New status page

We’ve traditionally used our blog for notifications about our system status, but we’ve now added a more modern status page, at www.tigertechstatus.net. It shows any problems, outages, or planned maintenance.

We recommend that you bookmark the page in your web browser so you can check it even if you can’t reach our main site for some reason. (It’s hosted by a third party, so it will be available even if there’s a problem with our services.) You can use the Get Updates button in the top of that page to subscribe to status updates by email, Slack, Microsoft Teams or RSS feeds.

New web-based file manager

We recently added a new web-based file manager interface for our hosting customers. It’s a great alternative to FTP if you need to transfer files.

In addition to the features you’d expect, like uploading, downloading, unzipping, and so on, you can use it to browse individual files in backups we’ve made for your account. (Unlike many other hosting companies nowadays, backups are still always included free with all our hosting plans!)

PHP versions 8.0.23 and 8.1.10

The PHP developers recently released versions 8.0.23 and 8.1.10 that fix several bugs. We’ve upgraded the PHP 8.0 and PHP 8.1 series on our servers as a result.

Customers should not notice any changes, but as always, don’t hesitate to contact us if you have any trouble.

Protection against the BackupBuddy file download bug

The authors of the popular BackupBuddy WordPress plugin recently announced a serious security bug in many versions of their software.

This bug is being exploited by “hackers” who have used it to download the private “wp-config.php” file of many WordPress sites. It’s then possible to use the private information in that file to login to your WordPress dashboard without knowing the password, or to modify your site’s database.

We’ve added firewall rules to block downloads of that file via the bug, but in addition, we’re taking the following steps to protect our customers who were using a vulnerable version of the BackupBuddy plugin at any point between August 26 and September 8:

  1. Changed the backend WordPress database password to a new random one; and
  2. Changed the WordPress “salts” in the wp-config.php file.

These are the steps recommended in the post by the BackupBuddy authors, so our customers don’t need to do this themselves. (The post also suggests an optional third step, but that doesn’t apply to most WordPress sites.)

The only difference affected customers should notice is that WordPress may ask for your normal password again the next time you login, rather than “remembering” you from a previous login.

If you’re using the BackupBuddy plugin on your site, it’s also a good idea to make sure you’re using the latest version of it — in fact, it’s a good idea to turn on automatic updates for all your plugins to minimize the risk of something like this affecting you.

Finally, keep in mind that we already make daily backups of your website at no extra charge. We never want to discourage people from making their own additional backups, but those extra backups are most useful if they’re stored in another location (not just on the same server you’re making a backup of). While investigating this, we noticed that most people using BackupBuddy are simply storing an extra copy on the same server, which doesn’t add much protection against data loss. If you make your own backups, you should ideally copy them to your own computer, or to an external location like Dropbox.

PHP versions 8.0.22 and 8.1.9

The PHP developers recently released version 8.0.22 that fixes several bugs. We’ve upgraded the PHP 8.0 series on our servers as a result.

In addition, we’ve added support for PHP 8.1 (currently version 8.1.9). We consider PHP 8.1 to be only experimental for now; it still has incompatibilities with many scripts, including WordPress, and should probably not be used on production sites. If you try it and have any trouble, we recommend you simply switch back to an earlier version of PHP in our control panel.

As always, don’t hesitate to contact us if you have any trouble.

PHP versions 7.4.30 and 8.0.21

The PHP developers recently released versions 7.4.30 and 8.0.21 that fix several bugs. We’ve upgraded the PHP 7.4 and 8.0 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

PHP versions 7.4.29 and 8.0.18

The PHP developers recently released versions 7.4.29 and 8.0.18 that fix several bugs. We’ve upgraded the PHP 7.4 and 8.0 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

PHP version 8.0.17

The PHP developers recently released version 8.0.17 that fixes several bugs. We’ve upgraded the PHP 8.0 series on our servers as a result.

This change should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Our servers are not vulnerable to the March 2022 “Dirty Pipe” security bug

Customers have asked us whether our servers are vulnerable to the recent serious security bug CVE-2022-0847 (nicknamed “Dirty Pipe”) in the Linux kernel software (explained in more technical detail here).

The good news is that we don’t use the vulnerable versions of the kernel software on our servers, and we’ve verified in multiple ways that our servers are not vulnerable to this problem.

PHP versions 7.4.28 and 8.0.16

The PHP developers recently released versions 7.4.28 and 8.0.16 that fix several bugs. We’ve upgraded the PHP 7.4 and 8.0 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.