For a long time, our mail system has blocked many malicious filename extensions.
Recently, we’ve seen an increase in “.js” files that spread various forms of malware. These change their “patterns” often enough that they’re sometimes not detected by virus scanners.
Legitimate “.js” files are common in e-mail, so it’s impossible to block them outright. (They’re often sent as part of a package of website files — for example, a zipped copy of the WordPress files contains them.)
However, legitimate “.js” files almost always occur as part of an archive containing other files. They almost never occur alone, as they do in the malware versions.
Because of that, our e-mail system now blocks “.zip” files that contain only a single “.js” file, on the assumption that they’re almost certainly malicious.
We don’t expect this to cause any problems, but as always, don’t hesitate to contact us if you have any questions or trouble.
The PHP developers recently released versions 7.0.4, 5.6.19 and 5.5.33 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
We’ve updated the SSL/TLS security settings on our mail servers to match current “best practices” for security.
Our customers shouldn’t notice any changes. We’re just mentioning this so that people know to contact us in the unlikely event they do have any trouble.
That said, if you do have any trouble, it’s probably because you’re using outdated, insecure mail software that you should update. If you can’t update it, but the changes prevent you from sending mail with the “SSL” option turned on in your program, you may need to turn off the “SSL” option for outgoing mail until you can update.
Read the rest of this entry »
The PHP developers recently released versions 7.0.3, 5.6.18 and 5.5.32 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
In addition, we’ve added a “patch” to PHP on our systems that will help avoid an issue that can cause WordPress sites to stop working when using poorly-written plugins or themes.
Read the rest of this entry »
We’ve updated the AWStats software we use to generate website statistics. The statistics beginning January 1, 2016 use the latest version 7.4.
This version has support for newer browsers, operating systems, and search engines, and is somewhat better at identifying and filtering out traffic from non-human visitors. This may mean your statistics show a slight reduction in human visitors (and a slight increase in non-human visitors, shown as “Not viewed traffic”) starting January 1, 2016, particularly on sites that aren’t very busy.
We should probably mention that if you’re relying on AWStats for information about the behavior of human visitors, you can usually get more accurate statistics using Google Analytics, which works in a different way than simply analyzing log data after the fact. We have a page explaining more about the difference between AWStats and Google Analytics.
Our hosting customers can now get free SSL certificates to secure their site.
What’s an SSL certificate? It activates the “padlock” icon for your site in a Web browser, showing that the connection is encrypted for security. You should use an SSL certificate if your visitors type sensitive data such as usernames, passwords or credit card numbers, because it ensures that “hackers” can’t intercept that data.
SSL certificates used to cost a lot of money, but an organization called Let’s Encrypt is now providing them for free, trying to encourage the widespread use of encryption on the modern Internet.
We believe that encryption should be widely available, so we’ve changed our SSL certificate system to provide free Let’s Encrypt certificates to our hosting customers. You can get one now in our “My Account” control panel.
Read the rest of this entry »
The PHP developers recently released versions 7.0.2, 5.6.17 and 5.5.31 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
Read the rest of this entry »
Some of our customers are still using the PHP 5.3 series, even though it’s obsolete and not recommended.
We’ve “rebuilt” the old PHP 5.3.29 software to patch a serious security bug it contains. This bug is the partial cause of a recent Joomla security problem.
The rebuilt version will be deployed on all our servers within the next few hours. No changes should be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
Read the rest of this entry »
The PHP developers recently released version 7.0.1 that fixes several bugs. We’ve upgraded PHP 7.0 on our servers as a result.
Read the rest of this entry »
The authors of the Joomla software announced today that every version of Joomla below 3.4.6 has a critical security bug that allows “hackers” to take over a site.
The bug was in use by hackers for two days before the Joomla authors patched it, and we found several Joomla customer sites that had been modified as a result. We’ve restored backups of those sites and notified those customers directly, but we recommend that all Joomla users change their password to be safe, even if we didn’t notify you of a problem.
The best solution for Joomla users is to update to version 3.4.6 immediately. However, we also added a rule to our servers this morning to block any more attacks until our customers can update. The rule should ensure that if you use our hosting service, and your site hasn’t already been modified, hackers won’t be able to take advantage of this bug.
