We’ve installed several security updates recently. We’ve updated PHP 4, PHP 5, the ClamAV antivirus scanner, and some XFree86 libraries. In addition, we’ve updated our own blog to use WordPress 2.2 — if you use WordPress, make sure you’ve done the same.
We’ve updated the default version of Ruby on Rails on our servers to version 1.2.3.
A couple of times in the last week, we’ve seen one of our MySQL database servers have an unusually high number of connections. That’s a serious issue: If there are too many connections to a MySQL server, customer scripts won’t be able to connect to a database, so we’ve spent some time looking at the cause and fixing it.
We’ve updated PHP 5 on our servers to cover sixteen recently identified security issues. This only affects customers who have chosen to use PHP 5 — but since this upgrade only fixes security bugs, even those customers shouldn’t notice any changes.
No matter how hard we try to make sure that other ISPs never block mail from our servers, it happens occasionally. All it takes is someone at another ISP clicking “this is spam” on a few legitimate messages sent by one of our customers, and some automated system at the other ISP thinks “hey, one of these tigertech.net servers is sending spam; let’s block it for a while without bothering to notify them, ‘for your convenience'”.
Now, we should emphasize that this is actually quite rare.
We’ll be talking a lot about “security updates” on the blog, so a word about what these are and how we handle them is probably in order.
There are literally thousands of software programs on our servers, most of which are written by other people and used by many companies. From time to time, “security vulnerabilities” with these kinds of programs are discovered. A security vulnerability is something that could allow a “hacker” (or “cracker”, for purists, although that battle has been lost) to take advantage of a programming bug to do something unauthorized with the program, such as send spam or delete files.
The following stable PEAR packages were updated on our hosting servers today:
The full list of PEAR modules we have available (and more details about PEAR) is on this page.
We’ve updated PHP 4 on our servers to cover six recently identified security issues. Users shouldn’t notice any changes.
An upgrade for PHP 5 is also in progress. After testing, we actually rolled out the update onto our servers for a short time, until a customer reported an unusual problem with vBulletin posts getting cut off when they contain an odd number of apostrophes shortly afterward. This problem appears to be related to the update, so we have rolled back to the previous version of PHP 5 while we investigate this. (This kind of thing is very rare: this is the first security update in over year that has caused a problem. We have a suite of “regression tests” that we use to test PHP upgrades, and there wasn’t a general problem with it. We’ll follow up with more details when we know more.)
By the way, if you’re unfamiliar with what we mean by a “security update”, this page will help.
