For a long time, our mail system has blocked obviously malicious filenames like “443645787823424455.scr”, “Invoice.pdf.exe”, and so on, even if they aren’t actually flagged by the antivirus software we use (which can happen if they’re new viruses that don’t yet have matching patterns).
Recently, we’ve seen a dramatic increase in simpler names where the virus author doesn’t even try to hide the fact that it’s a program: things as simple as “Invoice.exe” in a zip file. We’ve received a couple of reports that people unzipped these, ran them, and clicked past the Windows warning saying that programs from the Internet can harm your computer — perhaps assuming that if it wasn’t flagged by either our virus scanner or the virus scanner on their own computer, it must be okay.
We want to make sure our customers never fall victim to anything like this, so we’ve expanded our blocked filename patterns to include simple “.exe” files (and other additions). This may very occasionally reject legitimate messages with an error asking the sender to rename the file and resend it, but it will solve far more problems than it causes.
We’re using the same list of filename extensions that Gmail uses — if we block it, Gmail would block it, too. You can find more information on our support page about virus scanning.
Read the rest of this entry »
We’ve added experimental support for the new PHP 5.6 series, although the default for new accounts remains PHP version 5.5 for now.
Adventurous customers can choose PHP 5.6 as a new option in our My Account control panel. Keep in mind that some scripts are not yet compatible with PHP 5.6, and there may be unexpected problems because it’s new and relatively untested.
If you try it and have any trouble, contact us and we’ll do our best to help.
The PHP developers recently released versions 5.4.38 and 5.5.22 that fix several bugs. We’re upgrading PHP 5.4 and 5.5 on our servers as a result. This will be complete on all servers within 24 hours.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
The PHP developers recently released versions 5.4.37 and 5.5.21 that fix several bugs. We’re upgrading PHP 5.4 and 5.5 on our servers as a result. This will be complete on all servers within 24 hours.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
The researchers at Sucuri yesterday announced that they’ve discovered a critical security bug in the widely used Pagelines/Platform WordPress themes. If you use one of these themes or their many derivatives, “hackers” can easily take over your site unless you update the theme.
Since many of our customers use these themes, so we’ve added security rules to block attacks even if you haven’t updated. And we’re glad we did: our logs show that a large Chinese botnet started attacking every WordPress site we host last night, in alphabetical order (they’re currently up to domain names starting with “e”), testing whether each site is vulnerable to the bugs.
We’re again surprised to see how many customers are using versions of these themes that haven’t been updated in years. I know we sound like a broken record, but when WordPress offers to update something you’ve installed, you must update it if you want your site to stay secure.
Read the rest of this entry »
Although we haven’t offered the long-obsolete PHP 5.2 series to new customers for some time, some who signed up long ago are still using it.
(New customers have defaulted to using PHP 5.5 for the last few months, and PHP 5.3 was the default for several years before that. We’ve also previously nagged everyone still using PHP 5.2 by e-mail, asking them to upgrade to at least PHP 5.3.)
For those customers still using PHP 5.2 despite the nagging, this is just a quick note that we’ve “rebuilt” PHP 5.2.17 for technical reasons to allow it to keep running on our systems. It now uses slightly newer versions of various libraries, including libxml, FreeType, ImageMagick, MySQL, and OpenSSL. The rebuilt version will be deployed on all our servers within the next few hours.
These changes should not be noticeable. In the unlikely event you experience any trouble, don’t hesitate to contact us.
Read the rest of this entry »
The PHP developers recently released versions 5.4.36 and 5.5.20 that fix several bugs. We’re upgrading PHP 5.4 and 5.5 on our servers as a result. This will be complete on all servers by 5 PM Pacific time on Monday (January 6).
In addition, PHP 5.3.29 has been upgraded to use ionCube Loader 4.7.3.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
We’ve recently upgraded the Dovecot mail server software we use, and a new feature allows us to do something we’ve wanted to do for a long time: compress stored mail on our servers. We’ll be starting to do that over the next few weeks.
Compressing mail happens invisibly on our end. It makes no difference to what you see in your mail program, and you don’t need to do anything or worry about it.
The benefit to our customers is that it saves 20-30% of the disk space the messages use. While most of our customers don’t store very large amounts of mail on our servers, those who do will see their disk space usage drop by 20-30%.
Read the rest of this entry »
WordPress 4.1 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.
By the way, the new WordPress 4.1 Twenty Fifteen theme doesn’t display a default navigation menu, unlike earlier themes. To ensure you’ll always see a list of the pages on your site, our installer now adds a Pages widget at the top of the sidebar for new installations. If you later create a custom navigation menu, you’ll see two lists of pages in the sidebar. You can just delete the extra Pages widget if that happens to you.
Due to a problem with the Mailman list management software, some Mailman list mail sent yesterday (December 2) and this morning (December 3) was delayed (although most was delivered normally).
We’ve resolved this. All delayed list mail has been delivered, although some messages may have arrived out of order due to the delay.
Read the rest of this entry »
