Service interruption August 10 2016 (resolved)

Between 8:52 and 9:03 AM Pacific time today (August 10, 2016), some sites we host experienced an interruption of service. The problem is resolved, and will not recur.

Read the rest of this entry »

PHP 7.0.9, 5.6.24, and 5.5.38

The PHP developers recently released versions 7.0.9, 5.6.24 and 5.5.38 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

Our servers are not vulnerable to the “httpoxy” security bug

Recently, security researchers announced a bug that affects many web scripts, called the httpoxy bug.

Sites hosted on our servers are not vulnerable to this bug, because we’ve added a security rule blocking all HTTP requests that contain a “Proxy:” header. This completely blocks all malicious “httpoxy” requests, and our customers don’t need to do anything else.

AWStats updated to version 7.5

We’ve updated the AWStats software we use to generate website statistics. The statistics beginning today use the latest version 7.5.

This version has support for newer browsers, operating systems, and search engines, and is somewhat better at identifying and filtering out traffic from non-human visitors.

We should probably mention that if you’re relying on AWStats for information about the behavior of human visitors, you can usually get more accurate statistics using Google Analytics, which works in a different way than simply analyzing log data after the fact. We have a page explaining more about the difference between AWStats and Google Analytics.

PHP 7.0.8, 5.6.23, and 5.5.37

The PHP developers recently released versions 7.0.8, 5.6.23 and 5.5.37 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

PHP 7.0.7, 5.6.22, and 5.5.36

The PHP developers recently released versions 7.0.7, 5.6.22 and 5.5.36 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

PHP 5.3 and 5.4 being phased out

The authors of the PHP scripting language stopped supporting the PHP 5.3 and PHP 5.4 series some time ago.

Newer versions of PHP are generally more secure, have fewer bugs, and in some cases run far faster. Of course, that’s really just another way of saying that older versions of PHP are insecure, buggy, and slow.

Because of that, we are phasing out PHP versions earlier than 5.5 (we also offer the 5.6 and 7.0 series):

• New customers can no longer choose the old versions.
• We’ll start sending reminders to customers who use the old versions, asking them to upgrade.

We have a page dedicated to explaining how, and why, to update PHP.

PHP 7.0.6, 5.6.21, and 5.5.35

The PHP developers recently released versions 7.0.6, 5.6.21 and 5.5.35 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.

These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.

WordPress 4.5; built in editors

WordPress 4.5 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version (actually now version 4.5.1) for new WordPress sites.

If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.

We’ve also modified our automatic installer to disable the built in theme and plugin file editor by default for new installations (existing installations are not affected).

This both improves security (many automated hacks and XSS attacks blindly try to use the editor) and avoids a problem we see happen often:

• People think that the “Edit” link next to a plugin or theme will edit the settings of it, not the code of it, so they click it;
• Then they see a weird screen of code and don’t know what to do, and they perhaps type something as an experiment;
• That doesn’t help, so they click “save” to get out of the weird screen;
• And WordPress completely stops working due to a PHP syntax error in what they typed.

We think the editor shouldn’t be enabled for most people. It should be enabled only by developers (and very brave developers who make good backups, at that). Developers can easily enable it by editing the wp-config.php file to remove the “DISALLOW_FILE_EDIT” line.

Update 2016-05-26: We have removed the customization that disabled the built-in theme and plugin editors because several customers said it is an integral part of their workflow. All new installations will have the standard theme and plugin editors functionality.

Mailman mailing list software upgraded to version 2.1.22

The authors of the Mailman mailing list software we provide for customers have recently released version 2.1.22 to fix several bugs.

We’ve upgraded the Mailman software on our servers as a result.

Users of Mailman lists shouldn’t notice any changes, but as always, don’t hesitate to contact us if you have any questions or see any problems.