1 Minute fix for WordPress XML-RPC Pingback Vulnerability to Quadratic Attack

At 3PRIME, we are stewards for quite a few hosting customers, many of whom love wordpress. As such, we support that platform so that we may support the efforts of our disparate clientele.

By now everyone has heard of XML Quadratic Blowup Attack vulnerability in wordpress.

The WordPress Core Team has done there due diligence and have submitted a patch for the vulnerability. You can implement it readily by updating your wordpress runtime to the latest greatest version (or the latest greatest patch build of your current installation). If you haven’t already, you should absolutely update your installation the next chance you get.

XML-RPC is a Problem

Something that bears mentioning here is the WordPress XML-RPC itself.

Unless you are using a plugin that requires using this now nearly ancient form of site access and control, XML-RPC is otherwise extra baggage that you need not carry around.

Given the utter lack of usage of XML-RPC throughout our client sites, the best fix for the current vulnerability, a great preventative measure against similar attack vectors, is to simply disable XML-RPC altogether.

In our case, we did this server-wide. Setting up a directive for Apache couldn’t be easier.

In your configuration file (httpd.conf or, preferably, a pre-VirtualHost Include file), simply include the following snippet:

Apache – Disable xmlrpc.php

For the Nginx crowd out there, you can use the following:

Nginx – Disable xmlrpc.php

If your site (or your clients’ sites) are not coupled to WordPress XML-RPC, disabling XML-RPC altogether is a great way to reduce one attack vector that is often overlooked, exposed, and effectively exploited.

3PRIME Launches New Responsive Theme for Precision Cutting Services in CT

PCS-new-homepage

What you’re looking at now is the new homepage for Precision Cutting Services. Precision Cutting Services is a high quality tree cutting and lawn care business that performs work in the Hamden and southern Connecticut area. We’ve been performing a wide range of work for Precision Cutting Services for quite some time now. As stated above, we just relaunched their site with a new responsive theme which provides their web portal with several great features. First of all it looks great. It features large, clear pictures of the Precision Cutting Services’ crew at work. Moreover, the theme transforms the website into a responsive viewing experience for mobile devices and tablets. So now it will look just as good on them as it already does on desktops and laptops.

Creating sites with responsive themes serves to not only improve their look but also helps their rankings as it is one of the many features that Google takes into account when placing sites in search results. Think your company’s website could use some sprucing up? Then don’t hesitate to contact us.

3PRIME Relaunches BobMarino.com

We recently performed a complete relaunch of Bobmarino.com. The site is completely updated, featuring new images and design elements incorporated by 3PRIME. It is now a responsive WordPress CMS system.

Bob Marino Aftermarket Specialty Company has been in business for 47 years. They provide aftermarket items and services to car dealerships such as warranties, and a prep and detail service that washes and prepares cars prior to being shipped to customers. Continue »

List of 25 New Generic TLD’s available today

I wrote to clients today regarding the pre-registration for “generic TLDs” and some suggestions they could consider. Below are some general details of what I sent including:

  • A list of new TLDs (top level domains) that are coming available that might be of interest.
  • For more info on TLDs in general, I wrote this last year.
  • The new TLDs will cost $25-$40 per year to register. It depends on the TLD.

It’s also important to understand how the pre-registration process works, so as a quick overview:

  1. We can Pre-Register for them for $40 and Godaddy (the registrar we use) will submit these on February 13.
  2. We can pay more to improve the priority of our registration, but I don’t think that’s necessary.
  3. If we don’t get them, the pre-registration fee is refunded.
  4. For higher priority, that starts at $189, and that application fee is non-refundable.
  5. Higher priority goes in phases, with Phase 5 (one step in front of the $40 registration going for $189, and Phase 1 or top priority going for $12,000+!

In general, these are worth considering for marketing, or for capturing a name we wouldn’t want a competitor using for marketing. Let me know what questions you have!

Here is the list of the 25 gTLDs available today for pre-registration.

.guru
.photography
.menu
.build
.bike
.camera
.clothing
.construction
.contractors
.directory
.estate
.equipment
.gallery
.graphics
.holdings
.kitchen
.land
.lighting
.luxury
.plumbing
.singles
.technology
.today
.uno
.ventures

The Last Weekly Round up of mobile news from Mutual mobile.

 

Well guys here is my last a weekly Mobile blog post coming from you by Mutual Mobile.  Please feel free to go and signup at mutualmobile.comI apologize for the formatting look, MM changed their format which makes it a pain to copy over in here but here it is, The info is still great.

Starting in a couple weeks you will be seeing new stuff brought to you by my new employer Chaotic Moon.  Please go check us out www.chaoticmoon.com

What To Expect From Apple’s October 22nd iPad Event
The Verge

New iPads are a certainty, but there’s plenty more that Apple could have in store for consumers ahead of the holiday shopping season. Here’s what you should — and shouldn’t — expect from Apple’sOctober 22nd event.

 

NEWS AND INSIGHTS
The New York Times

-+

The race for the tablet market has become a full-blown sprint. The intense competition will be highlighted on Tuesday, as Apple, Nokia and Microsoft each introduce new tablets.
The Huffington Post

-+

While the Surface 2 is probably most fairly compared to an iPad or high-end Android tablet, the Surface Pro 2′s processing power makes it more like a laptop.
The Verge

-+

 While we wait for someone, anyone, to deliver the ultimate smartwatch, what can the best devices available today tell us about perfecting the smart wrist-accessory?
Mobile Commerce Daily

-+

Mobile’s immersion in our everyday lives actually provides retailers a valuable opportunity to embrace mobile as an asset and use it to foster the biggest advantage a bricks-and-mortar store has to offer: personalized, superior-level customer service.
TIME

-+

Even though Apple really did make the iPad for consumers, Jobs and his team fully expected it to also become attractive to business users.
Consider us your mobile update. Trends, platforms and strategies. Covering the biggest news in mobile, in just around a minute.
RESEARCH
ZDNet

-+

Pew Research found that tablet ownership among Americans has now hit the 35 percent mark, up 10 percent from a year ago.
VentureBeat

-+

The wearable devices industry, which includes smart watches and glasses, will be worth $19 billion by 2018. That’s a big jump over the $1.4 billion the industry is expected to pull in this year, according to Juniper Research, which produced the numbers.
eMarketer

-+

This year, more than half of US adult internet users, or 102.5 million people, will redeem a digital coupon via any device for either online or offline shopping. New data indicates that there was a significant increase in the number of digital coupon users during the first half of 2013.
ReadWrite

-+

Apple’s iOS 7 has been available to the public for exactly one month. In that time, about 73% of all iOS users have updated their iPhones, iPads and iPods to Apple’s new operating system, amounting to a little more than 250 million devices.
Forbes

-+

iOS dominated as the platform of choice for enterprise app deployment with 98% and 95% share in the June and September quarters, respectively.

Eruption, for the Oculus rift game jam contest has been released!! (Shameless self promotion)


https://www.youtube.com/watch?feature=player_embedded&v=uTMI-E0A-N4

Game Description:
Deep in the bowels of a top secret building of S.T.Z.M.N. research facility a lab assistant works late into the night tending to their quadrant smears. In the lab next door things go horribly wrong with a timeline experiment and in an instant the lab assistant is sucked into the void and transported millions of years into earth’s primordial past.

Our hero, dazed and confused, is shaken back into consciousness by a massive quake. Looking around they are surrounded by a harsh, unfamiliar, and unforgiving terrain. The ground shakes again and our hero looks around in time to see a massive volcano erupting in the distance. As the shockwave hits our hero’s fight or flight instincts kick in and they take off running for their life.

Eruption, is a 2.5D platformer designed to challenge the player to escape the hostile world they find themselves in and make it to safety. The user will be forced to look around and dodge incoming objects from all directions. Players will have to think on their feet running, jumping, and sliding in order to save themselves from almost certain doom.

The path to the end is never as easy as it seems.

Controls:
Left/Right – L/R Arrow keys or A and D
Slide – Down key or S
Jump – Space
(Beta) Zoom out – Ctrl

Eruption!!
Built by myself and 4 other guys for the VR Game Jam (@zach, @sorensilk, Nick, and Tom). Most of us were brand new to Unity and game development so it was a great learning experience. We were up until the deadline last night (2am our time) putting in final touches.

We figured most teams would make first person view games so we decided to mix it up with a 3rd person platformer. We think the end result really works well with the Rift. We placed obstacles above and in front of you to force the player to look around the level and not just stare straight ahead.

Not sure where development is going from here but we’d love feedback.  Please visit the official game posting https://developer.oculusvr.com/forums/viewtopic.php?f=51&t=3879

3PManagedHosting vs. Shared Hosting: We Are Way Faster

This is the age of the split-second Internet decision, and attention spans are shrinking into  nothingness. Your website needs to impress the visitor at a glance, and it’s hard to do when it takes so long to load that your prospective customer says “Ah, screw it” and backs out to Google to see if your competitor functions faster.

This is why hosting is about so much more than cost. Many smaller business sites take advantage of “shared hosting,” where many sites are hosted on one server and isolated on different partitions. Price-wise, shared hosting is rock bottom – you will be able to host your site for a few bucks per month. However, this option gives you a bare-bones minimum of customer support, and when it comes to speed, shared hosting can be a logjam of frustration.

Managed hosting is a good balance between cost and attention. With 3P Managed Hosting, you get personalized service and troubleshooting for a modest increase in cost; just as important, your site loading times are going to be vastly improved.

To illustrate the point, we ran a comparison between two of our clients: Client S, which uses shared hosting, and Client L, whose site is housed on 3P Managed Hosting. We used the website WhichLoadsFaster.com to run several tests on the main pages and several inner pages of the two clients’ websites. These tests were run on Jul 26 2013, from 1:30-2:00 PM.

First, we compared loading times on the two main site pages. Loading time in milliseconds on the left refers to Client S; on the right, Client L.

Test 1:
Client L loads 2.2 × faster
3223 ms / 1439 ms

Test 2:
Client L loads 55% faster
2509 ms / 1618 ms

Test 3:
Client L loads 2.5 × faster
3715 ms / 1465 ms

I think we’re seeing a trend here.

Next, we compared 3 inner page loading times. For rough parity, we compared the “About Us,” “Contact Us” pages and one product or service page. For each site, WhichLoadsFaster.com loads the three pages one after the other and totals the time it takes for all three. Here are the results, again Client S is on the left and Client L is on the right:

Test 1:
Client L loads 99% faster
9807 ms / 4933 ms

Test 2:
Client L loads 2.0 × faster
10863 ms / 5383 ms

Test 3:
Client L loads 76% faster
9627 ms / 5456 ms

Parallel loading vs sequential loading (meaning, whether the speed tester loads both websites at once or one after the other, so they don’t have a chance to interfere with each other) makes no difference – 3P Managed Hosting knocks the socks off shared hosting every time.

Remember that a typical visitor who is looking to buy something is not just going load a single page – they will navigate around the website before making a commitment. A slow site doesn’t just cause a single moment of frustration, but does it with every mouse click. If you want to present a favorable impression to your potential customers, having a website that loads quickly and allows a visitor to navigate without frustration is one of the most important things you can do – and 3P Managed Hosting is here to help.