Minor change to SSH settings

We’ve made a minor technical change to the SSH settings our servers use, removing obsolete and less-secure ciphers like “3des-cbc”.

This should not affect anything for our customers who use SSH; we’re just documenting it in case anyone has difficulties with SSH connections.

As always, don’t hesitate to contact us if you have any trouble or questions.

Our servers are not vulnerable to the critical PHPMailer security bug CVE-2016-10033

Many scripts that send e-mail include a file called PHPMailer. The file is distributed as part of WordPress, Joomla, Drupal, and lots more software.

Recently, a security researcher discovered a security bug in PHPMailer. The bug could allow “hackers” to take over a website.

However, sites hosted on our servers are not vulnerable to this problem. (Despite that, you should always update your copy of WordPress, Joomla, or any other software when there’s a new version available.)

Read the rest of this entry »

New Year’s Day 2017 Holiday Hours

Our business offices will be closed on Monday, January 2 to observe the US legal holiday. As always, our support staff will be providing same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until Tuesday, and telephone support (via callbacks) will be available only for urgent problems.

Christmas 2016 Holiday Hours

Our business offices will be closed on Monday, December 26 to observe the US legal holiday. As always, our support staff will be providing same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until Tuesday, and telephone support (via callbacks) will be available only for urgent problems.

Protection against a critical Joomla < 3.6.5 security bug

The authors of the Joomla software announced that Joomla versions 1.6.0 through 3.6.4 have a critical security bug that allows “hackers” to take over a site (CVE-2016-9838).

The best solution for Joomla users is to update to version 3.6.5 immediately. However, we also added a security rule to our servers this evening to block this attack, based on an initial analysis.

The rule works by blocking attempts to register new Joomla users that contain certain kinds of invalid data; it allows only “expected” data. This could mean that if you’ve modified your Joomla user registration page in some unusual way, it might be incorrectly blocked. We’ll keep an eye out for this potential problem; don’t hesitate to contact us if you have any trouble.

PHP 5.6.29

The PHP developers recently released version 5.6.29 that fixes several bugs. We’ve upgraded the PHP 5.6 series on our servers as a result.

This change should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

PHP 7.0.14

The PHP developers recently released version 7.0.14 that fixes several bugs. We’ve upgraded the PHP 7.0 series on our servers as a result.

This change should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

WordPress 4.7

WordPress 4.7 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.

If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.

Read the rest of this entry »

PHP 7.0.13 and 5.6.28

The PHP developers recently released versions 7.0.13 and 5.6.28 that fix several bugs. We’ve upgraded the PHP 7.0 and 5.6 series on our servers as a result.

Read the rest of this entry »

Brief MySQL scheduled maintenance November 18, 2016 (completed)

Between 9:00 PM and 11:59 PM Pacific time on Friday, November 18, 2016, the MySQL database software on each of our servers will be upgraded from version 5.5.52 to 5.5.53. This will cause an approximately 60 second interruption of service on each MySQL-using customer Web site at some point during this period.

This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.

Update 9:43 PM Pacific time: The maintenance was completed as planned and all services are running normally.