How Web Hosts Exposed Your Data & We Fixed It

Posted on March 5, 2021March 6, 2021Categories UncategorizedTags , , , , ,
An image of a chalkboard that says web hosting.
The words web hosting on a picture

This is a piece to show you what happens and has happened behind the scenes here at Planet Zuda to help the cyber security of the world.

The year we are discussing is 2010. Bitcoin had been invented a year prior so, this was a different era. Everyone cared about their website, but we were more interested in the security or lack thereof, of the webhosts for websites.

A company named after a color and that hosted websites didn’t keep their servers secure. You could find command line access to some of their server instances by google dorking. They did not respond to emails, they did threaten to sue us by voice, however. This was common place in this time period, but they never sued.

The lack of security of this one web-host got us looking into every web-host. Almost every single web-host in that time period leaked databases onto google.

We & GoDaddy Secured Your Data On Other Hosts

We teamed up with GoDaddy and their CISO Todd Redfoot. GoDaddy was very competent with their security and they became one of our clients. Basically the best client for this situation, that we could hope for.

Once we teamed up with GoDaddy, we contacted every single webhost via proxy of Godaddy’s security team. We were able to tell them how their server files were exposed right down to /bin/, to databases. There are two web-hosts that had good security posture during this era, lunarpages and MTMII. MTMII is a web-host our founder volunteered with.

Webhosting was the wild wild west for cyber-security, as there were no consequences for insecurity at that time except for negative articles. Still Many webhosts fixed their security posture when issues were reported to them by Godaddy. They did tighten up their security over the next 2 years of us working with Godaddy.

Now web hosts are way more secure, so you can’t just google dork and find their info in Google cache. Google dorking is completely legal, so all this info was legally available.

We hope you find these articles interesting and informative.

zero day Detection Automatically in websites software

Posted on May 7, 2018May 7, 2018Categories UncategorizedTags , , , , ,

Zero day software detection is absolutely a necessity, since the average cost of a hack is 1.3 million dollars. We wondered if we could solve the zero day issue by discovering certain zero days nearly the instant they are made. It sounded crazy, but it worked. We can find and detect tens of thousands of zero days in software. Detection is only one step, you may be saying to yourself and you are right. Which is why we also have patch solutions, so whatever you find we have a quick and reliable way to accurately fix the zero day and removing it from the software.

What makes this even better? Our amazing software is only $20 a month. That isn’t 20 dollars a month for 12 months, no it’s 20 dollars a month and you can stop using our software to detect and solve zero days in software before hackers maliciously exploit them.

United Nations & Lack Of Cyber Security

Posted on March 7, 2018March 8, 2018Categories cyber security, information securityTags , , , , , ,

Today we will be covering the United Nations hacks that haven’t gotten the level of publicity that they deserve both in this article and on our podcast. In recent years we reported a compromise in the United Nations site and we can say per our experience that calling the United Nations to report their site has been hacked is no pleasant task. Per our experience their initial response was a polite way of saying you may be arrested, but once they realized we didn’t hack them, we just spotted that the site had been hacked we were transferred to the IT guy who seemed to be in a panic. Like any organization, the United Nations should implement  proper cyber security vetting for the code they use. This includes having the code that they currently have in use go through a third party audit and have the security updated. They should also have all their programmers learn secure development practices, and audit all third party code that they use on their website.

So is the United Nations using proper cyber security measures? It doesn’t seem to be the case, since the United Nations hasn’t been hacked just once this year, the most recent known United Nations hack was Feburary 4th, 2018. The United Nations was also hacked several times in January, 2018 as as shown here on January 28th, January 16th, January 15th, January 14th and six times in 2017 just on Open Bug Bounty alone.

These aren’t the only times the United Nations has been hacked and was publicly documented. Zone-h, a site for archiving defaced websites has two archived instances of the United Nations being hacked in 2008 and in 2006.

While the United Nations has been hacked more than anyone would want, it is important to take into consideration the gigantic size of the United Nations site with multiple sub domains. It certainly does not appear that there has been a review of all their code in years. The best solution would be for them to have a full security audit, get rid of old sub-domains they no longer need, and make their code easier to maintain through multiple tools that are available.

Unfortunately, our conclusion based on the public information about the United Nations site right now, is that they are not a safe website per our companies policies of what are acceptable risks. Being hacked for the last 12 years with no significant appearance that we can see of improved cyber security certainly does not seem like a safe website to us, but it is ultimately up to the user to decide the risk level they want to take when using a website.

Security & SEO Podcast episode 2

Posted on November 21, 2017November 21, 2017Categories first page google, podcast, UncategorizedTags , , , , , , , , , ,

 

What happens if you only focus on SEO and do really well, but don’t focus on security? You get hacked and lose tens of thousands of dollars or if you don’t have a team who works quickly on SEO and security, you could go out of business. We cover how 46 million phones were hacked in Malaysia and a lot more of interesting topics, including our black Friday sale.

Planet Zuda Cyber Security And SEO podcast: Episode 1

Posted on November 10, 2017November 10, 2017Categories cyber security, information security, podcast, seo, Uncategorized, wordpress securityTags , , , , , , , , , , , ,

In this episode, we discuss security data breaches, how flawed a lot of open source programs are with security, especially one person WordPress plugins. We also covered cionews.com, Yoast SEO, On The Go Systems premium plugin WPML and plenty more.