PHP Memory Limit Increased
Following a number of recent upgrades that we have been performing to our hosting network, we have increased the PHP memory limit available for all hosting accounts effective immediately.
Both cPanel and Reseller accounts have now increased substantially from 64Mb to 128Mb and cPanel Platinum Hosting accounts are increased from 128Mb to 256Mb, allowing for an even wider range of plugins and applications to be run on your hosting account.
Please also remember that we are upgrading PHP to v5.6 on the 25th June and so you should ensure that your scripts are accordingly compatible.
SSL Certificate Changes - SNI now available
Now that we have recently migrated our remaining CentOS v5 based hosting servers over to newer operating systems, we are now able to fully support SNI across our entire range of hosting accounts.
Traditionally, if you required an SSL certificate on your website then this also required that your hosting account have a dedicated IP address too in order to use SSL. Having a dedicated IP address required justification and also came at additional cost.
SNI is a means to enable SSL on hosting accounts without requiring a dedicated IP address. This means that you can now add an SSL certificate to your account without having to order a dedicated IP address to go with it.
If you wish to test out SSL for yourself and add https to your website, we are running a promotion on Geotrust RapidSSL certificates until the end of June for the reduced price of £9.99+VAT for a year providing a 33% saving! Please use special offer code SNI-SSL in our checkout to have the discount applied.
Additionally, we now fully support TLS 1.2 across all hosting accounts – a requirement for many payment processors, including PayPal in the near future.
For further detail on SNI, please see the following article: https://en.wikipedia.org/wiki/Server_Name_Indication
Out of date scripts
We are seeing an increasing number of out of date scripts, applications and plugins on hosting accounts, especially for WordPress based sites. Out of date scripts pose a security risk to your hosting account.
So what issue does this cause?
Out of date scripts very often have bugs (or vulnerabilities) that allow them to be used for purposes that they were not designed for, often allowing a 3rd party to upload files to your web space or to even gain control of your entire hosting account. This can therefore lead to someone gaining access to your e-mails, files and/or customer data which obviously may have serious consequences.
If someone has access to your account, they may also use it for sending large volumes of unsolicited mail (spam) or even create a page on your website to impersonate another site and capture customer details (phishing) and so possibly pose as a bank, PayPal etc and therefore use your website for fraudulent purposes.
Other issues are exploited accounts launching outbound attacks on other websites (known as Denial of Service attacks), often trying to hold them to ransom for money to cease the attack.
What do I need to do?
Most scripts receive regular updates, for example WordPress, Joomla, phpBB, etc as they are actively developed. You can normally easily update the application via your site admin / dashboard login page or by downloading update files from the authors’ website and applying updates as per their instructions.
Updates not only provide bug and security fixes, but also normally provide you with new functionality as well. It is also important that not only do you keep your application up to date, but also any themes, plugins or other add-ons so that the overall installation is fully up to date and secure.
We would much rather that you understand how to keep your hosted sites up to date yourself, however if you require assistance with upgrading scripts, our developers are able to undertake this work for you – please contact us for details and a quote if needed.
Additionally, please be aware that our terms and conditions do require that you take reasonable measures to ensure that your website is kept up to date and secure and so there is also a formal requirement for this.
What happens if I don’t keep my scripts up to date?
In the past, we have tried to work proactively with customers who have an exploited account and either restrict access to the account for them to resolve, or for us to undertake the work for them to clean the account and bring it up to date again. We have also notified customers if we see out of date scripts within their accounts and requested that they update them, however unfortunately in many cases our recommendation is not taken and accounts are therefore left vulnerable and have sometimes needed to then be suspended due to their risk.
Going forward, should your account be compromised and the cause be that your script(s) have not been kept up to date (ie you had the opportunity to proactively prevent this yourself), your hosting account will need to be deleted and recreated, removing all content and e-mail from it and setting it up as per a new hosting account again as this will ensure that your web space is completely clean and has all traces of an exploit being removed.
This may seem quite drastic action, however we have been seeing a steady increase in the amount of support resources that it requires to manage such issues, which to date have been managed at our expense. This causes a huge drain on our support resources as it can take many hours to investigate an exploited account and therefore comes at cost to us too whilst also detracting from our available time for helping other customers. We are therefore not keen to pass this ongoing cost onto others due to the fact that a minority of customers are not prepared to maintain their website as required as this is not fair to the majority.
Whilst we have a number of security systems in place to try and intercept and contain any such exploits, no system is fool proof and the ultimate way to protect your account is to keep it up to date and secure in the first place and this is part of the responsibility of running a website.
It is important to ensure that not only the application/script itself, but also any plugins and themes installed on the site are also kept up to date as these can equally be exploited to gain access to your site.
If you have any questions regarding updating your site or would like any advice, please contact us – we are more than happy to help where we can and would much rather an account be proactively updated than see your business go offline due to being exploited.
Thursday, June 2, 2016