InterShield Evolves

Posted at March 19, 2018 at 7:17 am by Ylber Popaj

InterShield Evolves

InterServer’s InterShield system is able to stop many attacks and updates daily based on new data including new possible malware, known exploits and other Common Vulnerabilities. However, sometimes even with all these a new type of malware comes up.

In a recent case a site was redirecting to a pharmacy website but only when coming from a google search engine result. The site initially passed all scans of known vulnerabilities, the url did not exist in the code or database and it was reproducible. In this cases advanced debugging is needed. So xcache with trace was enabled which determined some interesting results. Follow this brief analysis and walk-through of our debugging process!


Debugging Begins

Starting here we load a normal WordPress file:


  •                     0.2006   18215480               -> force_ssl_admin() /home/proxpnco/public_html/
  •  0.2010   18242992             -> require(/home/proxpnco/public_html/
  • /home/proxpnco/public_html/
  •                settings.php:290



However, here the include is for a file not found in WordPress, so we continue to debug. We soon find that the URL being called was /privacy-policy/. We then execute a ‘wget’ to a remote URL. The wget then gives this information which does the redirect:


 0.4207 18334192 >=> ‘HTTP/1.1 200 OK\r\nDate: Fri, 02 Mar 2018 16:17:56 GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nX-Powered-By: PHP/5.3.3\r\nContent-Length:   82\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<location></location>’


In the vars file we find:

  •           * @package WordPress
  •           */@require_once(‘class.wp-includes.php’);


The @require_once is hidden after a comment.


Debugging Ends

End Notes

Using this data the our staff was able to  to create virus signatures in order to detect these. Class.wp-include.php signature is available at:

InterServer’s virus db detects most common malware and is available from​.  InterServer will continue to provide security updates to our customers so stay tuned for more on the expansion of our powerful InterShield.


WordPress Vulnerability Secured

Posted at February 21, 2018 at 8:46 am by Ylber Popaj


WordPress Vulnerability

The month of February brought yet another scare to the hosting world. A WordPress vulnerability was exposed which allowed hackers to initiate what is known as a denial of service (DoS) attack on ones website. Ultimately, under a DoS attack, your website becomes unreachable by anyone including you. The technical understanding of performing the DoS attack is rather simple.The flaw begins under the well-known “/wp-admin” directory. Every WordPress site is assigned this path as an administrative source. It was discovered that while loading this path there exists a script which fetches a number of JS/CSS files. This can be a heavy load on the server when performed repeatedly. Of course, DoS attacks found their roots and hackers began exposing this exact flaw. Due to its simplicity, the population of attempts are greatly increased and essentially adds more to the scare. Fortunately, any downtime is not acceptable by InterServer.

InterServer Response

InterServer was able to mitigate these attacks through mod_sucurity. Therefore, it is NOT possible to exploit this on our shared hosting services. While there is an alternative for individuals who may not have their site hosted with InterServer, it is not guaranteed success. The alternative is to modify the “/wp-admin” as a sub-directory which will free you against common WordPress admin scans.

As an InterServer customer, you can rest assured that your WordPress site will be safe from the newly exploited DoS attack flaw.

InterServer Patches Meltdown And Spectre

Posted at January 12, 2018 at 12:07 pm by Ylber Popaj


InterServer takes customer security with pride. Hear our story on how we tackled the recent security scare which targeted end-users nation wide.


What is Meltdown and Spectre?

You may have heard of terms like Meltdown and Spectre in recent tech news. Both exhibit a hardware vulnerability exposed by a small team in Austria. Through software, both are able to access private data on a server, but how is this possible? The vulnerability begins at the most inner core of a computer, the Central Processing Unit (CPU). By observing micro processes and transactions, these programs were able to access other parts of the computer that may not be relevant to the actual programs running. For instance, e-mails, files, browsing history, etc. were all subject to vulnerability.  While the technical understanding of Meltdown and Spectre is extremely high level, it is important to understand that InterServer took immediate action.


InterServer Reacts

InterServer CTO, John Quaglieri kept up to date with all Linux distributions and their kernel updates that would directly target Meltdown and Spectre. Fortunately, John was able to update our Linux machines immediately and efficiently to ensure that all data is secure. From our Shared Hosting to VPS, all kernels have been updated up to par based on their respective Linux distributions. He allowed our customers to keep track with his progress in a frightening situation by logging any updates on our forum page.


Forum Posts

Here is the forum URL link which tracks any updates regarding Meltdown and Spectre in InterServers infrastructure – click here.

BitCoin – To Bit, or Not To Bit

Posted at December 18, 2017 at 5:25 pm by Ylber Popaj

In recent news, you may have noticed the subject popularity on Bitcoin. The following questions may come up,

  •       What is BitCoin?
  •       What is Cryptocurrency?
  •       How can I earn Bitcoin?
  •       How much is it worth?
  •       What’s the hype about?

We will help you get a clear picture of the internet currency without getting into the nitty gritty details that may confuse most people.

What is BitCoin and Cryptocurrency?

Firstly, Bitcoin is an internet currency or better known as, a cryptocurrency. It offers a way to make transactions without the common use of the U.S dollar. A fair comparison would be to having your wallet full of cash and harddrive full of bitcoin. In both scenarios, you possess a currency worth some value. Right now, one bitcoin is worth 16,207 dollars. Other companies exist that offer cryptocurrencies, a few of them being : Ethereum, LiteCoin, Neo, Monero.

How can I earn Bitcoin?

Unfortunately, Bitcoin isn’t offered as an hourly wage nor can you earn it through a typical job. There are two ways it is possible to acquire Bitcoin:

  1. Trade other currency (like the U.S Dollar) for Bitcoin.
  2. Use your own computer/server to mine for Bitcoin rewards

The first option is rather simple. You trade 1 Bitcoin for 16,207 dollars. In 2009, you were able to purchase 5,000 bitcoins for as low as 27$.

The second option is where the Bitcoin story gets complicated. For simplistic reasons, we will keep the explanation concise and to the point. You may have heard of the term ‘mining’ related to the technology field. When pertaining to Bitcoin or a cryptocurrency, the term mining isn’t what we might initially imagine. Instead of digging into the Earth’s crust in hopes to find some Bitcoin, we dig deep into CPU utilization. Powerful computers solve Bitcoin designed ‘problems’ or ‘equations’. As a reward, Bitcoin assigns a bitcoin to the host who solved the equation. The entire process has a snowball effect. The more value a Bitcoin gains the harder the equations are to solve.

So, now that we know what Bitcoin is, what is all the fuss about?

The hype begins around the fact that the new currency is completely unregulated by government agencies. While it is bannable by governments, it is not regulated. A major component of Bitcoin popularity is also the delicacy of Cryptocurrency and its worth. It’s like taking a gamble. Dedicating time, money, and effort to gain Cryptocurrency can profit in thousands to millions of dollars while in some cases, very little to none.

In most recent news, Bitcoin proved to be a very profitable business as its value skyrocketed in just a few months.

To Bit, or Not To Bit?  That is the question.

Unfortunately for the common consumer, investing in Bitcoin is not so realistic anymore because of its value. As previously stated, today, one Bitcoin is worth 16,207 dollars. So, to invest in Bitcoin at its current value is rather pricey. If you are just learning about the hype-train, it is unfortunately a little late to hop on. This doesn’t mean that you can’t explore other cryptocurrencies. Other companies still compete with Bitcoin and have proven their potential of exponential growth in the following years.

While the Cryptocurrency world is still very unpredictable, it is important to consider its expansion and potential. Keep an eye out and enjoy the evolution of Cryptocurrency unfold!

Make Magento 2 Faster in 5 Easy Steps

Posted at December 13, 2017 at 6:33 am by Ylber Popaj

Magento 2 is a complex and highly configurable eCommerce platform. It supports endless level of customization.  It lets you create a website with almost any functionality you can think of.

The price you pay for such a flexible eCommerce solution is performance. Magento 2 (M2) might be quite slow. I am sure you have seen people on the web searching for ways to speed it up.

I am going to share with you my 5 easy steps to fix a slow M2 site. You don’t need to have programming skills to implement them. Follow me.

  1. Perform 3rd-party Extensions Audit.
  2. Upgrade Hosting Plan.
  3. Use Production Mode.
  4. Disable JavaScript bundling and enable HTTP/2.
  5. Enable Full Page Cache and Varnish.

1. 3rd-party Extension Audit

Magento 2 functionality could be extended with custom 3rd-party plugins. You can develop your own extensions or buy them from various vendors. Most plugins are poorly coded. Unlike Magento core which was written by experts, custom extensions are coded by average programmers at most. With average skills and no appreciation for performance benchmarks. It is no wonder some 3rd-party extensions slow down a Magento 2 site. You need to do an audit to identify those plugins that affect site performance.

First get a list of all custom extensions. Go to Magento backend menu Stores > Configuration > Advanced > Advanced. You will see an output like this:

Those are all extensions that are installed on your Magento 2. Ones that start with Magento_ are core plugins and you should ignore them. Others are 3rd-party modules. Copy them to a special list ‘Custom Extensions’Now go through ‘Custom Extensions’ list and disable modules one by one. How do you disable a module? You will need SSH (Secure Shell) for that. Use SSH to login to the server and navigate to Magento root folder:

      cd /path/to/magento/root/folder 

Then issue a command to disable a module:

     php bin/magento module:disable Vendor_ModuleName 

After you disable an extension benchmark site speed. You can use an online tool  Do you see a difference in page load time? If you do than that plugin is an abuser. Contact its vendor and ask for help. Or uninstall it or find an alternative. If there is no speed difference move to the next plugin. Sooner or later you will find a few extensions that are performance hogs.

2. Upgrade Hosting Plan

Magento 2 requires powerful hosting to deliver decent performance. If your M2 is running consistently slow it might be just screaming out loud – I need more CPU and RAM!

Here is a simple trick I use to determine whether a poor hosting plan is the reason for poor M2 performance:

  1. Download a fresh Magento 2 copy. Pick the same version you are currently running.
  2. Install and setup the fresh M2 copy on your hosting.
  3. Compare the fresh M2 performance versus the live site performance. You can use sites like to measure speed metrics.
  4. If the fresh M2 speed is significantly faster – your host is OK.
  5. If the fresh M2 is as slow as your live site – you need to upgrade the hosting plan. Get more CPU and RAM, make sure you use SSD.

If you find out you need a better hosting plan – contact your hosting company and ask for one. If you were using a shared plan – go with VPS. If you were using VPS go with a dedicated server. Explore your options.

3. Use Production Mode

There are three Magento 2 modes: default, developer and production. Magento 2 is designed to be fast only in production mode. You might be surprised how many M2 sites are slow only because they are in developer mode. The reasons vary: a developer forgot to switch M2 to production, a data entry specialist turned on developer mode for testing purposes and never turned it off. You need to make sure you run M2 site in production mode only. You can find out what mode you are in now by running this simple SSH command inside Magento root folder:

       php bin/magento deploy:mode:show 

You can turn on production mode with this command:

     php bin/magento deploy:mode:set production  

4. Disable JavaScript bundling and enable HTTP/2

This performance tip relates to known “feature” of Magento 2: if you enable JavaScript bundling your bundled JS file will be over 5Mb. Here is a bug report on GitHub

5Mb file will kill M2 performance on slow mobile networks. You need to avoid that. Do not use JavaScript bundling option. It is not worth it. Go to Magento 2 backend menu Stores > Configuration > Advanced > Developer > Enable JavaScript Bundling and set JS bundling to No.


If you disable JavaScript bundling your frontend pages will request lots of individual JS files making lots of HTTP requests. That might be considered as a slow factor but only with HTTP/1.  Here comes HTTP/2. This protocol was designed to make sites with lots of HTTP requests fast. It does that and many other performance optimization tweaks that make M2 deliver decent performance.

Contact your hosting and ask if they support HTTP/2. Let them enable HTTP/2 for your Magento 2 store.

5. Full Page Cache

Magento 2 comes equipped with Full Page Cache. It means M2 can cache whole pages making time to first byte (TTFB) for cached pages around 500ms i.e. half a second. This is good news.  You need to make sure Full Page Cache is always on. Go to backend menu System > Cache Management and double check.  You might be surprised to see all your cache disabled. Your developer might have turned it off for testing purposes and forgot to put it back on. No wonder you are experiencing performance problems!

Magento 2 supports Varnish out of the box. Varnish is a special software that caches and serves static content. It helps with making TTFB as low as possible. Contact your hosting support team to have Varnished installed and configured on your server.

You can enable Varnish for Magento 2 Full Page Cache at backend menu Stores > Configuration > Advanced > System:



Those were my 5 tips to speed up Magento 2. They are field-proven and tested. I used them many times to optimize performance of slow M2 sites. I hope you find them useful.

About the author: Konstantin Gerasimov is a Magento Certified Developer with He specializes in backend development, speed optimization and extension creation.