TetraHost Bangladesh

The Official Company Blog

Category Archives: Security

03 Sep

Critical Update for Joomla! Users

If you are a Joomla user, you better start updating your sites now.

Joomla was updated recently! Joomla issued a new minor versions, v2.5.14 and v3.1.5, that patches some very critical security holes, so it is very important you update as soon as possible! We are urging all customers to log in to update their Joomla sites to the latest version to help keep your site secure! They didn’t provide much details, but by the summary is seems serious enough to allow users to bypass upload restrictions:

  • Project: Joomla!
  • Severity: Critical
  • Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
  • Exploit type: Unauthorised Uploads
  • Reported Date: 2013-June-25
  • Fixed Date: 2013-July-31
  • Description: Inadequate filtering leads to the ability to bypass file type upload restrictions.

More information on Joomla 2.5.14 update here: http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads

If you have any questions, feel free to email us at support[at]tetrahostbd[dot]com.

13 Apr

Global Brute Force Floor Attack on WordPress Sites

As I write this article, there is an on going and highly distributed, global attack on WordPress installations across virtually every web host in existence! This attack is well organized and again very, very distributed. The attack can be called as “brute-force” attack as well. Due to the nature of the attack, memory consumption on targeted servers has increased. In certain cases, this has resulted in degradation of performance!

At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website.  These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).

The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning.  No one knows when it will end. TetraHost started a thread on a popular forum where web host owner’s is sharing their experience with the attack and solutions. Here is the thread.

We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. Again, this is a global issue affecting all web hosts. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.

To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following blog article and apply the security protection ASAP:

http://blog.tetrahostbd.com/2012/01/31/wordpress-protection

Other ways of Hardening a WordPress installation are shared here at:

http://codex.wordpress.org/Hardening_WordPress

The TetraHost support team has been hard at work with fighting the situation! We’ve taken proactive steps to reduce the impact of this event. We thank you for your patience.

Having trouble? You can always file a ticket at support@tetrahostbd.com.

08 Sep

WordPress Update 3.4.2

I was just checking our company blog today and found that WordPress released update and the new version is 3.4.2, details information is available on the following two link:

http://codex.wordpress.org/Version_3.4.2

http://wordpress.org/news/2012/09/wordpress-3-4-2

All TetraHost user is requested to update their WordPress installation to latest version.  Update can be done easily by login to the WP Admin panel.

Please contact the support desk if you are having any issue with updating.

13 Jul

PHP Upgrade to Version 5.3.x

We upgraded PHP in the Grid from 5.3.13 to the latest release, 5.3.14. This new release patches several security vulnerabilities existing in 5.3.13. Please note, the PHP development team already declared End of live for version 5.3.13. Here’s what the PHP development team says about this update:

The PHP development team would like to announce the immediate availability of PHP 5.4.4 and PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.4.4 or PHP 5.3.14.

The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension

PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI

For source downloads of PHP 5.4.4 and PHP 5.3.14 please visit our downloads page, Windows binaries can be found onwindows.php.net/download/. The list of changes are recorded in the ChangeLog.

For a full list of changes between 5.3.13 and 5.3.14, visit php.net.

While this small upgrade should not present problems for most websites, this will cause some minor compatibility issues mainly with those client who have not kept your software updated in the past.

We highly recommend that you update any PHP scripts you are running such as WordPress, vBulletin, Joomla, etc. We always recommend you stay up to date most importantly for security reasons.

As always, let us know if you have any issues resulting from this upgrade by contacting our support desk. You can reach the support desk by sending email to support@tetrahostbd.com