The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests.

Note that WordPress are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.

WP Super Cache is a static caching plugin for WordPress. It generates html files that are served directly by Apache without processing comparatively heavy PHP scripts. By using this plugin you will speed up your WordPress blog significantly.

Download and Installation
1. Download the newest version of the WP Super Cache plugin from the WordPress.org plugin db and follow the instructions contained in the readme.txt file. If you have installed WP-Cache before this shouldn’t be any more difficult.
2. After installation, go to the WP Super Cache options page and set your desired cache time.

Installation shouldn’t be a problem, but should you have any issue just submit a support ticket in our client area and we’ll be only too happy to help.

Here’s to happy, speedy bogging!

The full list of new features and benefits of Apache 2 can be seen here.

The upgrade is now complete, and out of our eight servers we have only had one report of there being an issue – which was quickly resolved. As always, if you have any issues they we be quickly addressed via our secure client area.

Thank you,
Gareth Hodson

Here are the updates:

- 4Images Gallery: 1.7.4 -> 1.7.6
- Crafty Syntax Live Help: 2.14.4 -> 2.14.6
- Drupal: 5.3 -> 6.1
- Joomla: 1.0.14 -> 1.0.15
- Mambo Open Source: 4.6.2 -> 4.6.3
- Nucleus: 3.24 -> 3.32
- PHPauction: 2.1 -> 3.2
- phpAdsNew: 2.0.9-pr1 -> 2.0.11-pr1
- TikiWiki: 1.9.8.3 -> 1.9.10.1

What exactly is Ruby on Rails?
Ruby on Rails is an open source web application framework written in Ruby that closely follows the Model View Controller (MVC) architecture. It strives for simplicity, allowing real-world applications to be developed in less code than other frameworks and with a minimum of configuration. One of Rails’ guiding principles is “Don’t Repeat Yourself”.

We have also installed the needed gems for the proper functioning of RUBY, these are listed below:

Successfully installed rails-1.2.3

*** LOCAL GEMS ***

actionmailer (1.3.3)

Service layer for easy email delivery and testing.

actionpack (1.13.3)

Web-flow and rendering framework putting the VC in MVC.

actionwebservice (1.2.3)

Web service support for Action Pack.

activerecord (1.15.3)

Implements the ActiveRecord pattern for ORM.

activesupport (1.4.2)

Support and utility classes used by the Rails framework.

fcgi (0.8.7)

FastCGI library for Ruby.

mysql (2.7)

MySQL/Ruby provides the same functions for Ruby programs that the MySQL C API provides for C programs.

rails (1.2.3)

Web-application framework with template engine, control-flow layer, and ORM.

rake (0.7.3)

Ruby based make-like utility.

sources (0.0.1)

This package provides download sources for remote gem installation

–

As always, HostedFX pushes forward and constantly improves its services for the benefit of our clients, I hope you enjoy this latest addition.

- CHKRootKit – a simple program that detects and hacker software and notifies us if any has been detected via email.
- RootKit Hunter – scanning tool to ensure our system does not have any backdoors or exploits.
- Securing and Upgrading of SSH Server – increases security during ssh connections failures and automatically blocks the attackers ip in the firewall.
- System Integrity Monitor – 24×7 Internal Monitor that checks all services and restarts them if they are down.
- SPRI – changes the priority of different processes in accordance to level of importance, hence increasing server performance.
- Secure and Optimize Apache (HTTP)- tweaks apache to perform better, and prevent unnecessary information from being easily seen. Also installed mod_security to restrict web attacks.
- MySQL optimization – increases performance of MySQL.
- host.conf hardenening – prevent dns lookup poisoning & spoofing protection.
- nsswitch.conf modification – secure and optimize DNS lookups.
- sysctl.conf hardening – helps prevent TCP/IP stack from syn-flood attacks and other network abuses.
- Shell Fork Bomb/Memory Hog Protection – prevents a user logged into a shell from consuming all the resources on the server.
- TMP Directory hardening ( /tmp, /var/tmp, /dev/shm) – helps prevents execution of malicious scripts.

As always, HostedFX is always striving to provide the best service possible for you.

All things being well, we should be looking at around early August for the stable upgrade to cPanel 11

This time of testing has essentially only been carried out in order to improve your experience as a customer and we thank you for your patience during this time. You may view the new features that will be available when we do upgrade to a stable release of cPanel 11 here:
- http://www.cpanel.net/products/cPanelandWH…11/security.htm

We have now downgraded back to cPanel 10, and all should be working as normal. We had an unfortunate MySQL error which has now been resolved.

Once again, thank you for your patience,
Gareth

The problem we see is that many different IPs (most are hijacked PCs located in Turkey, used as bot networks) are hammering these TopSites directories, acting as mini DoS attacks against those servers. The last security advisory for TopSites was last year, but apparently it remains unpatched. This does not give us much faith in the developers – it could have been fixed a long time ago, then we would not be dealing with this problem now.

The bottomline is that we are forced to disable the affected directories as we find them. We do recommend replacing this script with a similar one. We are likely disabling TopSites in all Fantastico panels.

Account Creation/Suspension/Termination
- New accounts will be automatically created, and the details emailed to you, after the first payment is due.
- Accounts will be automatically suspended after a payment is 2 days overdue.
- Suspended accounts will be automatically unsuspended the second an overdue invoice is paid.
- Accounts will be automatically terminated 90 days after the last payment was received.

Billing
- Invoices will be generated 7 days before the payment is sent.
- A reminder will be sent 1 day before the payment is due, if it has not been paid.
- An invoice ‘overdue message’ will be sent if payment reaches 1 day late.

That’s basically it. If you don’t agree with anything, please let me know