A popular piece of software called “TimThumb” (aka “timthumb.php”) was recently found to have a security bug that allows “hackers” to take over Web sites that use it (more info here).
Some popular custom WordPress themes include TimThumb as part of their features, making those themes vulnerable to this problem. (Just so it’s clear, TimThumb isn’t specific to WordPress, but that’s probably where it’s most commonly used.)
If you use WordPress and your Dashboard tells you to update your theme, you should do so right away (in fact, you should always update an outdated theme or plugin right away).
However, we’ve also added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
Read the rest of this entry »
At approximately 11:00 PM Pacific time July 26 2011, the “pazuzu” Web server will be restarted.
As a result, for customers on the “pazuzu” server (only), Web site service and the ability to read incoming e-mail will be unavailable for approximately five minutes. Customers on other servers will not be affected.
Read the rest of this entry »
We’ve updated phpMyAdmin to the latest version, 3.4.3.1.
Read the rest of this entry »
We’ve installed a PHP 5 security update. Customers should not notice any changes; the update just fixes several security issues in PHP 5.
WordPress 3.2 was released a couple of days ago, and it looks like a great update. (We even contributed a little bit of performance-improving code to it ourselves.)
Our WordPress one-click installer automatically installs the latest version for new installs.
If you’ve previously installed WordPress, you can upgrade it from within your WordPress Dashboard. You should always do that when WordPress tells you there’s a new version available.
Our business offices will be closed on Monday, July 4 to observe the US legal holiday. As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until the next day, and telephone support (via callbacks) will be available only for urgent problems.
Many, many years ago, some e-mail programs didn’t use a password when sending outgoing mail. That meant they didn’t work with many mail servers, including ours. To help customers with that problem, we used to allow a horrible alternate method called “POP before SMTP”, although it was never recommended or officially supported (it was unreliable and made it harder for us to prevent spam).
Well, here we are in a new millennium (“welcome!”). No popular mail program has needed “POP before SMTP” for more than a decade, and only a small handful of our customers are still using it. But spammers are continually trying to take advantage of the security problems it creates for all e-mail addresses, making it just as much of a nuisance on our end as it ever was.
Because of that, we no longer allow e-mail addresses to send mail using “POP before SMTP” unless they were previously doing so. In other words, if an address wasn’t using “POP before SMTP” before now, it won’t be able to start using it in the future.
Read the rest of this entry »
We’ve updated our servers with a Perl security bug fix. This won’t affect most customers, but read on if you know you use Perl scripts on your site.
Read the rest of this entry »
We’ll be performing brief maintenance on the Web server that runs the Mailman list interface and archives tonight (June 9, 2011) between 10:00 PM and 11:00 PM Pacific time.
Read the rest of this entry »
Microsoft FrontPage was once a popular Web design program. Microsoft stopped selling FrontPage in 2006, though, and we’ve been warning about the end of FrontPage support for a while now (on both our support pages and our blog).
That time has now arrived. Our FrontPage support for new sites will end on September 1, 2011, and support for existing sites will end a year after that.
Read the rest of this entry »
