Bricks Security: The Surprising Reason I Didn’t Get Hacked

Подписаться 20 тыс.

Просмотров 3,1 тыс.

50% 1

To my surprise, none of my Bricks sites were hacked in the recent security scare.
Yes, I did update Bricks as soon as I heard about it. But it turns out my hosting company were WAY ahead of the game. Without me even knowing, they'd patched my sites BEFORE the vulnerability was even made public.
"The Bricks exploit was never successfully used on a site hosted at Rocket.net."
Rocket.net: davefoy.link/rocketnet (affiliate link) 🚀
LINKS IN THE VIDEO
- Details of the Bricks vulnerability: snicco.io/vulnerability-discl...
- Remkus de Vries and Calvin Alkan livestream: • Everything about the B...
- How to fix your site if you got hacked: academy.bricksbuilder.io/arti...
- BricksLabs: brickslabs.com
- GridPane: gridpane.com
MY FREE BRICKS MASTERCLASS
Take my FREE Bricks masterclass-learn the real key to faster builds, effortless future maintenance, and more profitable projects:
davefoy.link/bricks-masterclass

Опубликовано:

25 фев 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 60

@remkusdevries 2 месяца назад

Thanks for the shoutout, Dave! Appreciate it. The final video of the interview I did with Calvin lives at a different RU-vid URL, btw.

@DaveFoy 2 месяца назад

No worries, brother. Any time. I updated the description with the new URL 🙏🏼

@remkusdevries 2 месяца назад

@@DaveFoy Thank you!

@goodchoices5125 3 месяца назад

I have great confidence in Thomas. With this experience, his competence and ethics, I bet he will make Bricks bullet-proof for the future.

@goodchoices5125 3 месяца назад

just a pity that with this re-prioritization I'll have to wait longer for the component feature.

@DaveFoy 3 месяца назад

Yes. I know they've taken this very seriously and are already undertaking a thorough security review.

@DaveFoy 3 месяца назад

@@goodchoices5125 Yeah, that's the extra bummer!

@noraholmquist8231 3 месяца назад

Great video, great perspective. Love the quote “for those of you who like to grab the other end of the stick…” 😀

@DaveFoy 3 месяца назад

Haa haa, thanks Nora. ☺️

@farhan-app 3 месяца назад

As always, great video pal. Keep up the great work.

@DaveFoy 3 месяца назад

Thank you sir.

@markbratton111 3 месяца назад

Marked safe from the great Bricks vulnerabilty. Lol. Glad you were on top of it. Since all of my sites are Bricks now, so I was on top of it as well. KUDOS to Bricks team for their swiftness. I will be looking closely at Rocket from this point on!!

@DaveFoy 3 месяца назад

Glad you got through it unscathed too Mark. :)

@kylevandeusen 3 месяца назад

The master at work!

@DaveFoy 3 месяца назад

☺️

@JunaidCo Месяц назад

How can one signup for such vulnerability updates specific to the most common themes and plugins one uses?

@derekshort 3 месяца назад

Good video

@DaveFoy 3 месяца назад

Thanks, Derek.

3 месяца назад

We were lucky, just 3 sites got hit. but i was a shitshow to clean it up. i don´t blame bricks. other builder got hit at some point, but this one was realy fast. Maybe AI is to blame for that, but normaly you have a little bit more time to react.

@DaveFoy 3 месяца назад

They were v quick off the mark, yes.

@jean-paulmesserli8269 3 месяца назад

I was just lucky or maybe my webhosting companies did it or me!?

@DaveFoy 3 месяца назад

It's possible! If you updated quickly then that'd also do it.

@NelmediaCa 3 месяца назад

all plugins allowing to "add PHP code"... so that includes tools like Code Snippets and the like, if they allow PHP, I guess...? I wasn't hacked either, btw... Probably not because of my hosting company, though, but because I use BBQ Pro (and Solid Security Pro)...

@DaveFoy 3 месяца назад

Hey Nelson. I'm not a security expert, as you can tell from the video. But I think the difference is - the Bricks vulnerability allowed *unauthenticated* users to execute arbitrary PHP code without needing to log in or have any user account on the WordPress site. Whereas, code snippet plugins are for admin-level users only. So for someone to execute malicious code in a code snippet plugin, they'd first need to access an admin-level user account, which is a lot higher barrier to entry compared to exploiting a vulnerability that allows unauthenticated access. With the Bricks vulnerability, they were able to bypass the authentication process entirely, allowing direct execution of PHP. I *think* that's roughly it anyway!

@Grow_YouTube_Views_93 3 месяца назад

j cole would be proud

@DaveFoy 3 месяца назад

Famously hosts with Rocket.net.

@avipro737 3 месяца назад

Switched to Webflow ;) Did bite the WP bullet, finally.

@ocertan 3 месяца назад

My heart also wants to jump to Webflow sometimes but my brain can't let that happen. How long are you able to live with the limitations? Are you ok to pay monthly fees for limited resources? Did you know that ones your site becomes bigger than the standard packages you got to pay a lot in the enterprise plan? A good security plan will protect you against any attack, stay free and unlimited by open source software :)

@replymedia 3 месяца назад

@@ocertanYou really have to be a large site to go over 200gb of bandwidth and 250k monthly visitors. We switched to Webflow a few years ago and all of our client sites just work. Switching back to Wordpress for a larger site, has been an interesting transition. With Webflow you don’t need to really think about any of this. Most people argue about costs, but I actually think when you compare plugin costs, hosting costs, firewalls, security, Wordpress costs more vs $29m Webflow plan.

@sam-harrison 3 месяца назад

@@ocertan Just out of interest what limitations would be an issue for the kind of projects you’re creating?

@ocertan 3 месяца назад

@sam-harrison Hey Sam, by limitation I primarily mean the extendebility of the platform by plugins. You can do a lot with Webflow but if you once come around a client that needs certain functionality like ticketing for example, sooner or later you have to work with WordPress again. At last, you need to know how to implement a good security strategy by then. For most client works Webflow will be sufficient of course. As an agency to split the workflow between those two can be a bit less efficient. I love the idea to finish a client work and never worry again because of updates or security. The type of clients we attract at the moment can't let that happen though. How are you managing these issues as a Webflow based Web-Specialist?

@bend84 3 месяца назад

The commotion over this is why I left the fb group. How much longer can this dead horse be flogged?

@SridharKatakam 3 месяца назад

Come back. All security related stuff must now only be posted in a single topic in the group.

@DaveFoy 3 месяца назад

No horses, dead or alive, were flogged in the making of this video. Just sharing a great hosting experience.

@noraholmquist8231 3 месяца назад

@@SridharKatakam Thanks for the moderation. I did stop reading Bricks fb for awhile. It is now back to an enjoyable community - as I can sort by new posts and avoid all that noise.