We’re pleased to announce optional IPv6 support for Web sites hosted with our company (just in time for World IPv6 day next week!).
Most customers shouldn’t use IPv6 yet, and if you don’t know what it is, you can safely ignore this post. But if you’re familiar with IPv6 and interested in adding it to your site, this post explains what you need to know.
Our FTP servers now support TLS/SSL encryption of FTP passwords, adding more security to FTP.
Confusingly, there are a variety of different SSL/TLS encryption schemes for FTP offered by various FTP clients. The one we support is the most widespread, known as “explicit TLS encryption” of the FTP command channel. It’s defined in RFC 4217.
Encryption is supported by many popular FTP clients, including the FileZilla FTP client. (The quickest way to use it in FileZilla is to put ftpes://ftp.tigertech.net in the QuickConnect “Host” box, then accept the “Unknown certificate”.)
We now offer Sieve e-mail filtering software on our mail servers. Sieve allows you to process incoming e-mail when it arrives in your Inbox on our server. This is great for anyone who uses a mail program (such as an iPhone) that doesn’t have its own filtering capabilities, or anyone who runs multiple mail programs and doesn’t like having duplicate copies of their filters. It’s also very useful because Sieve filters always run immediately on our server, rather than requiring your mail program to be always running.
If you are happy with the filtering rules available in your mail program (such as Thunderbird, Outlook, or Webmail), then you probably don’t need to use Sieve.
One of the positive developments on the Internet over the last few years has been increased encryption of e-mail. The Internet is a hostile environment; sometimes your data goes through the servers and routers of companies you’ve never even heard of, or of governments you’ve heard of but don’t like. It makes sense to encrypt e-mail whenever possible.
We’ve supported encryption between our customers and our e-mail servers for a long time, protecting you from eavesdropping “hackers” when you use a WiFi connection at an Internet cafe, for example. But like most companies, we didn’t try encrypting outgoing e-mail after it left our servers or encrypting incoming e-mail from other servers. Although technical standards for doing that exist, they’re relatively new in Internet terms, and our original testing indicated it could cause problems with mail delivery due to many misconfigured servers on the Internet.
That’s changed: More recent testing indicates that it’s much more reliable, and other large companies like Gmail are starting to use it. Because of that, we now use strong TLS (SSL) encryption for inbound and outbound SMTP mail connections (“MX” mail delivery) wherever possible.
We’ve renewed the SSL certificate on our mail servers (because it was due to expire soon).
Almost all customers shouldn’t notice any change, but if you read e-mail using a secure connection with an unusual mail program that doesn’t handle SSL connections properly, you might be asked to “accept” the new mail.tigertech.net certificate.
If you use WordPress blog software on your site, be sure to upgrade to WordPress 3.0.2 as soon as possible. The upgrade contains an important security fix for a vulnerability that allows any WordPress “author” to become an “administrator”.
Although all WordPress users should upgrade right away, we’ve added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
A recently published Firefox add-in named “Firesheep” can be used by “hackers” to easily hijack the connection of any nearby WiFi users visiting many popular Web sites such as Facebook, Twitter, or Hotmail. This vulnerability is a basic artifact of the way the Internet works. In order to prevent this problem, these sites will need to properly implement SSL (https) security.
Google has announced that they’ve created a nifty new Apache Web server module called mod_pagespeed that can speed up some Web sites.
We’ve been asked if we’re going to offer it, and the answer is “probably, but not yet”.
We’ve fixed a bug in our Webmail system that could, in rare cases, make Japanese language symbols display incorrectly. This change shouldn’t affect anything else, but as always, feel free to contact us if you have any trouble.
When we store older Apache Web server access logs for your site — those that are more than two months old — we re-compress the original logs into single monthly files. These take up less disk space for your account when you have a lot of them. (We have some customers with log files going back more than ten years!)
Until now, we’ve re-compressed these files using gzip compression. However, we’re going to switch to a different modern compression format, bzip2 compression, which reduces the size even more. The resulting files are about half the size of gzip.
