Attention required for CloudFlare users: 'CloudBleed' - A major security breach. What should you do?
In the era of IoT, much emphasis is now given to a website's performance and security. CloudFlare is one of the fastest managed DNS providers and is the builder of next-generation Content Delivery Network (CDN). Through CDN's service offerings, cloud flare helps to set up your website in closer proximity to the visitors logging onto the website. Apart from easy access to the files, your website's performance is also enhanced efficiently. The visitor's frustration at the loading speed of the web page is largely prevented.
For example, when someone in Paris tries to access a US-hosted website, it is done through local servers nearest to the user. This is much faster than having the user's requests, and your responses, travel back & forth to the user's place and the physical server.
On Feb 2017, a major security bug, termed CloudBleed, was detected by the Google Project Zero Team. CloudBleed is a major vulnerability that potentially affects millions of websites, hampering the security of nearly 2 million websites. A massive security loophole happened that allowed the leaking of passwords and other sensitive information.
Information that has been leaked
When you see the address bar of the website, you can find the "http" at the beginning of the URL. But some of the web addresses begin with "https", which means the page is secured.
Service providers like 'CloudFlare' act as a middleman between users and servers to transfer information in a secured way. That secure information was unfortunately exposed, and the worst part is some information has been cached by search engines like Google, Yahoo, Bing, etc. Anything from usernames/passwords, sensitive information like images or any security protocols could have been exposed. As of now, there is no confirmation if the cached information was retrieved by hackers.
Action required from you
Though your information might not be completely accessed by hackers, we recommend you to change all your CMS admin and other passwords to protect your site.
For example, a website may have more than 1 administrator. As a precautionary step, it is a good idea to change the passwords for all administrators on the website, even for accounts protected by a 2-step authentication, since they could also be at risk.
How to find if 'CloudFlare' is installed
There are many browser add-ons that reveal various technologies used on a website. Builtwith, Wapplyzer are two of the most popularly used tools.
After changing the password(s), check the following:
- Review all user accounts on the website. If any user is found to be spam, block & delete them immediately
- Website Audit - A deep analysis of the website which will reveal if any anomaly is present
Note: Passwords for mobile apps could have also been impacted, so we highly recommend changing them too.
Need help? Contact our experienced security team today for assistance with evaluating your site's security.
5 Step Guide to Successfully Implement Journey Builder
One of the most popular features from Salesforce Marketing Cloud stable, Journey Builder gives… Read More
Salesforce Hybrid CMS – Is it going to shake things up in the CMS space?
Having been in the content management space for more than a decade, I must say this has been one of… Read More
How AMP (Accelerated Mobile pages) helps you to improve organic traffic
Over the past five years, it has turned to a mobile first world. The share of mobile traffic has… Read More
Using a CMS Scorecard to Pick Your Next CMS
Choosing the right Web Content Management System (WCMS or more simply, CMS) is easily one of the… Read More
6 Reasons to Keep Your CMS Updated
There is no excuse not to stay up to date on the best of breed Content Management System (CMS)… Read More
Migrating to Kentico CMS: A step by step approach
Are you contemplating moving away from your existing CMS platform and into Kentico CMS, but not… Read More
4 Ways Episerver can make your website a B2B selling machine
As a cutting-edge global software company, Episerver has prided themselves in providing well-… Read More
How AI Based Content and Commerce Personalization Increases Revenue
One of the core values of AI-enabled technology is that it personalizes the user experience. Take… Read More