Tag: security

Further improved security

In early August we noticed a brute-force attack that was targeting our login form.

The attackers were targeting 6 specific Spin Rewriter accounts, and they were sending us hundreds of login attempts per minute that were coming in from a variety of different IP addresses.

These login attempts were trying what appeared to be a set of predetermined passwords (we have no way of knowing the exact passwords that were used in the attack because we always hash the passwords before storing them, like every web service should).

So, first the good news: None of the accounts were compromised. The attackers gave up after a couple of hours, after getting nowhere.

And the even better news: In light of this, we’ve taken another look at our login system and the code that powers it. We are extremely satisfied with how well it has done, and we’ve now also tweaked a few parameters to make the login system even more secure, out of an abundance of caution.

Without revealing too much (this information could help guide potential attackers in any future attacks), our login system remains truly state-of-the-art, following all modern security standards, now also including rate-limiting after a set number of failed login attempts in a certain time frame, and so on.

So you can rest assured that your Spin Rewriter account (and all of your articles and other information inside of it) is safe and waiting for you — and you only. 😉

SSL certificate and security check

As you might’ve noticed, Spin Rewriter has been using an SSL certificate for about a year now — which allows us to serve the entire website and all parts of Spin Rewriter’s user interface securely over the “https” protocol to all of our customers.

This means no one can intercept any of your traffic, including your username or password, the articles you’re spinning, or learn anything else about your activity on the Spin Rewriter website at all. We think that’s pretty cool — and it’s definitely the right way to do things when it comes to running an online business.

Well, our SSL pilot project has been extremely well received and didn’t introduce any glitches to our systems whatsoever — so we’ve now decided to go all-in with SSL support and have just extended our SSL certificate for another 3 years.

While we were at it, we also performed a security audit of the entire Spin Rewriter website plus all of our back-end systems including our API… and I’m super happy to report that we’ve passed all security tests with flying colors. 😀

Bottom line: This means you’re in good hands, and we’ll make sure we keep it that way. 😉

Our biggest server upgrade ever just became even BIGGER

I already told you a little bit about our upcoming humongous server upgrade two days ago, on Wednesday… and I’m super happy to say that the upgrade is coming along very nicely, indeed!

We’ve settled on the final configuration of our new servers and we’ve already rolled out a parallel grid of brand-new servers with an identical copy of Spin Rewriter so we can work on the copy without disturbing anyone on the actual “live” website. Right now we’re in the testing stage and I believe we’ve already squashed most of the bugs that felt like making an appearance after the huge server migration.

In other words, we’re progressing quite nicely! So nicely, in fact, that we’ve decided to go a step further than planned while still sticking to our original timeframe. With the finalized server upgrade next week we’re now also planning to roll out SSL support, in other words that green “https” version of the Spin Rewriter website for extra security and reliability.

We’re very excited about this (as you can probably tell), and will keep you posted! 😉

> Part 3: Biggest server upgrade ever is looking GOOD!