Brief MySQL scheduled maintenance August 12, 2016 (completed)

Between 9:00 PM and 11:59 PM Pacific time on Friday, August 12, 2016, the MySQL database software on each of our servers will be upgraded from version 5.5.49 to 5.5.50. This will cause an approximately 60 second interruption of service on each MySQL-using customer Web site at some point during this period.

This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.

Update 10:43 PM Pacific time: The maintenance was completed as planned and all services are running normally.

telnet is no longer supported; please use SSH instead

One of the features of our hosting plans is the ability for technically advanced customers to use the Unix (Linux) command-line shell.

Until now, there have been two ways to connect to the shell: you could use telnet, or use SSH (which stands for “secure shell”).

The older telnet method dates to 1969 (that’s not a typo) and is not secure: it sends your account password without any encryption, allowing it to be seen by eavesdroppers on your local network (such as other people in a Wi-Fi cafe).

SSH, as you can guess from the “secure” in its name, fixes this — and more: Anything you can do with telnet, you can do with SSH.

Telnet should never be used anymore. Everyone should always use SSH. We have a page explaining how to use SSH with your site.

Our logs show that almost all of our customers are already using SSH instead of telnet. Because of that, and because there are several ongoing “denial of service” attacks involving telnet, we’re disabling telnet as a shell connection method to increase the security of our servers. Please use SSH instead.

Don’t hesitate to contact us if you have any questions or concerns.

Some Word files blocked by virus scanners (resolved)

Between 9:50 PM Pacific time August 9, and 10:49 AM Pacific time August 10 (today), a third-party virus scanner we use incorrectly marked some Microsoft Word attachments as being a virus called “Win.Exploit.CVE_2016_3316-1” and returned them to the sender. This affected several of our customers.

We’ve “whitelisted” this virus pattern to prevent this from happening. However, our logs show that many other ISPs are still incorrectly rejecting this “virus pattern”, so you may still see some rejections if you send Word attachments outside our network until the other ISPs also fix it.

We apologize for the inconvenience this caused any of our customers.

Service interruption August 10 2016 (resolved)

Between 8:52 and 9:03 AM Pacific time today (August 10, 2016), some sites we host experienced an interruption of service. The problem is resolved, and will not recur.

Read the rest of this entry »

PHP 7.0.9, 5.6.24, and 5.5.38

The PHP developers recently released versions 7.0.9, 5.6.24 and 5.5.38 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

Our servers are not vulnerable to the “httpoxy” security bug

Recently, security researchers announced a bug that affects many web scripts, called the httpoxy bug.

Sites hosted on our servers are not vulnerable to this bug, because we’ve added a security rule blocking all HTTP requests that contain a “Proxy:” header. This completely blocks all malicious “httpoxy” requests, and our customers don’t need to do anything else.

AWStats updated to version 7.5

We’ve updated the AWStats software we use to generate website statistics. The statistics beginning today use the latest version 7.5.

This version has support for newer browsers, operating systems, and search engines, and is somewhat better at identifying and filtering out traffic from non-human visitors.

We should probably mention that if you’re relying on AWStats for information about the behavior of human visitors, you can usually get more accurate statistics using Google Analytics, which works in a different way than simply analyzing log data after the fact. We have a page explaining more about the difference between AWStats and Google Analytics.

PHP 7.0.8, 5.6.23, and 5.5.37

The PHP developers recently released versions 7.0.8, 5.6.23 and 5.5.37 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

4th of July 2016 holiday hours

Our business offices will be closed on Monday, July 4 to observe the US legal holiday. As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until the next business day (i.e., Tuesday), and telephone support (via callbacks) will be available only for urgent problems.

PHP 7.0.7, 5.6.22, and 5.5.36

The PHP developers recently released versions 7.0.7, 5.6.22 and 5.5.36 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.