Joomla! site syndication http://www.webstix.com Thu, 23 Feb 2012 03:37:19 +0100 FeedCreator 1.7.3 http://www.webstix.com/images/M_images/joomla_rss.png http://www.webstix.com Joomla! site syndication http://www.webstix.com/index.php?option=com_content&task=view&id=693&Itemid=155 Happy New Year! There is a new version of WordPress out now which is mainly a security update. Please be sure to upgrade your version of WordPress to the latest version and make sure your plugins are also up to date. If you need help doing this, please let us know - we're here to help! WordPress 3.3.1 Security and Maintenance Release (http://wordpress.org/news/2012/01/wordpress-3-3-1/) (wordpress.org) Posted January 3, 2012 by Ryan Boren. WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K. and the Go Daddy security team for responsibly disclosing the bug to our security... Wed, 04 Jan 2012 16:56:38 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=691&Itemid=155 WordPress 3.3 There hasn't been a WordPress update in a while (kind of nice) but it's time again to upgrade. This is a feature rich upgrade. As long as you're upgrading WordPress, make sure you remember to update your plugins as well. As always, if you need help, let Webstix (http://www.webstix.com/) know! WordPress 3.3 “Sonny” (http://wordpress.org/news/2011/12/sonny/) (wordpress.org) The latest and greatest version of the WordPress software — 3.3, named “Sonny” in honor of the great jazz saxophonist Sonny Stitt — is immediately available for download or update inside your WordPress dashboard. WordPress has had over 65 million downloads since version 3.0 was released, and in this third major iteration we’ve added significant polish around the new user experience, navigation, uploading, and imports. For Users Experienced users... Tue, 13 Dec 2011 13:40:44 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=654&Itemid=155 Joomla 1.7 is Available Now Joomla 1.7.0 Released (http://www.joomla.org/announcements/release-news/5380-joomla-170-released.html) (joomla.org) The Joomla Project is pleased to announce the immediate availability of Joomla 1.7.0. This is a security release. This is also the first release made within the new six-month release cycle that started with the delivery of Joomla 1.6 in January 2011. The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! developement at the Developer Site. Version 1.6.5 will reach end of life one month from today, on 19 August 2011. All users of version 1.6 should update to version 1.7.0 before that time. This upgrade is important if you are using Joomla 1.6.x. -Tony Tue, 19 Jul 2011 17:32:27 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=644&Itemid=155 WordPress 3.2.1 Literally, as I was updating one website with WordPress 3.2, it got done and then I got a notice that WordPress 3.2.1 was out. Pretty amazing. That has never happened to me before and probably won't ever happen again. Nevertheless, it's time again to upgrade. If you haven't gone to 3.2 yet, then definitely upgrade now and get the latest version of WordPress loaded up. Again, I did notice some problems with plugins going to WordPress 3.2. Be careful upgrading. Take a backup first. If you need help, let us know. The message on WordPress.org even says this as I read it - they must be working on it as I read it: Version 3.2.1 (http://codex.wordpress.org/Version_3.2.1) (wordpress.org) On July xx, 2011, WordPress 3.2.1... Tue, 12 Jul 2011 19:50:28 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=655&Itemid=155 Joomla 1.65 is Now Available Joomla 1.6.5 Released (http://www.joomla.org/announcements/release-news/5378-joomla-165-released.html) (Joomla.org) The Joomla Project announces the immediate availability of Joomla 1.6.5. This is not a security release. This release corrects an issue in the Extension Manager Update program that, in rare instances, can cause files to be deleted during a Joomla version update. For this reason, it is strongly recommended that you update to version 1.6.5 prior to updating to version 1.7.0, which will be released on July 19. If you have experienced problems using the Extension Manager Update with prior versions of 1.6, we recommend that you install the 1.6.5 update package by unpacking the archive file. At that point, you will have the fix installed and you can then use the Extension... Mon, 11 Jul 2011 17:34:49 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=636&Itemid=155 Time to upgrade again. This is more than just a security upgrade but also a new features upgrade. Some things will look different and work differently. This version has been tested by the WordPress staff and appears to have some nice upgrades. WordPress 3.2 now available (http://wordpress.org/news/2011/07/gershwin/) (wordpress.org) Here in the U.S. we are observing Independence Day, and I can’t think of a more fitting way to mark a day that celebrates freedom than by releasing more free software to help democratize publishing around the globe. I’m excited to announce that WordPress 3.2 is now available to the world, both as an update in your dashboard and a download on WordPress.org. Version 3.2 is our fifteenth major release of WordPress and comes... Wed, 06 Jul 2011 05:38:47 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=632&Itemid=155 WordPress 3.1.4 There is a new update/patch for WordPress out now: WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening measures thanks to the work of WordPress developers Alexander Concha and Jon Cave of our security team. Consult the change log for more details. Download WordPress 3.1.4 or update immediately from the Dashboard → Updates menu in your site’s admin area. [SA45099] WordPress Unauthorized Access Vulnerability DESCRIPTION: A vulnerability has been reported in WordPress, which can be exploited... Tue, 05 Jul 2011 01:28:53 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=656&Itemid=155 Joomla 1.64 is Available Joomla 1.6.4 Released (http://www.joomla.org/announcements/release-news/5374-joomla-164-released.html) (Joomla.org) The Joomla Project announces the immediate availability of Joomla 1.6.4. This is a security release. This release corrects four security issues and fixes an issue relating to version upgrades. Note that version 1.7.0 is scheduled to be released on 19 July 2011. Users planning to upgrade from version 1.6 to 1.7 will need to be running version 1.6.4 in order to upgrade to version 1.7.0. Important Note: A security fix was made for the Category List layouts for articles, contacts, newsfeeds, and weblinks as well as the Featured Contact list. If you have created a template override for one of these layouts based on the core layout, your file could contain this security issue. Please... Mon, 27 Jun 2011 17:37:25 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=618&Itemid=155 This is a security release. Please upgrade WordPress or have us do it for you: WordPress 3.1.3 (http://wordpress.org/news/2011/05/wordpress-3-1-3/) Posted May 25, 2011 by Mark Jaquith. WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements: Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros. Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research. Improves file upload security on hosts with dangerous security settings. Cleans up old WordPress import files if the import does not... Thu, 26 May 2011 10:06:14 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=609&Itemid=155 This is a security release, so please be sure to upgrade right away. WordPress 3.1.2 (http://wordpress.org/news/2011/04/wordpress-3-1-2/) WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts. The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter. We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1. Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site’s admin... Fri, 29 Apr 2011 13:47:32 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=657&Itemid=155 Joomla 1.63 is Now Available Joomla 1.6.3 Released (http://www.joomla.org/announcements/release-news/5370-joomla-163-released.html) (Joomla.org) The Joomla Project announces the immediate availability of Joomla 1.6.3. This is a not security release. This release corrects three issues caused by changes in version 1.6.2. The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! developement at the Developer Site. This upgrade is important if you are using Joomla 1.6.x. Please contact us if you need help with upgrading Joomla. -Tony Mon, 18 Apr 2011 17:40:17 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=606&Itemid=155 Time to upgrade WordPress again! WordPress 3.1.1 is now available. This maintenance and security release fixes almost thirty issues in 3.1, including: Some security hardening to media uploads Performance improvements Fixes for IIS6 support Fixes for taxonomy and PATHINFO (/index.php/) permalinks Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues Version 3.1.1 also addresses three security issues discovered by WordPress core developers Jon Cave and Peter Westwood, of our security team. The first hardens CSRF prevention in the media uploader. The second avoids a PHP crash in certain environments when handling devilishly devised links... Tue, 05 Apr 2011 15:31:33 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=584&Itemid=155 Need a WordPress Hack Cleanup? There seems to be a pretty widespread hack going around WordPress websites. If you upgrade to the latest version, you should be safe: WordPress 3.1 is Out (http://www.webstix.com/wordpress-3.1-is-out.html) I helped clean up 2 hacked WP sites this last weekend. The hack wasn't too bad. It involved the hacker inserting an iframe at the top of the page. The problem was that those sites were reported as malware sites and Firefox was displaying a message to people that the sites were accused of spreading malware instead of those websites getting traffic. The fact is, that site itself wasn't spreading the malware since another website was being framed. Please make sure you upgrade WordPress immediately. If you need help... Mon, 07 Mar 2011 14:27:57 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=577&Itemid=155 WordPress went up to the next tenth, so it's a feature upgrade - versus a patch or security upgrade. It could have some security holes fixed, so it's worth it to upgrade: WordPress 3.1, lots of fun (http://wordpress.org/news/2011/02/threeone/) Posted February 22, 2011 The long-awaited fourteenth release of WordPress is now available. WordPress 3.1 “Reinhardt” is named in honor of the jazz guitarist Django Reinhardt. Version 3.1 is available for download, or you can update from within your dashboard. This release features a lightning fast redesigned linking workflow which makes it easy to link to your existing posts and pages, an admin bar so you’re never more than a click away from your most-used... Wed, 23 Feb 2011 13:41:41 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=573&Itemid=155 If your website is using VirtueMart and you host with us, we will be upgrading your site with a patch: VirtueMart search_category SQL Injection Vulnerability Description Andrea Fabrizi has discovered a vulnerability in VirtueMart, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the search_category parameter to index.php (when option is set to com_virtuemart and page is set to shop.browse ) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.1.6. Other versions may also be affected.... Tue, 08 Feb 2011 12:39:28 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=572&Itemid=155 This one is a security update. Be sure to upgrade your WordPress sites immediately. WordPress 3.0.5 (http://wordpress.org/news/2011/02/wordpress-3-0-5/) Posted February 7, 2011 by Andrew Nacin WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions. This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update. The release addresses a number of issues and provides two additional enhancements: Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site. One information disclosure issue was addressed that... Tue, 08 Feb 2011 09:59:21 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=535&Itemid=155 This one is an important security update, so please be sure to do the WordPress upgrade. Back up your database and files before you do it in case there are any problems. If you need help, let us know and we can assist you. 3.0.4 Important Security Update (http://wordpress.org/news/2010/12/3-0-4-update/) Posted December 29, 2010 by Matt Mullenweg Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.” I realize an update during the... Thu, 30 Dec 2010 10:05:54 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=532&Itemid=155 Another one is out already. It really only seems to affect sites using remote publishing but it's still good to update it: WordPress 3.0.3 (http://wordpress.org/news/2010/12/wordpress-3-0-3/) Posted December 8, 2010 by Peter Westwood. Filed under Releases,Security. WordPress 3.0.3 is available and is a security update for all previous WordPress versions. This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts. These issues only affect sites that have remote publishing enabled. Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check... Wed, 08 Dec 2010 14:30:31 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=531&Itemid=155 This one even comes with a haiku: WordPress 3.0.2 (http://wordpress.org/news/2010/11/wordpress-3-0-2/) Posted November 30, 2010 by Mark Jaquith. WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional: Fixed on day zero One-click update makes you safe This used to be hard This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue! Download 3.0.2 or update automatically from the Dashboard > Updates menu... Wed, 01 Dec 2010 09:39:09 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=510&Itemid=155 There was another release of Wordpress recently: WordPress 3.0.1 (http://wordpress.org/news/2010/07/wordpress-3-0-1/) Posted July 29, 2010 by Andrew Nacin. Filed under Releases. After nearly 11 million downloads of WordPress 3.0 in just 42 days, we’re releasing WordPress 3.0.1. The requisite haiku: Three dot oh dot one Bug fixes to make you smile Update your WordPress This maintenance release addresses about 50 minor issues. The testing many of you contributed prior to the release of 3.0 helped make it one of the best and most stable releases we’ve had. Download 3.0.1 or update automatically from the Dashboard > Updates menu in your site’s admin area. It's time to do your upgrade.... Mon, 02 Aug 2010 07:15:50 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=509&Itemid=155 There was another release of Joomla on July 18th: Joomla! 1.5.20 Released Sunday, 18 July 2010 The Joomla Project announces the immediate availability of Joomla 1.5.20 [senu takaa]. This is a security release that addresses issues with the Joomla 1.5.19 packages. We recommend users upgrade immediately. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. Contact us for upgrade information. Thu, 22 Jul 2010 14:27:36 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=506&Itemid=155 There was a new version of Joomla released yesterday, which is primarily a security release. Contact us to get your website upgraded. Joomla! 1.5.19 Released Thursday, 15 July 2010 The Joomla Project announces the immediate availability of Joomla 1.5.19 [Wojmamni ama batani]. This is a security release. Security: Low Priority - Core - SQL Injection / Interal Path Exposure. Medium Priority - Core - XSS Vulnerabilities in back end. Medium Priority - Core - XSS Vulnerabilities in back end. Medium Priority - Core - XSS Vulnerabilities in back end. Fri, 16 Jul 2010 10:15:37 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=505&Itemid=155 I've been seeing a LOT of plugins being updated lately, so I knew this was coming. It's a major release of WordPress. Make SURE you take a backup of your existing WordPress files AND database before you do your upgrade or you could regret it! We're here to help! WordPress 3.0 “Thelonious” (http://wordpress.org/development/2010/06/thelonious/) (wordpress.org) WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download (or upgrade within your dashboard). Major new features in this release include a sexy new default theme called Twenty Ten. Theme developers have new APIs that allow them to easily implement custom backgrounds, headers, shortlinks, menus (no more... Thu, 17 Jun 2010 17:16:23 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=501&Itemid=155 There was an upgrade done on our web2 server last night. We did try to make sure that everything would work properly before the upgrade happened but with all upgrades, there could be some problems.If you experience anything unusual, please let us know.-Tony Wed, 02 Jun 2010 15:34:41 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=499&Itemid=155 There is a new version of Joomla! out. Everyone needs to upgrade. Joomla 1.5.15 Released (http://www.joomla.org/announcements/release-news/5276-joomla-1518-released.html) (www.joomla.org) Friday, 28 May 2010 The Joomla Project announces the immediate availability of Joomla 1.5.18 [Wojmamni ama wojnaiki]. This is a security release and also corrects one priority issue in version 1.5.17. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. Please contact Webstix about upgrading your website or expect us to contact you shortly. Update: 06-02-2010 I found out more about this upgrade and what's affected: TITLE: Joomla search Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39964 VERIFY ADVISORY:... Mon, 31 May 2010 07:10:27 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=495&Itemid=155 There seems to be some spam email going around with a subject line like this: setting for your mailbox (yourdomain.com) are changed These emails are not from us. They're not even being generated from our server. Do not open them or click on the attachment. These seem to be generated from people using Microsoft Outlook. My guess is that people get these and then it runs through all the email addresses in their address book and sends out more of these emails. This kind of spam email virus has been around a long time but still apparently suckers enough people to keep going. So please note that it's not from us and you should not open these. Just delete them. Thanks, -Tony Fri, 07 May 2010 15:33:16 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=483&Itemid=155 There is another Joomla update that has been released right away after 1.5.16 was released: Joomla! 1.5.17 ReleasedTuesday, 27 April 2010 The Joomla Project announces the immediate availability of Joomla 1.5.17 [Wojmamni ama woobusani]. This is a priority release to correct two issues in version 1.5.16. Although there are no security issues fixed in this release, we consider it a security release because a security-related bug has been fixed and because many sites may be upgraded directly from 1.5.15 to 1.5.17. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. Please contact Webstix today to make sure your website gets this important update. For clients on the 1.5.x... Mon, 03 May 2010 11:28:38 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=482&Itemid=155 To all our clients using Joomla: There is a new release available that you need to upgrade to. Joomla version 1.5.16 has just been released. Here is more information about it: Joomla! 1.5.16 Released (http://www.joomla.org/announcements/release-news/5259-joomla-1516-released.html) Friday, 23 April 2010 The Joomla Project announces the immediate availability of Joomla 1.5.16 [Wojmamni ama busani]. It has been about six months since Joomla 1.5.15 was released on November 4, 2009. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. All Joomla versions from 1.5.0 to 1.5.13 could be hacked by someone. Joomla versions 1.5.15 and 1.5.15 are not advisable to use. This means that everyone must upgrade. This is a very important upgrade.... Mon, 26 Apr 2010 01:42:12 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=464&Itemid=155 Time to upgrade WordPress again. This looks like a minor upgrade but it's worth doing - as always: WordPress 2.9.2 (http://wordpress.org/development/2010/02/wordpress-2-9-2/) Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade. Let us know if you need help or if you would like us to take care of these upgrades automatically for you when they come out. We're happy to. -Tony Mon, 15 Feb 2010 17:32:45 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=460&Itemid=155 Hi, just a quick post to let you know that I've posted some information about Webstix SMTP servers (http://www.webstix.com/e-mail-settings.html) if you have any questions about how to set that up. Thanks,-Tony Wed, 03 Feb 2010 15:12:52 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=451&Itemid=155 Two releases right in a row. Time to upgrade - let us know if you need help! WordPress 2.9.1 (http://wordpress.org/development/2010/01/wordpress-2-9-1/) Posted January 4, 2010 by Ryan Boren. After over a million downloads of WordPress 2.9 and lots of feedback from all of you, we’re releasing WordPress 2.9.1. This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts. If any of these issues affect you, give 2.9.1 a try. Download 2.9.1 or upgrade automatically from the Tools->Upgrade menu in your blog’s admin area. -Tony Wed, 06 Jan 2010 12:19:49 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=445&Itemid=155 Over the weekend, WordPress 2.9 came out. This looks like a nice upgrade with lots of new features: WordPress 2.9, oh so fine (http://wordpress.org/development/2009/12/wordpress-2-9/) Posted December 19, 2009 by Matt. Filed under Releases. I want to make you mine, all the time… oh wait. Hello. I’m here on behalf of the entire WordPress development team and community to announce the immediate availability of WordPress version 2.9 “Carmen” named in honor of magical jazz vocalist Carmen McRae (whom we’ve added to our Last.fm WP release station). You can upgrade easily from your Dashboard by going to Tools > Upgrade, or you can download from WordPress.org. 2.9 provides the smoothest ride yet... Mon, 21 Dec 2009 11:37:26 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=424&Itemid=155 Here's the latest WordPress release that we saw coming: WordPress 2.8.6 Security Release (http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/) (wordpress.org) Posted November 12, 2009 by Ryan Boren. Filed under Releases, Security. 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended. The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these. Most WordPress sites are running on Linux type servers that use the... Fri, 13 Nov 2009 14:33:45 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=423&Itemid=155 I just got a security advisory about 2.8.5, so I'd expect 2.8.6 to be out in a day or two.-Tony Thu, 12 Nov 2009 11:25:30 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=415&Itemid=155 Time to upgrade everyone! Get all your WordPress sites upgrade and up to date. Now is also a good time to make sure all those plugins are also updated. You want to keep everything updated and secure so that you don't get hacked and have a mess on your hands. WordPress 2.8.5: Hardening Release (http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/) Posted October 20, 2009 by Peter Westwood As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought we worth back-porting to the... Tue, 20 Oct 2009 22:40:14 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=406&Itemid=155 Early tomorrow morning (Saturday), services may be interrupted as another attempt is made to change out a drive in the RAID. We're doing our best to have this done at non-peak times and be done as quickly as possible so that things are back to normal.Thank you for your patience.-TonyUPDATE: 10/03/09 9:50am - We're back up after the ghosting of the drive. Thank you for your patience, everyone. Fri, 02 Oct 2009 22:18:36 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=405&Itemid=155 I got our hosting report for the 3rd quarter of 2009 today. Our average uptime (of all our servers) was 99.973% - up from last month - nice!-Tony Fri, 02 Oct 2009 16:14:24 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=394&Itemid=155 I'm reading that this last WordPress Upgrade (2.8.4) is pretty important. It seems that if you haven't upgraded, you will get hacked. It's just a matter of time. WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] (mashable.com) (http://mashable.com/2009/09/05/wordpress-attack/) The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. The cleanup after a hack doesn't sound like fun. Webstix is here to help with WordPress upgrades and updates if you need us. -Tony Sat, 05 Sep 2009 09:06:46 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=393&Itemid=155 Our host will be doing some server maintenance on Sept 17th at 2 am. The servers (web1 and web2) will be down for a short time and will also be rebooted. Since this is a low traffic window, we don't anticipate that it will affect websites too much. We will also be doing testing of websites once the server comes back up.Thank you,-Tony Thu, 03 Sep 2009 15:09:08 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=373&Itemid=155 One question we often hear people ask if they can update everything on their website. Our answer is yes but there's a bit of an asterisk with that and it has to do with security.The more you open up a website through a web interface (a Content Management System), the more you risk with security. This is because you have to set the permissions of certain files and directories to be very open since someone using a website to update files on the server is the website user ( apache user on most Linux servers) but the files are actually owned by the FTP user.And then when we set up a CMS website, we think about what kind of... Thu, 13 Aug 2009 14:00:45 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=372&Itemid=155 Another update is out - time to upgrade Wordpress! WordPress 2.8.4: Security Release (http://wordpress.org/development/2009/08/2-8-4-security-release/) Posted August 12, 2009 by Matt. Filed under Releases, Security. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version... Wed, 12 Aug 2009 10:25:38 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=371&Itemid=155 While I was out on vacation, another update was released, which was right on the heels of another update again. I've updated all my WordPress sites. It's an easy upgrade / no database upgrade needed: WordPress 2.8.3 Security Release (http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/) Posted August 3, 2009 by Ryan Boren. Filed under Releases. Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin. Get upgraded - you don't want... Mon, 10 Aug 2009 13:28:59 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=370&Itemid=155 A number of our clients have been affected by the change at TDS to not offer a SMTP server for sending email (smtp.tds.net). Apparently, you can do an upgrade of services with them and get this service or else they ask you to use Google's GMail service or get email hosting with your website host. At Webstix, we do not offer an SMTP server to our clients for a number of reasons (some reasons are explained below). So here are some other ways to get an SMTP server for your email account: Yahoo! Mail Plus (http://www.theoriginalsource.com/yahoo-mobil-smtp-server.html) - I have used this service for a few years now and I like it. I have a Yahoo email account but you don't... Mon, 10 Aug 2009 13:25:40 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=363&Itemid=155 I got our hosting report for the 2nd quarter of 2009 today. Our average uptime (of all our servers) was 99.408% - nice!We had 8 alerts. Most were due to one site... thus our more proactive approach to making sure everyone's website software is up to date. If your site is not up to date and there's a problem - we'll most likely take it down until it can be fixed. So to avoid that, make sure your website software (CMS, WordPress, plugins, components, PHP scripts, etc.) are all up to date with patches and updates.Now go get outside - it's summer!-Tony Thu, 23 Jul 2009 14:50:47 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=362&Itemid=155 Here's a portion of a report from Postini/Google on how much spam is out there and why. Some ISPs and hosts get taken down for sending out too much spam, which helps but those spammers find other ways to get junk mail sent out, unfortunately. Over the past month, we've seen a series of high-volume spam attacks with multiple variants and new tactics. Our new bulletin gives you insight into the latest spam trends, tips on how you can get the best protection from your message security service, and tools for quickly troubleshooting spam. Current Spam Trends and Statistics (http://postini.com/webdocs/rel_notes/announce/bulletin_spam.html) This quarter, proliferation continues with an unpredictable pattern of drops and spikes as 2009 moves along.... Thu, 23 Jul 2009 10:32:42 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=361&Itemid=155 A new version came out yesterday and it's a security release. We encourage everyone to get their site upgraded as soon as possible. Joomla 1.5.13 Security Release Now Available (http://www.joomla.org/announcements/release-news/5243-joomla-1513-security-release-now-available.html) (joomla.org) Wednesday, 22 July 2009 Security Release The Joomla Project announces the immediate availability of Joomla 1.5.13. This is a security release and users are strongly encouraged to upgrade immediately. This release contains 26 bug fixes, two moderate-level security fixes and one low-level security fix. It has been 3 weeks since Joomla 1.5.12 was released on July 1, 2009. Thanks, -Tony Thu, 23 Jul 2009 08:17:28 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=359&Itemid=155 Whizz, boom, bang - there's another WP out already: WordPress 2.8.2 (http://wordpress.org/development/2009/07/wordpress-2-8-2/) Posted July 20, 2009 WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download (http://wordpress.org/download/) 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin. I only updated a few, critical sites (personal sites on another server) last time so although I should have been vigilant with these updates, procrastination paid off this time. I'll update them all again for sure this time. Wow, someone should come up with a... Mon, 20 Jul 2009 10:16:27 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=354&Itemid=155 This particular blog is dedicated to educating people about how important website security issues are. It's an important part of owning and running a website since websites today are more complicated than they were just a few years ago. These types of websites have software that runs on a computer (server) that's sitting out in a very public area, just tempting people to mess with it. It's like taking your home computer and setting it up at the local mall. Come back later that day and see what kind of condition it's in after the public has had a chance to use it. You'd really have to lock it down if you want to keep it running, right? It's the... Wed, 15 Jul 2009 11:36:25 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=349&Itemid=155 07/11/09 2:55pm - We're seeing some slow network issues to our servers. Our host is looking into it.This was resolved within 30 minutes. Sat, 11 Jul 2009 14:55:48 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=348&Itemid=155 Time to upgrade... again! :-) WordPress 2.8.1 (http://wordpress.org/development/2009/07/wordpress-2-8-1/) (wordpress.org) WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe. Upgrade and stay safe! Let us know if you need any help. Use those Maintenance Blocks (http://www.webstix.com/ser_maintenance.html)! -Tony Fri, 10 Jul 2009 12:23:49 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=345&Itemid=155 Recent attacks on government sites: Cyber attackers target South Korea and US (http://www.guardian.co.uk/world/2009/jul/08/south-korea-cyber-attack) (www.guardian.co.uk) All software has holes in it. It's all hackable. The question is, do you want to make it easy for hackers to hack your site or difficult? Make sure all software running your website is up to date. This includes your CMS, blogging software, scripts used for feedback forms (which was one of the first hacks I ever saw), e-commerce / shopping cart software, forums, ad management software and so on. If you apply the available patches and do upgrades, then you're less of a target. You're blocking known holes. If you neglect that, then watch out - it's just a matter of time. -Tony Wed, 08 Jul 2009 11:49:33 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=343&Itemid=155 Another Joomla update: Joomla! 1.5.12 Released (http://www.joomla.org/announcements/release-news/5242-joomla-1512-released.html) (www.joomla.org) The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.12 [Wojmamni Ama Woi]. This release contains a number of bug fixes and three moderate-level security fixes. It has been less than a month since Joomla 1.5.11 was released on June 3, 2009. This release marks an important milestone for the Joomla Project due to the upgrade of the PEAR library to the new BSD licensed version, which brings the codebase into full compliance with the GPL. In addition, this release contains an important upgrade to TinyMCE v 3.2.4.1. The Production Working Group's goal is to continue to provide regular, frequent updates to the Joomla... Thu, 02 Jul 2009 15:18:47 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=342&Itemid=155 The Joomla 1.5.11 release is out. There are several security issues that have been fixed and users are strongly advised to upgrade their websites. Recently the possibility of multiple cross-site and HTML-injection vulnerabilities has been detected in Joomla 1.5.10. This might cause the application to sufficiently sanitize user-supplied input. These issues affect the 'com_user' component, the 'JA_Purity' template, and the administrative panel in the 'Site client' subproject of the application An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks. Versions prior to Joomla!1.5.11 are vulnerable. Please contact Webstix to schedule your upgrade or we will be contacting you shortly about this issue. Remember, all software... Mon, 29 Jun 2009 10:42:55 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=341&Itemid=155 We'd like to provide you with an update on recent the spam attacks which are occurring in our environment. Our message security vendor has advised us on high volumes of bogus Microsoft downloader and other messages that contain links to download malware. Spammers have created false Microsoft Outlook notifications and Amazon/World Pay confirmations, and added links that prompt users to download a fake update or invoice. The security service has detected and blocked the vast majority of these attacks, and continues to release protections to stop the new mutations. Their capture rate is over 99%; however, the attack volumes are so large (in the hundreds of millions of messages) that a 1% passthrough rate means that a few messages may end... Mon, 29 Jun 2009 10:05:57 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=335&Itemid=155 I was working on upgrading some WordPress sites last night. One site did the automatic upgrade fine but I wasn't so lucky with others. I was getting errors that files wouldn't copy over and there's no way to try it again from there, you have to start completely over it seems. So I just started doing manual updates to those sites, which isn't hard but not quite the perfect world that WordPress would like.If anyone needs help upgrading WordPress, let us know. We have a Website Maintenance Team just waiting for projects like that. We can squeeze you in and it shouldn't take very long. We can get them done overnight.-Tony Tue, 16 Jun 2009 14:13:57 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=332&Itemid=155 I'm you're running either Joomla or Wordpress, updated versions are out, so you should be doing updates: Wordpress (June 11, 2009): 2.8 Release Jazzes Themes and Widgets (http://wordpress.org/development/2009/06/wordpress-28/) Joomla (June 3, 2009): Joomla 1.5.11 Security Release Now Available (http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html) If you have a maintenance agreement with Webstix to do your Joomla updates, you'll be hearing from us when they are complete. Thanks, -Tony Mon, 15 Jun 2009 12:15:17 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=331&Itemid=155 I thought I'd quickly write a post about a few places where we look for computer / server security information: Secunia Advisories (http://secunia.com/advisories/): I get this report everyday to make sure my computer or any of our servers are running out of date software. They seem to do their best to release these advisories as the fixes come out - so that hackers don't get the info and work on exploiting holes. With that said, you'll want to be sure to patch up (get updates on) your software as soon as these advisories come out since hackers are going to try to get in before the patches are done. Sophos Labs (http://www.sophos.com/blogs/sophoslabs/) (blog): Everything from phishing scams... Mon, 15 Jun 2009 11:54:38 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=328&Itemid=155 This is good news for all of us who hate spam... which is everybody: FTC Sues, Shuts Down N. Calif. Web Hosting Firm (http://voices.washingtonpost.com/securityfix/2009/06/ftc_sues_shuts_down_n_calif_we.html?hpid=sec-tech) (voices.washingtonpost.com/securityfix) In an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations. On the other hand, this sets a new precedent where hosts that send out too much spam can be shut down. This means hosts are going to be more likely to crack down on their customers who don't take care of servers that are infected and sending out spam. Keep your website software up to date! -Tony Wed, 10 Jun 2009 21:27:11 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=325&Itemid=155 Spam / junk email is on the rise again. These people are clever. A certain percentage of people click on these spam messages, so it's just a numbers game. To get the sales they need, they'll send out even more spam email. Most of this junk email is sent from web servers. I've heard of hacks sending out 20,000 or more spam emails.What happens is hackers hack into servers and install programs that send out spam. They'll put these program in hidden folders and then consume server resources and send out as much email as they can before they're found - if they're found. Most of this happens automatically, too. They'll scan websites for software and scripts - which are... Tue, 09 Jun 2009 12:16:50 +0100 http://www.webstix.com/index.php?option=com_content&task=view&id=324&Itemid=155 Just FYI... our host, Rackspace, is going to do a kernel update to both servers this Saturday morning. They will need to reboot both servers:-----The kernel is the heart of the operating system and is periodically updated with security and bug fixes. You may want to update your kernel to the latest one.A kernel update requires a server reboot, so it is a good idea to schedule the kernel update during a period of low server activity. Let us know if you would like to schedule a kernel update at a particular date and time. If you would like to schedule it at a certain date and time be sure to provide your timezone so we can... Mon, 08 Jun 2009 15:52:49 +0100