As you may have heard, a security threat emerged this week that is now being called the Shellshock exploit. The security of our systems and servers is something that we take very seriously. Once we learned about this issue we began addressing it immediately and at this time have completely secured our platform.
What is the Shellshock bug?
Shellshock (or CVE-2014-6271) is a vulnerability in a “Unix Shell” called Bash that runs on most Unix & Linux devices. The Shellshock exploit could theoretically allow an unauthorized person to gain unauthorized access to a Linux environment without the permission of the account owner or system administrator. Bourne Again Shell, (or Bash), is a piece of software that is largely used by programmers in many Unix-based operating systems, including Linux and Apple’s OS X. Bash lets users, applications, and system tools make direct commands through the shell and into the core operating system (kernel).
What is being done?
Our team became aware of the CVE-2014-6271 Linux Bash exploit (now being nicknamed “Shellshock”) early Tuesday morning (9/24/2014). As one of the first organizations to know about the exploit, we immediately began taking action to secure our platform. Using the RedHat public patch as a primary resource, we patched our own implementation of Bash to secure our platform, and have deployed that to all our servers. We continue to work around the clock to make sure that our patch for our Linux (CentOS) operating systems are fully up to date. In addition to securing our servers, we have been taking additional monitoring steps to watch for any suspicious or unusual activity taking place on our platform.
Is my data or website or email at risk?
While no company can ever tell you that you are 100% secure from every theoretical vulnerability, we feel that we have taken and continue to take all appropriate measures to secure your website, email and other data stored on our servers. If you are concerned, please feel free to change your password(s) and examine your website.
What can I do to protect my website/increase my security?
Hosting with a reputable provider like Bluehost that can monitor and promptly react to Internet security issues like this is the first step to online security. We also encourage you to make sure that any applications you’ve installed (such as WordPress) are always updated to the latest version.
We have updated all servers that run Linux and Bash, and are continuing to monitor the situation with security experts from across the globe. If you know other individuals or organizations that are running Linux and Bash, encourage them to make sure they are running the latest versions to protect their privacy and their businesses.