Site hosting news, tutorials, tips, How Tos and more

Archive for the ‘Announcements’ category


2014 App Installer Updates

announcements

The new year brings us a round of new applications.  Note that backups and management of your MySQL databases just got easier with a one click install of phpMyAdmin:



Control Panel updates

announcements

leversWe’ve made a few changes to the Control Panel that should make life easier for some of you power users out there.

First, if you have a large number of sites in an account, we have significantly sped up the
Order New Site
and Order New Domain Name functions. Now there is no need to go make a sandwich while those pages load. Though, if you think about it, it’s almost always a good time for a sandwich.

Next, if you’ve ever entered a DNS TXT record in Control Panel, you may have run into a 128 character limitation. We have increased the TXT record limit to 512 characters (the maximum the DNS system will accept).

Finally, if you like to mess around with DNS records in general (and really, who doesn’t?), there may have been a time when you thought, “Well, that was fun, but I wish I could just dump all these cool experiments that have made my site redirect to altavista.com and somehow caused my email forward to the White House and just start over with a clean slate…” Well, now there is a Reset DNS button that does just what it claims to do – resets the DNS record for the site to our default settings. It’s cool, it’s powerful, and it will completely remove any customizations you’ve ever made, so use it carefully.

That’s it for now, but we’re always hard at work over here making the world a better place, so let us know if there is something we can do just for you.



Thanksgiving Updates

announcements

Give thanks for updated applications! Here are the App Installer updates for November:



Change is afoot


announcements

On November 11th, 2013 we are introducing some plan changes. Check your email for details. To summarize what’s happening:

Quota increases!

These increases will take place automatically on November 11th.

whatsnew

Changes to payment plans and prices

In order to make the plan changes, we are updating the pricing and payment options. You can find details in the plan change email.

While the quarterly and yearly payments will increase slightly, we have introduced a new two-year payment option that allows you to pay as little as $3.95 per month for the Basic plan. Even less than the old price.

The two-year payment option applies to every Winhost plan, so no matter which plan you use, you can decrease your monthly price by up to 20% by choosing the new two-year payment option.

And you can make the switch right now in Control Panel, before the new quotas and pricing go into effect on November 11th.

As we mentioned in the email, the price increase was a difficult decision for us. We never want to increase prices, but we want to continue to make improvements to the hosting services, and this will allow us to do that.

We hope the two-year payment option – which actually lowers current prices – and the quota increase will help ease the transition for some of you.



Google Checkout retiring November 11


announcements

Google announced that they would be closing Google Checkout over a year ago, but now they have announced the date when the service will close permanently; November 11, 2013.

If you use Google Checkout on your site they have a FAQ to help you transition to another system.

Google-Checkout



Fall Updates

announcements

Here’s our newest round of updates for our App Installer tool in the Winhost Control Panel:



Joomla security threat

announcements

One can never underestimate the importance of upkeep and routine maintenance, especially when it comes to web sites and applications. When we do not practice due diligence or neglect our web applications, hackers can find holes, weaknesses, and exploits in our so-called “secure” sites.

That holds even more true when it comes to “canned” applications such as Joomla. We have learned that Joomla version 2.5, and 3.1.x have a security hole that can allow anyone to upload malicious files through your application.

The malicious files can perform cross-site scripting (injecting a string of code to your web pages, which can redirect users to a phishing site), or distribute malware or Trojan files that can affect your visitor’s computers.

The security hole in Joomla is its Media Manager, which offers you a tool to upload files to the website. This is a necessary function in a CMS such as Joomla. Joomla comes with its own filtering mechanism that prevents anyone uploading files with specific extensions that can be malicious in nature. Files with extensions such as .exe or .php should not be uploaded as they can infect your web application.

However, the bug is that a trailing dot on a file name can circumvent the filtering mechanism. Normally Joomla will prevent the upload of files with a .php extension such as document.php. However, include a period at the end, such as document.php., and the file no longer fits the .php criteria.

Nasty bug to say the least. What is more frightening is that you do not have to be a registered user or have administrative privileges to the application to exploit the bug. If the Media Manager was set to be available to the public, anyone can inject your site with a malicious file.

The simplest way to solve this problem is to go to Joomla’s website, download the most recent version, and upgrade. This should have the latest patch to this security threat.

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626

http://www.joomla.org/announcements/release-news/5505-joomla-3-1-5-stable-released.html

If an upgrade is not an option for you, you can manually add the code that will prevent users from uploading files to your application with a trailing dot.

Navigate to /Libraries/Joomla/Filesystem and open file.php. Scour the code to find where the makeSafe function starts. Add the line:

// Remove any trailing dots, as those aren’t ever valid file names.
$file = rtrim($file, ‘.’);

If this line already exists then your Joomla application is immune to this specific security hole.

That doesn’t mean that you should not routinely follow up on the most recent news concerning your web applications. To really secure your site it is important to stay informed of the most recent patches for your web application.

Here are links you may want to check to stay up-to-date with Joomla’s security fixes. Keep in mind that some security patches may not apply to you depending on the version you are running.

http://www.cvedetails.com/vulnerability-list/vendor_id-3496/product_id-6129/hasexp-1/Joomla-Joomla.html

http://docs.joomla.org/Vulnerable_Extensions_List

Let me lastly say that we here at Winhost take this threat seriously. As of today, we have updated our App Installer to the most recent Joomla version (3.1.5) with the security patch installed. If you installed your Joomla application with this newest release, you are protected from this specific threat, however if you have installed an older version from us you may want to check file.php within Joomla and make sure the appropriate line is added.



New Application Installer Updates

announcements

Winhost is pleased to announce that the applications offered through our App Installer tool have been updated.  Here’s a list of the changes:

Some of the newer versions require the ASP.NET 4.5 Framework in order to run.  If you have a hosting account that is on the Windows 2008/IIS7 platforum and want to install one of these applications, please open a support ticket to have your account migrated to Windows 2012/IIS8.