HTTP Strict Transport Security (HSTS) Implementation

Rackspace will be implementing HTTP Strict Transport Security (HSTS) to the Cloud Sites infrastructure on August 1, 2016. This security upgrade only applies to HTTPS sites. HSTS significantly improves website security, ensuring redirects are protected from information capture by attackers and protects from malicious redirects to phishing sites.

All Laughing Squid Web Hosting customers using SSL for their sites will need to resolve any mixed content warnings on their sites by August 1st to avoid down time. More information on what mixed content is and how to verify and correct it is available here:

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content?hl=en

To test changes prior to the implementation, put this line in the top of your .htaccess file:

Header Set Strict-Transport-Security "max-age=90"

This will cause HSTS to be strictly enforced on the site for up to 90 seconds, enough time to prevent the site from caching the enforcement while still allowing changes to any page(s) if needed. On August 1st, Rackspace will set the enforcement time to 180 days, which is the full implementation recommendation. After this any mixed content sites will be unable to serve content properly.

If you have issues with the new HSTS implementation, please contact us through the Help Desk.

Control Panel/FTP Password Resets

Our upstream provider Rackspace has been conducting security audits for cloud hosting. As a precautionary measure, it has become necessary to reset Laughing Squid control panel/FTP passwords.

If you are suddenly unable to access the control panel and/or FTP for your hosting account, then your password was reset. Do not worry, your website has not been compromised. There are just a few clicks and some basic information required to enter and regain access:

  1. Please go to your control panel and click Lost your password?. This will prompt you for your login Username and will send you an email containing instructions on how to reset your password. Keep in mind that your control panel and FTP login Username and password are identical.
  2. If you do not know your Username, click Don’t know your username? for retrieval.
  3. If you are unable to remember or obtain access to your login information, please contact us through the Help Desk for assistance.

Going forward, PLEASE USE STRONGER PASSWORDS. We have posted about strong passwords before. We strongly encourage using password management tools like 1password and Lastpass to help you store and use 12+ character count alphanumeric passwords that you don’t need to remember that will tremendously improve the overall security of your digital footprint.