Quick jump menu:

DSA Media News and Information

Tradingeye v6.1 Security Updates

Due to the recent security vulnerabilities found in the eCommerce software Tradingeye, we are offering existing users a support option to apply a number of patches to help secure the user inputs in a more suitable method so as to not cause further problems within the administration area.

We will need to charge £30 + VAT to cover the time to download your files, make the changes, update the main admin password if necessary, and run a quick test over the site. There are no guarantees that these fixes will solve all security problems within the software, however it will go some way to providing a better level of security than the current version has.

If you wish to hire us to make these changes then please contact us with the following details:

  1. Site URL
  2. Invoice name and address
  3. FTP username and password
  4. Tradingeye username and password ONLY IF your password contains any of the following characters ‘ ” < > =

We will require payment before any work commences. We will initially give you an estimated date for the day which the work can be completed however this will not be secured until payment is received.

WordPress Plugin Upgrades

Further to our posts on keeping the WordPress core files updated, please note that this also includes plugin files. Plugins from the WordPress repository are not moderated and therefore you need to trust which ones to use to ensure the security of your website.

We have recently found a number of sites under attack from spammers who were exploiting the contact form 7 plugin. From our investigations we could easily see the version of the plugin in use, as it inserts it as a hidden form field, which means it’s easy for any spammer to determine whether the plugin is up to date and if it can be exploited. One such exploit resulted in 40,000 emails being sent via our server and over 9000 bounced emails received back which eventually crashed the server.

Whilst we can appreciate that scripts and plugins are required to help a website’s functionality, and exploit attempts will always be made and can happen on up to date versions of these scripts, if there are steps to reduce the likelihood of this happening, such as upgrading a plugin or looking into a more secure method, then we request that you do so. This is not a recommendation, this is a requirement.

As per our Hosting Terms & Conditions:

4a. Clients are solely responsible for ensuring that all scripts installed by them (including any available within your account control panel) are patched and kept up to date.

WordPress 3.2 Released

WordPress.org have announced the release of WordPress 3.2. Whilst this is not a security upgrade, it will fix a number of bugs and bring a quicker platform with it along with a fresh and less cluttered admin interface. We’ve been using the beta version of WordPress 3.2 for a few weeks now and can definitely say it’s an improvement.

As with all WordPress upgrades, we strongly recommend that you upgrade your site as soon as possible.

If you are unsure how to upgrade your site, you wish to take out a yearly WordPress maintenance package with us to manage the upgrades or you are having problems upgrading, please feel free to contact us.

Ongoing WordPress Updates

There have been a number of WordPress updates since our last update notice (nb. it’s not our intention to announce every release) notably including version 3.1 which was a major/milestone release. Each of these releases have included security, and bug, fixes, and so it has been essential for users to keep up-to-date. Today’s release of version 3.1.2 is no different with it containing fixes for a handful of bugs along with fixing a vulnerability that allows greater control to lower level users than they should have.

As with all other releases users hosting their WordPress sites on our server should update as soon as possible, as advised by our operating terms.

WordPress 3.0.4 – Critical Security Update

On December 29 Automatic issued a critical update to WordPress that fixes a core security bug. This fix is rated by the software publishers as critical with an advisory for all users to update to this version as soon as possible.

As per our terms and conditions, DSA Media require all WordPress installations hosted on our servers to be updated to this version, and to reflect the critical status of the update this must be done within 7 days of the release (updates should be completed by midnight 05 January, 2011 without exception).