A security flaw called “Shellshock” has been in the media recently. This major vulnerability affects operating systems derived from Unix, which includes the Linux operating system, and can allow hackers to execute arbitrary commands (thus taking over the computer or system with malicious intent). Many of the websites hosted by WebStores Ltd use Linux as the operating system.
I wanted to provide you assurances that our security team took immediate action once this vulnerability was uncovered and made public. This includes performing immediate software updates, with the fix, to the Linux shared hosting segments, and ensuring all internal systems that manage customer information are secure against this threat. You can read about the threat at http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers.
How can you protect yourself from future hacks to your website? Internet security is an ongoing and never ending battle. As soon as one threat is resolved, hackers are out there trying to figure out other ways to steal your data or latch onto your website and use it for their own purposes. You must use diligence to protect yourself. One of the best things you can do is to never upload any data to any website that is confidential, especially if it is not a secured site (ie, one that clearly shows https:// in the address line). While SSL is not perfect, if your site doesn’t have an SSL certificate, you should be careful to not use it for transmitting confidential information. The other thing is to change your passwords regularly. Passwords should always be a strong password, which means a minimum of 8 characters (more is better), with both Upper and lower case letters, numbers and special characters. For example, %5Wubn78(*jKdsQ$ is considered a strong password. Passwords for every user and every site should be different. How are you ever going to remember a cryptic string like this, especially if every user and every site is different?
I suggest using a password tool that stores all your passwords in a secure file on your computer. Do NOT just put them in a Word document or Excel file! One such program is KeePass, which can be downloaded for free at http://keepass.info/.