[Updates] WordPress 3.3.1 released

A new version of WordPress has been released, version 3.3.1. This version fixes a security issue that could compromise your account. As always, all users are encouraged to upgrade as soon as possible.

For release notes and information see:

http://wordpress.org/news/2012/01/wordpress-3-3-1

Steven

[Security] WordPress Security

I found this blog post talking about the top 7 ways that a hacker will attempt to hack into your WordPress script and into your web hosting account.

3 of the top 5 methods is utilizing known vulnerabilities in old and outdated scripts, themes, components, plugins, and extensions. This underscores why it is so very important that you keep all scripts, not just WordPress, and all extensions to those scripts, up-to-date.

1. Upgrade to the newest version of WordPress
2. Upgrade all your themes and plugins to their newest versions
5. Know what other web applications you have installed

I encourage you to take a moment and read through this post. It is very well written. And further explains how you can keep your hosting account safe and secure.

Props to Mr. Maunder for a well written article.

http://markmaunder.com/2011/12/08/wordpress-security-ways-hack-wordpress-site

Steven

[Updates] Joomla! Security Updates

Joomla! today released updates to their popular Joomla! CMS script. They have released updates to both release trees, version 1.5 and version 1.7.

These are security updates so all users are encouraged to update their script to avoid compromising your website. Failing to update means that your Joomla! website will be vulnerable.

Release notes are below:

Joomla! 1.2.25:
http://www.joomla.org/announcements/release-news/5393-joomla-1525-released.html

Joomla! 1.7.3:
http://www.joomla.org/announcements/release-news/5392-joomla-173-released.html

If you need help updating, contact our support team for assistance.

Scott

[Updates] New Joomla! releases

The Joomla! development team has released two updates for their Joomla! CMS script.

The Joomla! developers are currently maintaining two release trees, version 1.5 a legacy version, and version 1.7 the latest version. There is a security update for each version.

Release notes for these updates are at:

Joomla! 1.5.24 released
Joomla! 1.7.2 released

Depending on which release tree you are using, you should upgrade to the newest version of that release tree. All Joomla! script users should update to avoid hacking and website exploits!

For instructions on upgrading see the Joomla! guides:

(Joomla! 1.5): Upgrading 1.5 from an existing 1.5x version
(Joomla! 1.7): Upgrading 1.7 from an existing 1.7x version

If you need help, we can assist you in upgrading an existing Joomla! 1.7 site to 1.7.2. Just open a support ticket and we will look into it. We will need your Joomla! administrator username and password.

Steven

[General] PHP 5.3 Now Available

We have recently updated our servers to support PHP 5.3 (currently 5.3.8, but we will keep this up to date with the latest version of 5.3).

We are currently running a dual system with PHP, supporting both PHP 5.2 and PHP 5.3. Everything still defaults to the normal PHP 5.2 version. But if you have a special need for PHP 5.3, we can enable PHP 5.3 for your website.

Just shoot us a support ticket and we’ll be happy to switch your account over to PHP 5.3.

Eventually all systems will have to be switched over to PHP 5.3 by default, but we don’t have any time estimate for when that will be. When PHP 5.3 was first released there were a lot of compatibility issues with scripts due to changes in PHP 5.3 from PHP 5.2, so that is why we did not immediately upgrade and it’s why we are not switching to PHP 5.3 by default.

If you have any questions at all about this, please feel free to open a support ticket and our support team will be glad to answer any questions you may have.

Steven

[Security] Joomla 1.7.1 Released

An updated to Joomla! has been release, version 1.7.1. All Joomla! users are encouraged to upgrade. This is a security release and fixes a security hole in previous version. Failing to update can lead to your website being hacked.

For more information see:

http://www.joomla.org/announcements/release-news/5387-joomla-171-released.html

Steven

[Security] TimThumb disablings

As we have documented in previous posts (here and here) an exploit is making its way through the Internet in a security hole in the popular TimThumb addon. TimThumb is common in many WordPress themes.

Lately we have been seeing a lot of hacks as a result of this vulnerability. So many in fact that we are going to have to take measures to protect our servers and our clients from this vulnerability.

Starting today, September 27th 2011, we will be going through the servers and disabling any outdated TimThumb scripts that we find. This may have the adverse affect of disabling the thumbnails and thumbnail creation of your images in your WordPress blog or other scripts. We apologize for this, but the alternative is to risk having your account hacked into through this vulnerability.

WordPress users need to contact the developers of whatever theme they are using on their blog and insure that they are aware of this TimThumb vulnerability. The fix for this vulnerability will have to come from your theme developer. If the theme you are using is no longer being maintained, then this should be red flag that this is not a theme you should be using. If the developer refuses to include the updated TimThumb in their theme, then this should also be a red flag for you.

The purpose of all of this is to protect your webhosting account and keep your account from being hacked into.

Steven

[Security] TimThumb Vulnerability – Fixes

The TimThumb exploit is still out there. More theme developers are updating their themes to include fixed solutions for this library.

The TimThumb project was forked into another project, called WordThumb by Mark Maunder and then recombined with the TimThumb project. As a result the versions of TimThumb is a little out of whack. The current version of TimThumb appears to be 2.7, however any version after (and including) 1.34 appears to have fixed the major issue with TimThumb. Each subsequent release of TimThumb just adds additional security layers, and for this reason version 2.7 is probably the version you need to be using.

However, the best thing you can in regards to this vulnerability is talk to developer, the person that wrote the WordPress theme you are using, and ask them if the theme is vulnerable to this security issue. It is important to note that this is not a security issue with WordPress. In fact TimThumb is used by other applications other than WordPress. WordPress is just the most common venue for TimThumb, and select WordPress users are more likely to be affected by this. It is also worth pointing out that not all WordPress uses are affected by this, it just depends on what themes you have installed and are using on your website.

The security blog Sucuri has a list of SOME affected WordPress themes:

http://blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html

However it is important to point out that this is not a complete list. Just because your WordPress theme is not listed here, does not mean that it is not affected by this exploit. Again, the best step is to talk to your WordPress theme developer and ask them if you are affected by this vulnerability.

Matt Mullenweg, the founder and creator of WordPress, has an interesting post about this issue:

http://ma.tt/2011/08/the-timthumb-saga

We are going to be going through the servers looking for timthumb.php files that may be affected by this. You should receive an email from us if this is found on your webhosting account. However, not all themes use the timthumb.php filename and for those we will not be able to find them. So just because you did not receive an email from us, this does not mean that you are affected by this. Again, I cannot stress this point enough, the best thing you can do is talk to your theme developer and ask them if you are affected by this. Your theme developer, the makers of your theme, are going to be your best bet at finding out if you are vulnerable to this.

Steven

[Security] Updated ModSecurity Filters

As we mentioned in an earlier post, today we are beginning the deployment of new ModSecurity filters on our shared hosting servers.

We haved decided to push out these updates a few days before they were scheduled due to the recent TimThumb exploit (some details here). These new rules will hopefully help mitigate any damage that this exploit can cause (But please note – The new ModSecurity rules do not solve the problem completely, affected TimThumb users should upgrade or discuss this with your theme developer). We are going to be going through the servers looking for TimThumb scripts in the next few days and you may receive an email about this.

These new ModSecurity rules do have the potential to cause certain security issues for some websites. Some actions and files will generate false positives. Rules can be exempted for your website, if a certain rule is causing you problems. You will just need to open a support ticket with our support staff regarding this.

To open a support ticket, go to our Account Management page:

http://www.amshelp.com

And click on the Support Ticket link.

These new rules should help prevent exploits and compromises on your webhosting account, this is why they are being put into place. We do apologize for any inconvenience these new rules might cause.

Steven

[Security] New Security Filters

We are going to be updating some software on the servers that will add additional layers of security to the frontend of the servers.

This software aims to filter out malicious requests that may be part of an attack on your website or a hacking attempt. The software is not perfect, no layer of security will be, but it does a good job of limiting these types of attacks. As always, there is no substitute for updating the scripts on your website and keeping them up-to-date.

We have tested this new filtering software on a few of our servers with great results. We will be expanding this to all of our servers, perhaps early next week (August 8th – August 12th).

Our tests have shown very minimal impact with end-user’s websites. However there is a possibility that this software can interfere with the normal operations of your website, depending on how arguments and data is passed around on your website. Exemptions can be made for your website, but unfortunately we won’t know that exemptions need to be made unless you tell us that you are experiencing problems.

This security software should allow for a more safe and secure hosting environment.

Steven

keep looking »

• Find It

• Recently Written

  • [Updates] WordPress 3.3.1 released
  • [Security] WordPress Security
  • [Updates] Joomla! Security Updates
  • [Updates] New Joomla! releases
  • [General] PHP 5.3 Now Available

• Categories

  • Apache2
  • cpanel11
  • General
  • Maintenance
  • PHP5
  • Security
  • Updates

• Monthly Archives

  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • January 2009
  • December 2008
  • October 2008
  • September 2008
  • August 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007

• Links

  • First Post
  • Comments
  • Support Request Form
  • Account Management Area
  • RSS Subscription Guide

• RSS Feeds

  • • RSS
    • 
    • 
    • 
    • 

Copyright © 2007 AMS Webhosting • Using Dropshadow theme by Brian Gardner
Web Hosting Provided by AMS Computer Services