Our business offices will be closed on Monday, May 25 to observe the US legal holiday. As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until the next day, and telephone support (via callbacks) will be available only for urgent problems.
One issue we (unfortunately) have lots of experience with is fixing a WordPress site after we discover it’s been “hacked”. But while it’s one thing to try to clean a Web site after it got infected on our servers, it’s essentially impossible to try to clean a Web site that was infected on another server and is being transferred to our servers.
We have a page with more information, including:
The authors of the Mailman mailing list software we provide for customers have recently released versions 2.1.19 and 2.1.20 to fix several bugs.
We’ve upgraded the Mailman software on our servers from version 2.1.18 to 2.1.20 as a result.
Users of Mailman lists shouldn’t notice any changes, but as always, don’t hesitate to contact us if you have any questions or see any problems.
If you use an SSL certificate on a site you host with us, we now offer more control over the SSL/TLS protocol versions your site uses.
Old protocol versions, including SSL version 3 (“SSLv3”) and TLS version 1.0, are no longer considered secure. You can now disable these to improve security, at the expense of preventing some older, less-secure browsers from making SSL or TLS connections. Some credit card companies are starting to require that SSLv3 and TLS 1.0 both be disabled.
The PHP developers recently released versions 5.4.40, 5.5.24 and 5.6.8 that fix several bugs. We’ve upgraded PHP 5.4, 5.5 and 5.6 on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
In addition, the company that makes the Zend Guard Loader software has finally released versions compatible with PHP 5.5 and 5.6, so we’ve made that option available in the “PHP Settings” area of our My Account control panel (with all the usual caveats about why encoded scripts are inherently unreliable).
Between 9:00 PM and 11:59 PM Pacific time on Friday May 1 2015, the MySQL database software on each of our servers will be upgraded from version 5.5.41 to 5.5.43. This will cause an approximately 60 second interruption of service on each MySQL-using customer Web site at some point during this period.
This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.
Update 9:43 PM Pacific time: The maintenance was completed as planned and all services are running normally.
The authors of WordPress today released version 4.2.1 that fixes a critical security bug.
While upgrading is always a good idea, we’ve blocked the attack for all versions of WordPress on all sites that we host. We’ve also verified using our MySQL binary logs that no sites were attacked before we started the blocking.
Researchers recently found a critical security bug in the widely used Magento e-commerce shopping cart software. If you use this software and don’t update it to fix the bug, “hackers” can easily take over your site, including potentially stealing the credit card numbers of your customers.
We’ve analyzed the Magento software our customers have installed and found that more than half is unpatched, despite the Magento team sending e-mail notices to Magento users in February.
“Hackers” are now beginning to exploit the bug. Because this is so dangerous, we yesterday added security rules to block these attacks even if you haven’t updated.
Although we’re confident that these rules block the current attacks (we’ve seen it block several live attacks, and it makes sites we host pass the useful Shoplift bug tester), you should still patch your site if you use Magento: using outdated versions of e-commerce software is always dangerous.
We’ve renewed the SSL certificate on our mail servers (because it was due to expire soon).
Almost all customers shouldn’t notice any change, but if you read e-mail using a secure connection with an unusual mail program that doesn’t handle SSL connections properly, you might be asked to “accept” the new certificate.
The PHP developers recently released versions 5.4.39, 5.5.23 and 5.6.7 that fix several bugs. We’ve upgraded PHP 5.4, 5.5 and 5.6 on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
