If you use WordPress blog software on your site, be sure to upgrade to WordPress 2.8.4 as soon as possible. The upgrade contains important security fixes.
Although all WordPress users should upgrade right away, we’ve added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
Zen Cart is a popular e-commerce platform that many of our customers use.
Unfortunately, the current version of Zen Cart has a bug that allows “hackers” to take control of the Zen Cart software, which includes making changes to the Zen Cart database and installing new files. “Exploits” that take advantage of the bug have started circulating widely in the last 24 hours.
An earlier blog post described how several of our customers got their personal computers infected by a new virus that has been spreading across the Internet. Initial versions of the virus spread themselves by reading a Web site’s FTP username and password stored on the PC, then downloading Web pages, inserting an “iframe” tag, and re-uploading the Web pages back to the server. As a proactive measure, we started scanning all uploaded files and stripping out any malicious “iframe” tags.
We are now seeing newer versions (commonly called “Gumblar”) which spread by inserting “script” tags with encoded JavaScript code. Because there are several variations of this approach, and because some legitimate commercial scripts use the same technique to hide their source code, we cannot perfectly identify and strip out these infections. Therefore, we will not automatically strip out the “script” tags from any upload file that looks suspicious.
Recently, several customers have told us that pages on their Web sites have been modified without their knowledge. Upon investigation, the customers found their computers had been infected with a virus that steals saved FTP passwords, such as the “Gumblar” or Trojan.PWS.Tupai.A virus.
We’ve taken a step to protect you against this problem (described below), but it’s wise to protect yourself, too.
We’ve updated our servers with a Perl security bug fix and a Ruby security update.
The updates fix only security bugs, and customers should not notice any changes in how the Perl or Ruby programming languages work.
Between 10:30 PM and 11:59 PM Pacific time this Saturday night (December 6), all Tiger Technologies servers will be restarted. As a result, customer Web sites and e-mail service will be unavailable for about five minutes at some point during this period.
No e-mail will be lost, of course; incoming mail will just be delayed for a few minutes.
This brief maintenance is necessary to upgrade the operating system “Linux kernel” to a newer version for security reasons. We apologize for the inconvenience this causes.
Update: the maintenance was completed with less than five minutes of downtime.
We’ve updated the Perl programming language on our servers with a security update.
The update only fixes one security bug, and customers should not notice any changes in how Perl works.
We’ve upgraded our Apache Web server and MySQL database server software to cover recent minor security updates. Customers should not notice any changes.
We’ve installed a PHP 5 security update. Customers should not notice any changes; the updates just fix several security issues in PHP 5.
At approximately 11:00 PM Pacific time this Saturday night (September 20), all Tiger Technologies servers will be restarted. As a result, customer Web sites and e-mail service will be unavailable for three to five minutes.
No e-mail will be lost, of course; incoming mail will just be delayed for a few minutes.
This brief maintenance is necessary to upgrade the operating system “Linux kernel” to a newer version for security reasons. We apologize for the inconvenience this causes.
Update: the maintenance was completed with less than three minutes “downtime” per server.
