The PHP developers recently released versions 7.0.12 and 5.6.27 that fix several bugs. We’ve upgraded the PHP 7.0 and 5.6 series on our servers as a result.
For the PHP 5.6 and 7.0 series, we’ve also updated ionCube Loader to the current version 6.0.6, and SourceGuardian Loader to the current version 11.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
The authors of the Joomla software announced that Joomla versions 3.4.4 through 3.6.3 have a critical security bug that allows “hackers” to take over a site by adding new administrative users (CVE-2016-8869).
The best solution for Joomla users is to update to version 3.6.4 immediately. However, we also added a rule to our servers this morning to block this attack. The rule should ensure that if you use our hosting service, hackers won’t be able to take advantage of this bug.
(And a tip o’ the hat to security researcher Melvin Lammerts, who published detailed technical information of the bug that allowed us to do this more quickly than usual.)
Between 10:00 PM and 11:59 PM Pacific time on Tuesday, October 25 2016, each of our hosting servers will be restarted. This will cause a brief interruption of service (less than 5 minutes) for each site at some point during this 2 hour period.
We’re receiving reports that some people visiting some SSL sites (including our site) are seeing security errors saying a “certificate has been revoked”.
This is an Internet-wide problem caused by an issue with one of the main Internet “certificate issuers”, a company called GlobalSign, and isn’t specific to us or sites we host. It’s affected many large Internet sites, such as Wikipedia. (Internet news site “The Register” has a report here.)
GlobalSign says the problem will soon be fixed. In the meantime, if your browser allows you to “click past” the warning about a “revoked certificate”, it is safe to do so.
Update 3:13 PM Pacific time: The problem is slowly resolving itself as the bad certificate information expires from “caches” around the Internet, but we’ve temporarily replaced our SSL certificates with new ones to make it stop immediately. This problem should now be resolved.
