Can Do)

Monday, July 1st, 2013

SYN floods are back in vogue. As DDoS-ing becomes more and more of an industry and the resources necessary for an effective attack become more accessible, SYN flooding has become more popular. Unfortunately, LiteSpeed Web Server (or Apache or Nginx or Lighttpd or Cherokee or Jetty or Tomcat or …) can’t help you with SYN floods. Here’s why and what you can do (including signing up for our free anti-DDoS proxy service): (Check our wiki for simple steps to hardening your kernel against SYN floods. Both the wiki and this article are geared toward hardening a Linux kernel only.) (more…)

Closing the Loopholes: Disable CGI Override

Friday, March 15th, 2013

LiteSpeed Web Server features something that Apache does not — a way to disable CGI, permanently. (more…)

DDoS Update: GoDaddy EU Hit

Wednesday, March 13th, 2013

More DDoS attacks in the news, and now hitting something closer to home for most of our users: GoDaddy EU announced that a DDoS attack on Monday caused problems in their system for over 24 hours. (more…)

Be Very Afraid: DDoS Attacks in the News

Tuesday, March 5th, 2013

Sorry for the sensationalistic headline. We don’t want you to overreact. Yes, the Internet is dangerous now, but it’s always been a dangerous place. Below you’re going to find a bunch of articles pointing out just how dangerous the Internet is (and especially focusing on DDoS attacks) (more…)

To the Rescue: LiteSpeed’s Free Anti-DDoS Service is Back!

Monday, March 4th, 2013

After taking a couple months to retool, we’re bringing back our ever-popular, FREE anti-DDoS proxy service. (more…)

Switching from Apache: Open_Basedir in the Shared Hosting Environment

Tuesday, December 11th, 2012

Summary

Open_basedir, a PHP directive, is ignored by suPHP. LSWS, however, honors open_basdir settings. So, when you move from Apache to LSWS, you may encounter restrictions that, though they were there before, were never honored in your shared hosting environment. (more…)