Important: Timthumb.php WordPress Exploit/Vulnerability

POSTED BY Doug ON August 14, 2011 AT 11:33 pm UNDER announcements

It has recently been brought to our attention that ‘timthumb.php’, a popular WordPress script used for resizing images on the fly, is vulnerable to a remote inclusion exploit. You can read more about the vulnerability and the fix here: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

Due to the popularity of WordPress, and the severity of the exploit which can allow attackers to compromise websites, in order to protect our customers we have attempted to automatically upgrade any ‘timthumb.php’ files to the latest version with this vulnerability already patched against. As of writing this blog post, we have replaced any discovered timthumb.php files with the latest trunk version. Please be advised that whilst we have tested this forced upgrade in many scenarios and have not discovered any issues, there is a small risk that your script(s) or theme(s) may not function 100% correctly with this latest version. We strongly encourage all customers to check that their WordPress plugins and themes are currently working correctly, and if not, please communicate with the author of your plugin/theme to reach a resolution.

Whilst we have attempted to replace all vulnerable ‘timthumb.php’ scripts with the latest version, there is a possibility that some vulnerable versions remain. We strongly encourage and advise that all customers look for any copies of ‘timthumb.php’ within their WordPress installations and update to the latest version as soon as possible. Failure to do so increases the risk that your WordPress installations may be compromised in the future.

Please do not contact us requesting specific instructions on how to upgrade your ‘timthumb.php’ script(s) as ThisWebHost is not responsible for this script in any way. We have taken basic precautionary steps to try and prevent widespread website compromise, however ultimately it is your (the client’s) responsibility to ensure that any scripts you use are up to date at all times.

1 Comment »

Announcing: Semi-Dedicated Packages

POSTED BY Doug ON August 9, 2011 AT 10:08 pm UNDER announcements, discussion, feedback

We are pleased to announce that we have now started offering semi-dedicated hosting packages. The semi-dedicated level package is intended to sit between our existing shared and dedicated hosting packages, providing a more cost-effective solution for customers who require more resources than our shared plans can offer.

Semi-dedicated means that each server is effectively broken up into a very low number of clients. This allows each individual client to consume more resources than they typically would on a shared hosting account, because more are available. Additionally, because it’s semi-dedicated, many of our shared restrictions will not apply, namely;

  • No MySQL database size restrictions.
  • InnoDB is available.
  • No restriction on the number of hourly e-mails that can be sent.
  • No CPU limit (in minutes).

We’re happy that this new product now almost completes our product range, providing customers with all of the options available to host anything from a simple private website to a fully fledged several million post(s) forum.

3 Comments »

Regarding Today’s DNS Issue

POSTED BY Doug ON July 14, 2011 AT 7:03 pm UNDER announcements

I just thought I’d write a blog post outlining todays DNS issue, for clarification.

What Happened?
It seems that some (not all) DNS records in our cluster had been reset to cPanel defaults. cPanel defaults in this instance meaning a standard cPanel template, where the MX records default to the local server and with the most basic of cPanel A and CNAME records. As such, any modifications made from this default template were removed.

Read the rest of this entry

19 Comments »

April Update & New Features

POSTED BY Doug ON April 22, 2011 AT 6:09 pm UNDER announcements, discussion, feedback

Well, it’s April 2011 and fortunately there’s not much to report. I say fortunately because as it happens most of the time at the this* camp, everything is working as it should! We’re still developing things behind the scenes to make our hosting more fluid and automated, saving time for both you and us, so I wanted to take a little time to talk about some of the latest changes we’ve made.

Automated and Automatic Affiliate Payouts
I’m pretty sure we’re the only one, if not one of the very very few hosting providers out there who have any kind of automated affiliate payout system in production – and we’re proud of that. This means that without needing to get in touch with us, you can view your affiliate account balance and either send the money directly to your PayPal or add it to your balance with us. All in a few seconds and a few mouse clicks.

Redesigned Ticket System
We’ve redesigned our ticket system slightly so that whilst submitting your ticket and before it is sent to us, you are prompted with possible suggestions and solutions to your questions or issues you may be facing – with information pulled directly from our knowledgebase. This is primarily to reduce the number of what we refer to as “obvious tickets” containing very common questions which are already covered within our knowledgebase. We’re really trying to push our knowledgebase as the first port of call for any questions clients have, and we’re always adding to it. Many companies have knowledgebases and Wikis detailing how to complete common tasks, and the intent is to reduce support time.

I’m very happy to say this is working well, and our support times are lower than ever :)

Automated Domain Name Changes
Previously a feature we’d charge for (due to the Administration involved), we’ve now developed a system where you can modify the domain name of your account from within the client area. This is to assist those who may “flip” their websites regularly, or want to let their domain expire and utilise their hosting account on another domain instead. You can find this by selecting ‘My Hosting Accounts’ and then clicking the ‘Manage’ button next to the hosting account in question. At the bottom there will be a new button allowing you to change the domain name.

Promotions Page
Many people ask or want to know if we’re currently running any promotions. To aid those and to boost the use of our promotional codes, we’ve created a page on our website that pulls currently active promotional codes out of our system and displays it on the website, along with the value of the code and the expiry date(s). Never miss a promotion again! Don’t forget, there’s currently 50% off all hosting accounts throughout April.

As always, we’d love to hear from you if you have any comments or suggestions. Thanks for being a part of this*.

1 Comment »

CPU Usage (Account Resource Usage) Statistics Reset

POSTED BY Doug ON March 4, 2011 AT 9:09 pm UNDER announcements

Today we’ve made some substantial behind-the-scenes changes to our “Account Resource Usage” script inner-workings. As a result of these changes and the debugging before deployment, we’ve had to reset the CPU usage history data, so currently you will see nothing within the “Account Resource Usage” page in the client area. Statistics update once a day and will show once updated, with the same 7 day history and overview as before. New data will be shown within the next 12 hours.

We apologize for any inconvenience this may cause those currently trying to reduce their CPU usage and are relying on this information, but the changes we’ve made have fixed a few inconsistencies and make future deployment of this information far easier.

Comments Off