Site hosting news, tutorials, tips, How Tos and more
You’ve been telling us that you need more. More everything; space for your files, memory for your applications, so we put our heads together and said, “What can we do to make that happen?” The answer was simple: increase all the quotas! Now! So that’s what we did.
Okay, I’m making it sound a lot easier than it was. But over the past day or so we’ve rolled out new quotas for every Winhost plan. The changes are now in effect on all web and SQL servers.
Here are the details:
Ultimate
Site memory has increased to 500MB, a gain of 200MB
SQL database disk space has increased to 5GB, a gain of 2.5GB
Number of SQL databases is now unlimited
SQL database disk space has increased to 5GB, a gain of 2.5GB
Number of MySQL databases is now unlimited
Max
Site memory has increased to 300MB, a gain of 100MB
SQL database disk space has increased to 2GB, a gain of 1GB
Number of SQL databases is now unlimited
MySQL database disk space has increased to 2GB, a gain of 1GB
Number of MySQL databases is now unlimited
Basic
SQL database disk space has increased to 500MB, a gain of 300MB
MySQL database disk space has increased to 500MB, a gain of 300MB
If you have any questions about these changes, just let us know. We want you to be able to grow at Winhost, and we hope that these quota increases help a lot of you do just that.
Go on now, get busy!
The new year brings us a round of new applications. Note that backups and management of your MySQL databases just got easier with a one click install of phpMyAdmin:
We’ve made a few changes to the Control Panel that should make life easier for some of you power users out there.
First, if you have a large number of sites in an account, we have significantly sped up the
Order New Site and Order New Domain Name functions. Now there is no need to go make a sandwich while those pages load. Though, if you think about it, it’s almost always a good time for a sandwich.
Next, if you’ve ever entered a DNS TXT record in Control Panel, you may have run into a 128 character limitation. We have increased the TXT record limit to 512 characters (the maximum the DNS system will accept).
Finally, if you like to mess around with DNS records in general (and really, who doesn’t?), there may have been a time when you thought, “Well, that was fun, but I wish I could just dump all these cool experiments that have made my site redirect to altavista.com and somehow caused my email forward to the White House and just start over with a clean slate…” Well, now there is a Reset DNS button that does just what it claims to do – resets the DNS record for the site to our default settings. It’s cool, it’s powerful, and it will completely remove any customizations you’ve ever made, so use it carefully.
That’s it for now, but we’re always hard at work over here making the world a better place, so let us know if there is something we can do just for you.
Give thanks for updated applications! Here are the App Installer updates for November:
On November 11th, 2013 we are introducing some plan changes. Check your email for details. To summarize what’s happening:
These increases will take place automatically on November 11th.
In order to make the plan changes, we are updating the pricing and payment options. You can find details in the plan change email.
While the quarterly and yearly payments will increase slightly, we have introduced a new two-year payment option that allows you to pay as little as $3.95 per month for the Basic plan. Even less than the old price.
The two-year payment option applies to every Winhost plan, so no matter which plan you use, you can decrease your monthly price by up to 20% by choosing the new two-year payment option.
And you can make the switch right now in Control Panel, before the new quotas and pricing go into effect on November 11th.
As we mentioned in the email, the price increase was a difficult decision for us. We never want to increase prices, but we want to continue to make improvements to the hosting services, and this will allow us to do that.
We hope the two-year payment option – which actually lowers current prices – and the quota increase will help ease the transition for some of you.
Google announced that they would be closing Google Checkout over a year ago, but now they have announced the date when the service will close permanently; November 11, 2013.
If you use Google Checkout on your site they have a FAQ to help you transition to another system.
Here’s our newest round of updates for our App Installer tool in the Winhost Control Panel:
One can never underestimate the importance of upkeep and routine maintenance, especially when it comes to web sites and applications. When we do not practice due diligence or neglect our web applications, hackers can find holes, weaknesses, and exploits in our so-called “secure” sites.
That holds even more true when it comes to “canned” applications such as Joomla. We have learned that Joomla version 2.5, and 3.1.x have a security hole that can allow anyone to upload malicious files through your application.
The malicious files can perform cross-site scripting (injecting a string of code to your web pages, which can redirect users to a phishing site), or distribute malware or Trojan files that can affect your visitor’s computers.
The security hole in Joomla is its Media Manager, which offers you a tool to upload files to the website. This is a necessary function in a CMS such as Joomla. Joomla comes with its own filtering mechanism that prevents anyone uploading files with specific extensions that can be malicious in nature. Files with extensions such as .exe or .php should not be uploaded as they can infect your web application.
However, the bug is that a trailing dot on a file name can circumvent the filtering mechanism. Normally Joomla will prevent the upload of files with a .php extension such as document.php. However, include a period at the end, such as document.php., and the file no longer fits the .php criteria.
Nasty bug to say the least. What is more frightening is that you do not have to be a registered user or have administrative privileges to the application to exploit the bug. If the Media Manager was set to be available to the public, anyone can inject your site with a malicious file.
The simplest way to solve this problem is to go to Joomla’s website, download the most recent version, and upgrade. This should have the latest patch to this security threat.
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626
http://www.joomla.org/announcements/release-news/5505-joomla-3-1-5-stable-released.html
If an upgrade is not an option for you, you can manually add the code that will prevent users from uploading files to your application with a trailing dot.
Navigate to /Libraries/Joomla/Filesystem and open file.php. Scour the code to find where the makeSafe function starts. Add the line:
// Remove any trailing dots, as those aren’t ever valid file names.
$file = rtrim($file, ‘.’);
If this line already exists then your Joomla application is immune to this specific security hole.
That doesn’t mean that you should not routinely follow up on the most recent news concerning your web applications. To really secure your site it is important to stay informed of the most recent patches for your web application.
Here are links you may want to check to stay up-to-date with Joomla’s security fixes. Keep in mind that some security patches may not apply to you depending on the version you are running.
http://docs.joomla.org/Vulnerable_Extensions_List
Let me lastly say that we here at Winhost take this threat seriously. As of today, we have updated our App Installer to the most recent Joomla version (3.1.5) with the security patch installed. If you installed your Joomla application with this newest release, you are protected from this specific threat, however if you have installed an older version from us you may want to check file.php within Joomla and make sure the appropriate line is added.