Between 9:00 PM and 11:59 PM Pacific time on Friday, February 24, 2017, the MySQL database software on each of our servers will be restarted. This will cause an approximately 60 second interruption of service on each MySQL-using customer Web site at some point during this period.
This is necessary for security and stability reasons. We apologize for the inconvenience this causes.
Update 9:49 PM Pacific time: The maintenance was completed as planned and all services are running normally.
Between 9:00 PM and 11:59 PM Pacific time on Friday, February 3, 2017, the MySQL database software on each of our servers will be upgraded from version 5.5.53 to 5.5.54. This will cause an approximately 60 second interruption of service on each MySQL-using customer Web site at some point during this period.
This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.
Update 9:44 PM Pacific time: The maintenance was completed as planned and all services are running normally.
This post has technical details about a change in the way PHP scripts are run from the command-line shell on our systems. It doesn’t affect PHP scripts run through websites, which is what most of our customers use (for WordPress and so on); nothing is changing about those web-based PHP scripts.
Read the rest of this entry »
We’re making a minor technical change to the SSH settings our servers use, removing obsolete and insecure ciphers like “3des-cbc”.
The changes are required to ensure that sites we host pass PCI compliance scans. The obsolete ciphers allowed SSH connections that appeared to be secure, but really weren’t.
This should not affect anything for our customers who use SSH, as long as you use modern, updated SSH software. We’re just documenting it in case anyone has difficulties with SSH connections.
If you do have any trouble, the solution is almost certainly to update your SSH client software, though — the program you’re using is probably pretty outdated and may also have trouble connecting to other servers, not just ours.
As always, don’t hesitate to contact us if you have any trouble or questions.
Read the rest of this entry »
Many scripts that send e-mail include a file called PHPMailer. The file is distributed as part of WordPress, Joomla, Drupal, and lots more software.
Recently, a security researcher discovered a security bug in PHPMailer. The bug could allow “hackers” to take over a website.
However, sites hosted on our servers are not vulnerable to this problem. (Despite that, you should always update your copy of WordPress, Joomla, or any other software when there’s a new version available.)
Read the rest of this entry »
The authors of the Joomla software announced that Joomla versions 1.6.0 through 3.6.4 have a critical security bug that allows “hackers” to take over a site (CVE-2016-9838).
The best solution for Joomla users is to update to version 3.6.5 immediately. However, we also added a security rule to our servers this evening to block this attack, based on an initial analysis.
The rule works by blocking attempts to register new Joomla users that contain certain kinds of invalid data; it allows only “expected” data. This could mean that if you’ve modified your Joomla user registration page in some unusual way, it might be incorrectly blocked. We’ll keep an eye out for this potential problem; don’t hesitate to contact us if you have any trouble.
Between 9:00 PM and 11:59 PM Pacific time on Friday, November 18, 2016, the MySQL database software on each of our servers will be upgraded from version 5.5.52 to 5.5.53. This will cause an approximately 60 second interruption of service on each MySQL-using customer Web site at some point during this period.
This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.
Update 9:43 PM Pacific time: The maintenance was completed as planned and all services are running normally.
Between 5:10 and 5:23 PM Pacific time today (Nov 14, 2016), the “web12” server was intermittently unavailable due to a hardware failure.
The problem has now been resolved, and other servers were not affected. We apologize for the inconvenience this caused our customers.
The authors of the Joomla software announced that Joomla versions 3.4.4 through 3.6.3 have a critical security bug that allows “hackers” to take over a site by adding new administrative users (CVE-2016-8869).
The best solution for Joomla users is to update to version 3.6.4 immediately. However, we also added a rule to our servers this morning to block this attack. The rule should ensure that if you use our hosting service, hackers won’t be able to take advantage of this bug.
(And a tip o’ the hat to security researcher Melvin Lammerts, who published detailed technical information of the bug that allowed us to do this more quickly than usual.)
Between 10:00 PM and 11:59 PM Pacific time on Tuesday, October 25 2016, each of our hosting servers will be restarted. This will cause a brief interruption of service (less than 5 minutes) for each site at some point during this 2 hour period.
Read the rest of this entry »
