Category Archives: System Updates

Security while traveling and using WiFi

I recently attended a conference where I had to stay in a not cheap hotel that had shared WiFi. Being a curious person (as any Mr. Robot fan would be), I wondered how secure accessing the Internet there really is. Well, as you might have guessed, it’s horrible. 

I could see every guest’s device on network, lounge printer and even some hotel guests’ printers. ::shocked::

In this configuration, anyone can inject ads to any page, sniff traffic (credit cards), or run at the moment very popular crypto mining in the browser on any page you visit.

You might be asking yourself at this point, how this affects you (the user), me (the developer) or Easy Blog Networks (the product)?

For starters, Easy Blog Networks staff cannot access the app without “Secure Endpoint”. So, let’s say the staff is traveling (either at a conference or sipping Margarita while watching dolphins swim) and using an insecure wifi, someone cannot just delete all servers or blogs, or get a list of emails from the app.

However, any user or a potential user can still be affected. Previously, everything relied on the user to be cautious. Browser vendors are slowly adding meaningful policies directly to the browser, but they are not enabled by default and each app vendor has to review and enable them.

And this is where Content Security Policy and HTTP Strict Transport Security come in place. As app developers, we can instruct the browser to use Content Security Policy to disallow loading any scripts on a page that are not approved by us.

Comcast injecting ads on a page? Denied.

Starbucks mining crypto coins on our page? Denied.

SEO conference attendee getting list of all your blogs via some clever advertising? You get the idea now. Denied.

And the second even more important one is HTTP Strict Transport Security. This will tell the browser to never load a page over an unsecured connection (HTTP).

I might have gotten you worried now and thinking how to actually verify that using Easy Blog Networks is really safe.

You can check any page using SecurityHeaders.io where Easy Blog Networks has “A” score. However, there is still space for improvement, and as always, we are working toward that goal – making users and staff safe.

Happy and worrisome New Year. :)

SaveSave

SaveSave

SaveSave

SaveSave

Easy Blog Networks System Update #23

There have been some major changes since our last system update post. The primary one that helps the most users is the new easy theme editing option. We have also been improving the security of the platform and the blogs.

  • Easy theme editing.
  • Blocking malware domains.
  • User Survey 2017 – we learned a lot about our users and their common frustrations, changing our development roadmap accordingly.
  • Domain field validator – we’ve improved the error reporting of the domain field when adding a new blog.
  • Updating login security – preventing legitimate users from being blocked (ongoing)
  • Blacklisting themes: we’ve seen a few blogs with active malware themes (impacting only the blogs where they were installed) that we removed and blacklisted.

Yashar Ghaffarloo has done another security audit for EBN. At the time of writing all found vulnerabilities have already been fixed. EBN is still the only PBN hosting platform that does regular third-party audits.

In the coming few weeks we’ll be focusing on adding a backup payment provider and an update to Mailboxes.

Easy Blog Networks now has easy theme editing!

Great news! We know that theme editing has been an often requested feature and we’re excited to announce we have implemented this feature.

To avoid manually creating a child theme we are now using a free plugin from WordPress.org that creates child themes and allows you to edit them. We needed to tweak our system a bit for the plugin, but it now works perfectly.

You now get the simplicity of using the default WordPress theme editor but with the security and safety of automated theme updates.

To find out more read the full instructions on how to use the theme plugin in our Help Center and let us know you what you think.

EBN is now blocking malware domains

As another step toward better platform security, we’ve just added a new feature that removes and disallows adding of malware domains, listed by MalwareDomains.com. Malware domains are domains with a history of being used to propagate malware and spyware on the internet.

This greatly improves the safety and neighborhood of existing blogs on EBN.

This is the error you will see if the domain is listed in their database:

In the majority of cases, this is an issue of the previous owner so you will need to request removal from the database. You can do that by contacting them here.

We’ve also added this information to our Help Center article.

Easy Blog Networks System Update #22

It’s been some time since we last posted, but behind the scenes, we’ve been doing some reorganizing and, of course, keeping the system updated and maintained.

EBN has grown a lot in the last year and we’ve been having some trouble pushing new feature updates as fast as we’d like. This is why we decided at our last company meetup to try out Scrum methodology for development, and we’re already seeing initial results. We are now back on track towards developing some of the more requested features.

Major Features Planned for This Year

  • Subaccounts – If you have staff that helps you manage your PBNs inside EBN but don’t want to give them full access. You will be able to give them access to an EBN account without giving away passwords to your blogs.
  • Mailbox – Mailbox is up for a big update. Sorting, automatic purging and archiving are coming in the update.

Maintenance Done in The Last Quarter

  • Indexation Check updates – We’ve launched this in April but we did a lot of updates since to decrease the number of false positives and sync issues between Indexation Check and EBN.
  • Removing unstable providers – Even with our due diligence, some poor performing hosts still got into the system. We removed most of those and are keeping a close eye on others.
  • Improvements to servers maintenance – We’ve done a lot of additional updates to automate a lot of maintenance so as to keep the potential downtime as short as possible.

Got an idea? Post it on our Feedback page!

If there are features you’re still missing, please check our Feedback page. You can also vote there for existing ideas from other users.