Service Status

All Systems Operational

Scheduled Maintenance

  • KrakenGeek.com Speed Audit, 1/18/23
Status History

12/30/2022

Security Issue Identified

Status: Workaround Already Implemented
Updated: 12/30/2022 at 5:15 PM PST
Details:
We received an alert indicating that WordPress 6.1.1 has an Unauthorized Blind SSRF vulnerability that has no patch available. All of our WordPress clients are running WordPress 6.1.1, so they are affected by this.  No action was however needed by us because we already actively disable access to XML-RPC for all of our clients, which is an effective workaround preventing compromise via this vulnerability.  As a result, risk to our clients is minimal.  When an update is available we will deploy it to all clients.

12/17/2022

Security Audit

Status: Completed
Updated: 12/17/2022 at 6:00 PM PST
Details:
Scan via SSLLabs.org showed that KrakenGeek SSL grade dropped from A+ to A.  A good grade, but it doesn’t meet KrakenGeek’s standards.  After some investigation, we discovered HSTS was set to one minute (for testing purposes, leftover from the move from old to new server).  HSTS was increased to six months.  A rescan showed the grade as having increased back up to A+.

PenTest also was completed for KrakenGeek.com and all clients, no issues were identified.  

11/6/2022

Move to New Server, Terminate Old Server

Status: Completed
Updated: 11/6/2022 at 4:57 PM PST
Details:
The old server had an old OS that was no longer being maintained which necessitated upgrading to the most recent LTS version of the OS. We were able to create a new server meeting the requirements and successfully moved all clients to the new server. We monitored all clients after move and were able to confirm no further issues after 30 days. The old server has been permanently terminated.