| 20/01/2019 | Added subject to web form to prevent possible spam signature. |
| 11/11/2018 | Contact form page wasn't sending email due to /etc/resolv.conf wasn't able to reach mail server. Changed to public name server. |
| 13/07/2018 | Deprecating TLS 1.1 |
| 08/06/2018 | Updated new cipher suites for the TLS connections. |
| 13/03/2018 | Added DNS CAA record for Certificate Authority Authorisation |
| 04/03/2018 | Added to Wayback Machine for Internet archive. https://web.archive.org/web/*/https://mysuperweb.co.uk |
| 01/03/2018 | Added Security headers. |
| 21/02/2018 | Lowered "Expires" to be 3600 seconds. (1 hour). |
| 17/02/2018 | Removed X-Powered-By from the headers. |
14/02/2018
| Removed un-used / outdated plugins.
|
05/01/2018
| AMD processors appear to be not affected based on an statement from AMD. https://www.amd.com/en/corporate/speculative-execution.
|
05/01/2018
| The backend server is using CPU of AMD Opteron(tm) Processor 6386 SE, this appears to be safe from https://meltdownattack.com/. We will monitor the outcome in the coming days.
|
08/10/2017
| Reviewing HAProxy for load balancing and testing new environment for website migration.
|
24/09/2017
| Setting Let's Encrypt certificate to be auto renewal as needed via a CRON task.
|
01/04/2017
| Disabled Triple Data Encryption Algorithm Cipher Suite (3DES).
|
18/03/2017
| Adjusted the CSS to set the max-width on the banner option.
|
16/03/2017
| Removed 2048 SSH key and added 4096 SSH key.
|
06/03/2017
| Enabled rotating image on homepage for dynamic content illusion.
|
04/01/2017
| Changed redirect on website from 302 Temporary to 301 permanent for SEO purposes on the HTTP header.
|
03/09/2016
| Disabled TLS 1.0 due to PCI reasons.
|
27/08/2016
| Issued new certificate for HTTPS.
|
02/07/2016
| SSL TLS secured from CVE-2016-2107
|
04/06/2016
| Lowered caching timer so that new content can be loaded from server.
|
29/05/2016
| Enabled FTPS connection on port 21.
|
23/01/2016
| Updated backend server OS and package dependencies.
|
12/12/2015
| Changed website salt with new values.
|
21/11/2015
| Changed server encryption to comply with Chrome modern cipher suite.
|
07/11/2015
| Upgraded to custom kernel version.
|
05/11/2015
| Added grsecurity to server kernel.
|
08/10/2015
| Upgraded php version on the server.
|
26/09/2015
| Leverage browser caching for better website performance.
|
06/09/2015
| Resolved incorrect SNI alerts.
|
28/08/2015
| Upgraded HTTPS certificate to RSA 4096 bits.
|
05/08/2015
| Enabled Minify CSS.
|
28/07/2015
| Enabled automatic nightly backups.
|
17/07/2015
| Changed CMS password to a longer and more complex value.
|
09/07/2015
| Added SSH keys to the server.
|
08/07/2015
| Enabled Apache SNI to the server for multiple HTTPS websites on the same IP.
|
04/07/2015
| Server was detected sending spam on 29/06/2015, due to a WordPress theme vulnerability.
|
20/06/2015
| Added DNSSEC to domain name.
|
16/05/2015
| Added IPv6 AAAA record.
|
05/05/2015
| Added NTP time sync.
|
29/04/2015
| Added 2 factor authentication to login interface.
|
24/04/2015
| Updated new favicon.ico
|
05/04/2015
| Website unavailable in Firefox due to: (Error code: sec_error_ocsp_unknown_cert). This is because of server time variance.
|
22/02/2015
| Enabled HTTP Strict Transport Security (HSTS).
|
17/01/2015
| Enabled Perfect Forward Secrecy.
|
28/12/2014
| Added external monitoring system on server.
|
20/12/2014
| Removed RC4 cipher due to weak cipher suite.
|
19/12/2014
| Replaced the StartCom Class 1 Primary Intermediate Server CA with an SHA2 chain. https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
|
30/10/2014
| Resolved issue with phpmyadmin from: The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated.
|
24/10/2014
| Disabled SSLv3 to mitigate the POODLE: SSLv3 vulnerability (CVE-2014-3566) https://access.redhat.com/articles/1232123
|
