If you use WordPress blog software on your site, be sure to upgrade to WordPress 2.8.4 as soon as possible. The upgrade contains important security fixes.
Although all WordPress users should upgrade right away, we’ve added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
Customers on the “flexo” server experienced a four-minute interruption in Web site service between 9:48 and 9:52 AM Pacific time this morning (August 12).
E-mail was not affected, and customers on other servers were not affected.
The problem happened when the Apache Web server did not respond to a “graceful reload” command when we installed a “mod_security” update to block certain attacks against the WordPress blog software.
We are looking into the root cause of this incident and will take steps to prevent it from recurring. We don’t consider any kind of service interruption acceptable, and we sincerely apologize for the problem.
One of the most frustrating things we deal with is helping customers transfer domain names from other “registrars” (domain name companies) to us. To do this, we ask the old company to release the domain name, and they then have five business days to either release it or reject the transfer.
There’s an obvious potential conflict-of-interest here. An unscrupulous company could easily make more money by rejecting the transfer and forcing the domain name owner to renew it there instead.
For the last several years, we’ve offered PHP versions 4 and 5 on our servers. This made sense when PHP 5 was new: Even though PHP 5 is faster and more secure than PHP 4, a small handful of scripts were originally incompatible with version 5, and we wanted to give customers a choice.
However, PHP 5 is now more than five years old, and the PHP developers declared version 4 obsolete in 2007. All our new customers have been using PHP 5 by default for more than a year, and we’ve received no complaints about incompatibilities.
No PHP script should require the obsolete PHP version 4 any more. Because of that, we’re beginning the process of removing it from our servers.
40 years ago this month, humans walked on the Moon. To celebrate that anniversary, we have a special offer for new accounts: four months of free Web hosting. (We’d love to give you 40 years of free hosting, but we’d also like to make a small profit before the next Moon landing, so 4 months it is.)
The special offer still includes free domain name registration and still has no setup fees. Get the full details here.
Our business offices will be closed on Friday, July 3 to observe the US legal holiday. As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until Monday, and telephone support (via callbacks) will be available only for urgent problems.
Zen Cart is a popular e-commerce platform that many of our customers use.
Unfortunately, the current version of Zen Cart has a bug that allows “hackers” to take control of the Zen Cart software, which includes making changes to the Zen Cart database and installing new files. “Exploits” that take advantage of the bug have started circulating widely in the last 24 hours.
Our business offices will be closed on Monday, May 25 to observe the US legal holiday. As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until the next day, and telephone support (via callbacks) will be available only for urgent problems.
An earlier blog post described how several of our customers got their personal computers infected by a new virus that has been spreading across the Internet. Initial versions of the virus spread themselves by reading a Web site’s FTP username and password stored on the PC, then downloading Web pages, inserting an “iframe” tag, and re-uploading the Web pages back to the server. As a proactive measure, we started scanning all uploaded files and stripping out any malicious “iframe” tags.
We are now seeing newer versions (commonly called “Gumblar”) which spread by inserting “script” tags with encoded JavaScript code. Because there are several variations of this approach, and because some legitimate commercial scripts use the same technique to hide their source code, we cannot perfectly identify and strip out these infections. Therefore, we will not automatically strip out the “script” tags from any upload file that looks suspicious.
As we mentioned in an earlier post, someone attacked our network earlier this morning. Although we blocked the attack, we’ve also been working to identify who attacked our network and why. We now know the answer, and we are almost positive that the problem won’t recur.
