We’ve updated MySQL from version 5.1.66 to version 5.1.72. This upgrade was necessary for security reasons.
We’ve also updated the PHP 5.4 series from 5.4.20 to 5.4.21, and the PHP 5.5 series from 5.5.4 to 5.5.5, to fix several bugs.
These updates should be invisible to customers, but as always, don’t hesitate to contact us if you have any questions or concerns.
This post is technical, and intended for programmers and security experts — it doesn’t affect our customers.
A few weeks back, one of our hosting customers had a PHP script that would constantly crash an Apache Web server process. We spent a while tracking down the cause, and eventually found a bug in the excellent Apache mod_fcgid FastCGI software that was causing it.
WordPress 3.6.1 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you should update it from within your WordPress Dashboard.
The new version of WordPress is described as a security release that prevents “hackers” from modifying your site if you use “a popular plugin“, whose name has not yet been revealed so that everyone has a chance to upgrade first. While we may be able to add additional protection against this vulnerability when the details are revealed, updating now guarantees your site will stay protected.
There’s been a lot of discussion recently about a critical Joomla security bug that allows “hackers” to upload malicious PHP script files to Joomla sites, then run them. This would allow hackers to use your site to send spam, or to replace any file on your Web site.
Although our customers running Joomla should always upgrade to the latest versions when available, we’ve also put rules in place to protect against this vulnerability.
WordPress 3.6 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you can (and should!) upgrade it from within your WordPress Dashboard.
WordPress 3.5.2 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you should upgrade it from within your WordPress Dashboard.
Between 10:00 PM Pacific time on Saturday, June 8 and 5:00 AM on June 9, each of our hosting servers will be restarted. This will cause a brief interruption of service (less than 10 minutes) for each site at some point during this 7 hour period.
Several people have asked us about the recent WordPress WP Super Cache and W3 Total Cache plugin security vulnerability.
For the most part, sites hosted on our servers aren’t vulnerable to this because we block comments that contain the malicious code.
We’ve talked before about WordPress login rate limiting. Attempts to guess WordPress administrator passwords are an ongoing problem, getting worse all the time.
The average WordPress site we host has received tens of thousands of malicious login attempts this month, with hundreds of thousands of different IP addresses being used in the attacks. We try to block the IP addresses that are responsible, but the ever increasing number of addresses means we can’t block all of them — an individual address often attempts a login only once a day for a given site. We need to adopt other tactics.
Between 11:00 PM and 11:59 PM Pacific time February 26, 2013, each of our servers will be restarted for a “kernel upgrade”. This will cause an approximately four minute interruption of service for each customer at some point during this hour.
