Change log

DateDescription
20/01/2019Added subject to web form to prevent possible spam signature.
11/11/2018Contact form page wasn't sending email due to /etc/resolv.conf wasn't able to reach mail server. Changed to public name server.
13/07/2018Deprecating TLS 1.1
08/06/2018Updated new cipher suites for the TLS connections.
13/03/2018Added DNS CAA record for Certificate Authority Authorisation
04/03/2018Added to Wayback Machine for Internet archive. https://web.archive.org/web/*/https://mysuperweb.co.uk
01/03/2018Added Security headers.
21/02/2018Lowered "Expires" to be 3600 seconds. (1 hour).
17/02/2018Removed X-Powered-By from the headers.
14/02/2018
Removed un-used / outdated plugins.
05/01/2018
AMD processors appear to be not affected based on an statement from AMD. https://www.amd.com/en/corporate/speculative-execution.
05/01/2018
The backend server is using CPU of AMD Opteron(tm) Processor 6386 SE, this appears to be safe from https://meltdownattack.com/. We will monitor the outcome in the coming days.
08/10/2017
Reviewing HAProxy for load balancing and testing new environment for website migration.
24/09/2017
Setting Let's Encrypt certificate to be auto renewal as needed via a CRON task.
01/04/2017
Disabled Triple Data Encryption Algorithm Cipher Suite (3DES).
18/03/2017
Adjusted the CSS to set the max-width on the banner option.
16/03/2017
Removed 2048 SSH key and added 4096 SSH key.
06/03/2017
Enabled rotating image on homepage for dynamic content illusion.
04/01/2017
Changed redirect on website from 302 Temporary to 301 permanent for SEO purposes on the HTTP header.
03/09/2016
Disabled TLS 1.0 due to PCI reasons.
27/08/2016
Issued new certificate for HTTPS.
02/07/2016
SSL TLS secured from CVE-2016-2107
04/06/2016
Lowered caching timer so that new content can be loaded from server.
29/05/2016
Enabled FTPS connection on port 21.
23/01/2016
Updated backend server OS and package dependencies.
12/12/2015
Changed website salt with new values.
21/11/2015
Changed server encryption to comply with Chrome modern cipher suite.
07/11/2015
Upgraded to custom kernel version.
05/11/2015
Added grsecurity to server kernel.
08/10/2015
Upgraded php version on the server.
26/09/2015
Leverage browser caching for better website performance.
06/09/2015
Resolved incorrect SNI alerts.
28/08/2015
Upgraded HTTPS certificate to RSA 4096 bits.
05/08/2015
Enabled Minify CSS.
28/07/2015
Enabled automatic nightly backups.
17/07/2015
Changed CMS password to a longer and more complex value.
09/07/2015
Added SSH keys to the server.
08/07/2015
Enabled Apache SNI to the server for multiple HTTPS websites on the same IP.
04/07/2015
Server was detected sending spam on 29/06/2015, due to a WordPress theme vulnerability.
20/06/2015
Added DNSSEC to domain name.
16/05/2015
Added IPv6 AAAA record.
05/05/2015
Added NTP time sync.
29/04/2015
Added 2 factor authentication to login interface.
24/04/2015
Updated new favicon.ico
05/04/2015
Website unavailable in Firefox due to: (Error code: sec_error_ocsp_unknown_cert). This is because of server time variance.
22/02/2015
Enabled HTTP Strict Transport Security (HSTS).
17/01/2015
Enabled Perfect Forward Secrecy.
28/12/2014
Added external monitoring system on server.
20/12/2014
Removed RC4 cipher due to weak cipher suite.
19/12/2014
Replaced the StartCom Class 1 Primary Intermediate Server CA with an SHA2 chain. https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
30/10/2014
Resolved issue with phpmyadmin from: The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated.
24/10/2014
Disabled SSLv3 to mitigate the POODLE: SSLv3 vulnerability (CVE-2014-3566) https://access.redhat.com/articles/1232123