Uncategorized

Joomla urgently update on 3.8.13

Schreibe einen Kommentar

Joomla 3.8.12 Vulnerabilities security vulnerabilities security vulnerabilitiesThe security team of Joomla has issued a new update that will close 5 Vulnerabilities!

Until the version of the Joomla 3.8.12, for example, hackers can Run damage code through the internal update area! Hackers can also register easily until you register with the 3.8.12 and obtain unlocking! What madness that Joomla remains one of the most unsafe CMS systems! The following CVEs were then classified as low, but only a few hours after publication, we were able to detect quite massive attacks on a customer web space with Joomla 3.8.12 that even led to a CPU-Durer load!

If you don't have a maintenance contract, you should urgently update you to date! Please also remember plugins and themes etc. With data!

If you want to separate from Joomla, we recommend that you
Prima-website builder

We are already converting various projects to the PWB, as it creates flawless pages that can no longer be hacked and where we don't have to carry out constant updates! Even large database projects, such as Europaladies.com, can be changed! If you have any questions, please get in touch with us!

Here are the CVE numbers and a short info on the Vulnerabilities:

CVE-2018-17859 Inadequate checks in com _ contact could allowed mail submission in disabled forms

CVE-2018-17856 Joomla's com _ joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com _ joomlaupdate and trigger a code execution.

CVE-2018-17857 Inadequate checks on the tags search fields can lead to an access level violation.

CVE-2018-17855 In case that an an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

CVE-2018-17858 Added additional CSRF hardening in com _ installer actions in the backend.

Allgemein

For security reasons we separate ourselves from Cloudflare

Schreibe einen Kommentar

Unfortunately we have to end the partnership with Cloudflare for security reasons! We have tried several times to point the technical developers to these problems over 3 months with many mails and harvested as a last statement get (automatic translated):

The only problem is partial setups that we have never claimed to be safe. Partial setups allow hosting partners like you to easily integrate our service by Cloudflare the traffic for sub-domains (!) via CNAME, which allows your customers to use our CDN and the associated benefits such as improved loading times and reduced traffic.

This means, in reverse, that the promise that the Plesk plug-in for Cloudflare is claimed does not provide any security, unlike what is promised in the description of the plugin! On the contrary, hosters live very dangerously when they use this plugin!

The so-called „server-shield“ that sounds from the n For security reasons we separate ourselves from Cloudflare weiterlesen

Allgemein

Now live-CA. 1 hour before rocket start to the ISS

Schreibe einen Kommentar

Today, the 06.06.2018 launches the rocket, replete with the latest information technologies and the German team chief Alexander Barley and his Russian and American colleagues on the ISS. The start should take place at 13:12 p.m. (European Summer Time Berlin, Madrid, Paris)! We push the thumbs that the start and the journey, which by the way should take 48 hours to reach the speed of over 20,000 km/h in order to be able to dock on the ISS, succeeds!

You have been able to experience the preparations and then later the start with N24 Live at 12:00 am!

The new crew, which flies to the ISS, will then carry out various experiments on the ISS for six months, which are very important for our secular research and economy!

Allgemein

GDPR-Obligations for website operators

Schreibe einen Kommentar

All Web site operators must urgently check whether they need to include an explanation regarding the privacy policy according to the new GDPR in their websites or to amend existing regulations!

All companies that work with customer data and/or where customer data is stored on their web pages and it does not matter whether it is a blog or a forum where customers e.g. Can enter or register as a customer etc., must create a privacy statement after the new GDPR, even if the company headquarters is outside Europe, but addresses customers who live in the EU!

Thus, 95% of all websites are to be examined and adapted to these data protection regulations, because otherwise web site operators threaten not only high fines by public authorities (up to 20 million euros or 4% of the annual turnover), but also warnings with high costs, which Be sent by lawyers today! On radio and television, we are already warned against avalanches of warnings, because our legislators have failed to stop this at the introduction of the GDPR!

From the side, all website operators have to act quickly before the first warning is fluttered into the house!

Allgemein

GDPR: WHOIS data no longer public/no spam anymore

Schreibe einen Kommentar

At last, the WHOIS data is no longer publicly available in the top-level generic domains, many other EU country domains (ccTLDs) and also many other domains!

Thus, the largest sources of mail addresses that have been abused for spam have been closed! Also, no other systems may unauthorize this data GDPR: WHOIS data no longer public/no spam anymore weiterlesen

Allgemein

Publication of the new 1AWWW privacy policy (GDPR)

Schreibe einen Kommentar

Data protection regulations from 25. May 2018For years 1AWWW has been processing the data of all customers strictly according to the data protection conditions that apply in Europe! These are now regulated uniformly in Europe by the new GDPR and therefore the adapted conditions apply from  25. May 2018 for all customers:

For end customers, read here

For reseller, Read here

The implementation of the GDPR was not easy, because overarching organizations are unfortunately still in the phase of conversion to the GDPR, such as The umbrella association ICANN in relation to registration of most domain endings-we reported in the article „Introduction of new data protection-Carp becomes a fiasco

Allgemein

Joomla 3.8.8 has been published-please update urgently

Schreibe einen Kommentar

Joomla 3.8.7 Security VulnerabilitiesTo get urgent security vulnerabilities that exist until Joomla 3.8.7, you should update urgently the latest updates!

It is also important to install the installed themes and plugins and after that you should also delete the cache!

Those who do not update their Joomla regularly, are grossly negligent and must expect that hackers penetrate Joomla 3.8.8 has been published-please update urgently weiterlesen

Allgemein

Domain security changes due to the new EU Data Protection Regulation (GDPR)

Schreibe einen Kommentar

Phase 1 of 3-adaptations to the GDPR:

Due to the implementation of the new Data Protection basic Regulation (GDPR), urgent security changes in the domain area (incl. FOA) will be carried out in the next few days!

As we have already written in our article „GDPR – Introduction of new data protection rules a fiasco“, now important changes are made to the last „pusher“! We still cannot see the final „roadmap“ of ICANN and thus continue to be in the air with the adaptation of our processes and systems! Domain security changes due to the new EU Data Protection Regulation (GDPR) weiterlesen

Allgemein

GDPR-Introduction of new data protection rules will be a fiasco

Schreibe einen Kommentar

1awww as well as many other companies have been preparing for a long time for the new Data Protection basic Regulation (GDPR), but they cannot actually implement it completely!

Already in the year 1995, the States have laid down Directive 95/46/EC to establish uniform data protection laws in Europe. In 2016, the GDPR was adopted by regulation 2016/679 EU and this has been valid since 2016, but must be implemented by all EU-Statens to the 25.05.2018 binding and then applies to all! GDPR-Introduction of new data protection rules will be a fiasco weiterlesen

Allgemein

Breaking NEWS: German government network hacked – secured datas theft

Schreibe einen Kommentar
German government network hacked
German government network hacked

As we have just learned, the German government network has been hacked! Already in December 2017 the attacks were detected and there is also to be data theft, which corresponds to a super-gau! Obviously malware was recorded, which was probably active for over one year!

Connected to the German government network are: Federal Chancellery, Federal ministries, Federal Court of Auditors, security authorities in Berlin and Bonn and other locations as well as the Bundestag and the Federal Council!

Lt. Spiegel the Federal ministry should have confirmed the attacks and the attack should probably only be done within the federal administration and be isolated! Outside the federal administration, according to previous findings, no other bodies should be affected!

Informations-Blog von 1awww.com