26Feb

PHP 5.3.10 and MySQL 5.5.21 Upgrade


This evening all Mr.Host web servers have been upgraded to PHP 5.3.10 and MySQL 5.5.21

PHP 5.3.10

Security Fixes in PHP 5.3.10:

  • Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

Security Enhancements and Fixes in PHP 5.3.9:

  • Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
  • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

Key enhancements in PHP 5.3.9 include:

  • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
  • Fixed bug #55609 (mysqlnd cannot be built shared)
  • Many changes to the FPM SAPI module

MySQL 5.5.21

A full list of MySQL 5.5.21 changes is available here:

http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html

29Dec

100% Against SOPA


Mr.Host is firmly against SOPA- the Stop Online Piracy Act.

SOPA is a bill that gives the U.S. Department of Justice unprecedented legal authority to effectively shut down local and foreign websites, that it deems enabling or facilitating copyright infringement.

While we support the stated goals of the bill, we think the bill as drafted exposes law-abiding internet and technology companies to all sorts of unknown liabilities, and threatens first amendment rights of US citizens- Not to mention privacy rights of internet users all over the world.

SOPA would allow judges to order U.S. internet services providers to block access to sites, order search companies like Google to de-index sites, and bar payment processors and online advertisers, like Paypal and Google, from doing business with these sites.

We believe this kind of legal reach is far beyond what should be allowed by any government body.

SOPA directly effects Mr.Host and our customers through it’s ability to order ISP’s to block sites that it believes are guilty of copyright infringement. Mr.Host, along with hundreds of other web hosting companies all over the world, offers shared hosting services to their customers. If a web hosting customer intentionally or un-intentionally uploads something to their site that is considered against SOPA, an order could be passed to all US ISP’s to block that web hosting company- effectively making all sites hosted with that company “disapear” to all internet users in the U.S.

These types of blocks will inevitably blackhole more than the intended target, which means internet users in the U.S. will not be able to access these sites, and site owners will not be able to do business with one of the largest markets in the world, effectively shutting them down.

The list of arguments against SOPA is growing every day, and the number of companies against SOPA is huge- yet the U.S. House of Representatives is still set to continue the debate after the winter break.

We here at Mr.Host urge all U.S. citizens and business owners to contact their local representatives and let them know you’re against it.

SOPA Questions? Contact Support
16Oct

FTP Sub-Accounts


This weekend we’ve implemented a brand new feature to the Mr.Host system, available to all Mr.Host web hosting customers: multiple FTP sub-accounts.

You can now set up as many FTP sub-accounts to your existing Mr.Host account as you’d like each with its own username and password. You can even limit access to an FTP account to one of the websites you have configured on your account. This is helpful for customers who want to give FTP access to outside web developers, but don’t want to give out full access to their account.

We’ve also added the ability to disable FTP access on your main Mr.Host account. For security reasons, you can disable FTP access on your main account, and only use a FTP sub-account to manage content for your sites.

These new features are available now via the FTP section of the Customer Control Panel.

08Oct

Secure Email (IMAP, POP3 and SMTP)


We’re excited to announce that all Mr.Host email servers have been upgraded to support secure encrypted email, for both receiving (POP3 and IMAP), and sending (SMTP) email.

We’ve included support for both TLS (STARTTLS) and SSL, as support between email clients can vary. If you’re not sure what this means, just rest assured, if your email client supports encrypted email, it will work with our system.

Technical Details

We support TLS (STARTTLS) on the standard email ports – 110 for POP3, 143 for IMAP and 587 for SMTP. This should be what customers use by default, as it requires the least number of changes in your email clients.

We also support POP3s on port 995, IMAPs on port 993 and SMTPs on port 465.

How to Upgrade

We’ve added a Knowledge Base article with details on how to enable encrypted email in the most common email clients. It’s available here:

http://mrhost.ca/system/knowledge-base/email-mailing-lists/e-mail-client-setup/secure-email-using-ssl-with-imap-pop-and-smtp/

If you have any questions or need help configuring your email client, you can contact us @ help@mrhost.ca

 

10Sep

Apache 2.2.20 Upgrade


This evening, all Mr.Host web servers were upgraded to Apache 2.2.20.

This version is principally a security (CVE-2011-3192) and bugfix release .

Changes with Apache 2.2.20

  • SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
  • mod_authnz_ldap: If the LDAP server returns constraint violation, don’t treat this as an error but as “auth denied”. [Stefan Fritsch]
  • mod_filter: Fix FilterProvider conditions of type “resp=” (response headers) for CGI. [Joe Orton, Rainer Jung]
  • mod_reqtimeout: Fix a timed out connection going into the keep-alive state after a timeout when discarding a request body. PR 51103. [Stefan Fritsch]
  • core: Do the hook sorting earlier so that the hooks are properly sorted for the pre_config hook and during parsing the config. [Stefan Fritsch]