Tuesday 9 January 2018 by Norbert Laposa
We are receiving questions from our clients about the latest security issues found in CPUs.
Please be asured we are constantly monitoring all security announcements issued by our OS vendor (i.e. https://www.debian.org/security/) and we receive all updates to our email and we apply the changes within 24 hours as part our service.
We can confirm that all our servers are now safe from both the bugs.
Our PCI compliant server customers can are also protected by extra security measures which includes:
All other customers are running in a Cloud environment and the OS was fixed by our supplier, see https://forum.bytemark.co.uk/t/meltdown-specture-vulnerabilities-what-were-doing-about-them/2784
Monday 3 July 2017 by Laposa Ltd
One great security feature Onxshop has is the way how user uploaded files are saved. Onxshop is saving all files outside of web folder, which means that it is not possible to execute any files uploaded by users.
Here is an example how effective the Onxshop way is agains this type of security hole.
On our demo site, which is open to public CMS users, somebody tried to upload this .htaccess file, which allows to interpret PNGs as PHP script files.
AddType application/x-httpd-php .png
The attacker then uploaded a script similar to this:
<?php # Web Shell by oRb
$auth_pass = "63a9f0ea7bb98050796b649e85481845";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
Of course, it was rendered as completely useless and the attacker didn't gain any access to the website.
For example in Wordpress, backdoors can be hidden in scripts similar to this: /wp-content/upgrade/wp-mails.php
It looks like a genuine Wordpress script, but it's actually a file uploaded under a CMS user. This type of files are then used for sending spams, or executing DDoS attack.
Thursday 12 January 2017 by Hugo Dvorak
Our clients often asks us what is the difference. So here is a short explanation.
Canvas and WebGL are both part of the HTML5 standard.
WebGL is an API for rendering interactive 3D graphics. It provides a special language (similar to C++) which you use to describe a 3D scene (objects, light sources, camera position, textures, etc.). With that language you can describe things like “a sphere with marble texture in the centre of the scene”, “a red directional light pointing from the corner of the scene to the centre” etc.
Canvas is an HTML tag which appears in the browser as a rectangular area on the page. It’s up to you what you show in the area. There is Canvas 2D API for that. You do things like “draw a 1px blue line from 0,0 to 100,200” or "draw a red circle at position 20,30” or "fill canvas with black colour” or “draw image XYZ at position 10,10” etc. That’s what we use for HTML5 banners.
Eventually you can combine both for 3D graphics. You render the 3D scene defined by WebGL in the context of the Canvas. Canvas behave as any other HTML element. You can define it’s position on the page, dimensions and even make it responsive. Each HTML5 banner, for instance, is a separate Canvas element.
Thursday 29 December 2016 by Laposa Ltd
Our premium hosting customers can now request a free SSL certificate from Let's Encrypt.
From January 2017 Chrome users who navigate to some HTTP sites will be notified they’re on a site that isn’t secure, if that site feature either a password or credit card form. With this in mind we have implemented Let's Encrypt SSL framework into our hosting platform.
Please note the move to HTTPS may cause a temporary fluctuation in your Google ranking however the benefit gained from having the SSL Cert in place will outweigh any temporary ranking change. Google also gives better ranking to sites with an SSL Cert.
Wednesday 16 November 2016 by Laposa Ltd
Onxshop is an enterprise level, open source content management system, built and maintained by development company Laposa Ltd.
Onxshop is built using standard web technologies: HTML, CSS, PHP and SQL, where all code is clearly structured and separated, which allows anyone with simple CSS knowledge to become Onxshop developer without the need of expensive certification programmes. As the creators of Onxshop we have full control of all aspects of the software allowing us to easily adapt and create new functionality where necessary. This translates to considerable savings in development time (cost) compared with other systems.
Due to it’s exclusivity as an enterprise content management system, Onxshop is not as vulnerable as it’s competitors. For example, Wordpress boasts 75 million installations and a plugin directory containing close to 50,000 add-ons (created by different developers and coding standards). The mass adoption of Wordpress provides an attractive opportunity for hackers and opens many potential security holes. Laposa reviews every piece of code before committing it to the Onxshop Github repository and regularly tests for PCI (Payment Card Industry) compliance.
Onxshop is a true CMS, not a blogging platform. It’s powerful, adaptable yet highly intuitive requiring only minimal training.
There is no annual licence fee with Onxshop and it can be easily hosted elsewhere should you choose to move host.
Laposa offer full technical support on our Onxshop hosting platform where we are happy to provide an SLA. Due to the nature of Wordpress, (eg. automatic system updates, plugin updates, etc…) we cannot offer this level of service.
Built using standard web technologies HTML, CSS, PHP and SQL
Responsive layout system by default
Front-end editing including fluid layouts allowing the user to combine a variety of content types (building blocks) page by page
Core building blocks include:
Site template for different channels, i.e. web, Facebook, Mobile App
Page (creates clean, SEO friendly URL and pre-built structure e.g. default, product list, symbolic link),
Layout (creates placeholders for content e.g. 1-6 columns, tabs and slider)
Content (e.g. Rich Text, Contact Form, Testimonial, Photo Gallery, File List, Menu of Pages, Feed Reader, News Article List, User Comments)
Drag & drop front-end components within each page
Drag & drop page tree organisation
Drag & drop media library
Reusable elements outside of website context (e.g. within Facebook Apps)
Role based access control
XML feed for any type of content
API for recipe, product and store database
Use prebuilt selection of contact forms
Form builder for customer surveys
Geolocation via taxonomy system
Automatic image resize: Upload one file and re-use in multiple places (Global Media Library)
Built-in CSS editor
Build-in template editing
Flexible picture gallery: Select from 7 different types with detailed options (simple image list, jQuery Cycle, Fancybox (Lightbox), jQuery Tools Gallery, Nivo Slider, prettyPhoto)
Saved revisions for every content update
Multiple users role (Access Control List)
Flexible scheduler for content publishing/unpublishing
Enterprise Search Engine using Apache Lucene
Social integration - management of Open Graph properties and login using Facebook or Twitter
Bin for easy recovery of content deleted by mistake
More information can be found on onxshop.com