Web News and Internet Information
The Quality Assurance team of cPanel discovered a bug within the SpamAssassin ruleset that will mark messages sent in the year 2010 (that’s today) and beyond with a higher spam score than expected. This bug can result in legitimate mail being flagged as spam.
Read more…
Email, Operating Systems, Plugins, Scripting & Coding, Software, Spam, Spam Protection, cPanel
In recent weeks there has been an increasing number of attackers exploiting a vulnerability with insecure osCommerce installations, which allows admin access without a password usually resulting in spam mail-outs to your users.
As always, it is highly important to stay on top of security updates with all scripts, such as shopping carts and also to be proactive and ensure that you are taking adequate measures to secure your installation.
There are several useful threads discussing recent vulnerabilities for the different release versions of osCommerce on the osCommerce community forums including the following topic with updated reference information for securing your osCommerce installation:
How to Secure your osCommerce Site – http://forums.oscommerce.com/index.php?showtopic=313323
Your WordPress database contains every post, every comment and every link you have on your blog. If your database gets erased or corrupted, you stand to lose everything you have written. There are many reasons why this could happen and not all are things you can control. But what you can do is back up your data. After all, it is important. Right?
Below are instructions to back up your WordPress Site and your WordPress Database. In addition, support is provided online at the WordPress Support Forum to help you through the process.
Making backups is essential because problems inevitably occur and you need to be in a position to take action when disaster strikes. Spending a few minutes to make an easy, convenient backup of your database will allow you to spend even more time being creative and productive with your website.
Matt Cutts Talks Communication Strategy
One thing that Google is pretty good at is providing resources for webmasters to learn from. The regular videos from Matt Cutts in which he answers user-submitted questions are no different. It just happens to be this very topic that is addressed in the latest YouTube upload.
Read more…
Feeds, Google, HTML, News, Scripting & Coding, Search, Web Hosting News
The Joomla Project has announced the release of Joomla 1.5.14, which contains fixes for two material bugs that were introduced in version 1.5.13 and one low level security issue. Instead of waiting for the normal 6 to 8-week release cycle, this release has been made available to users now and we recommend all users of Joomla to upgrade.
You can find the latest release or appropriate upgrade package by following the link below.
http://www.joomla.org/announcements/release-news/5244-joomla-1514-released.html
CMS, Joomla, PHP Applications, Scripting & Coding, Security, Web Development
As its custom-built file system strains under the weight of an online empire it was never designed to support, Google is brewing a replacement.
Apparently, this overhaul of the Google File System is already under test as part of the “Caffeine” infrastructure the company announced earlier this week.
In an interview with the Association for Computer Machinery (ACM), Google’s Sean Quinlan says that nearly a decade after its arrival, the original Google File System (GFS) has done things he never thought it would do.
Please find attached the new important Fantastico software security updates for your cPanel Hosting account
Please always keep your scripts save and secure and up-to-date to the newest version to prevent server and system compromise, which would not just affect you , but lots of other clients!
Best Regards and thanks you for your cooperation.
AUSWEB Hosting , Domains and Dedicated Servers
http://online.ausweb.com.au/clients/
http://tutorials.ausweb.com.au/
http://ausweb.com.au
CMS, Joomla, News, PHP Applications, Scripting & Coding, Web Development, Web Hosting News, Wordpress, cPanel, drupal
With this great little tool, now you can monitor your Linux based server easily on the go, right from your iPhone.
Bjango software’s iStat application provides a tool to monitor both your local iPhone performance stats, including the ability to free memory, as well as monitor your remote servers(Mac or Linux based) vital statistics. You can easily see memory usage, disk space, uptime & load averages and can also use the utility to ping servers and perform trace routes.
Plugins, Science & Tech, Scripting & Coding, Software, cPanel, iPhone
Updates for Drupal versions 6.13 and 5.19 have been released this week with a host of maintenance fixes as well as some critical security vulnerabilities which have been fixed.
As always, upgrading and keeping your installations up to date is highly recommended. As always follow the Drupal upgrading procedures with a current and tested backup of your site.
CMS, PHP Applications, Scripting & Coding, Security, Web Development, drupal
Here at AUSWEB we have a huge number of users running WordPress websites from personal blogs, to business oriented websites and even us here on the AUSWEB Blog!
Thanks to the huge community of WordPress users there exists a huge pool of custom scripting, plugin and theme/design resources out there for you to add various features to your blog. Often overlooked however are some of the more recent in-built features for WordPress such as shortcodes which allow you to easily call php functions within your posts, thus saving time by speeding up repeated tasks.
Blogging, CMS, Scripting & Coding, Web Development, Wordpress
The 404 Not Found error page is probably the most common error most web users will come across. Most designers and webmasters however, often choose to leave the default settings for these error pages, resulting in the generic unimaginative 404 Not Found error text we’ve all seen many times.
These basic error pages are automatically served up by the web server. However, if you prefer you can create and edit custom error pages from your cPanel. Once logged in you will see the option for “Error Pages”, which will let you easily manage and edit all your available error pages.
There are many roads to take, from the stylistic approach, matching the aesthetics of your site’s design, the informative, with custom search or suggestion options for where the visitor should be looking or even taking the humorous route with custom images, it’s all up to your imagination. The folks over at CSS-Tricks have compiled a handy guide with several ideas and tips for adding a little extra flair on your site, head on over to their 404 Best Practices post for some ideas!
More helpful tips for all you web designers and developers out there. Google has recently introduced a tool called Page Speed which tests a web page based on a set of rules and best coding practices for fast-loading websites. It then gives you advice on what you can improve to make your website faster. It works as an add-on to Firefox and needs the Firebug extension (mentioned in our last post) to work.
Google’s new service is uncannily similar to Yahoo’s YSlow tool, another add-on for Firefox (with Firebug) which tests web page code based on fast-loading criteria and gives suggestions accordingly. Funnily enough Steve Souders the guy who created the first version of YSlow, now works for Google, although his involvement on the project if any is unknown. Of course more options are always a good thing and both services might offer valuable advice for improving the speed of your website.
For both the budding and seasoned web designers out there, here is a list of 20 useful tools that will make your life as a coder/designer a little easier and hopefully give your website that winning touch over the competition.
From in-browser CSS/HTML coding plugins such as FireBug for Firefox, to sites like IconFinder that will help you find exactly the right icon graphic for your needs, or the excellent FontBurner for embedding custom fonts in your site, there is bound to be something useful for everyone!
One of the most common descriptive notes people have to write using text when they post links or images to blogs, comments or anywhere in HTML is to say “this link is not safe for work” or simply “NSFW”. By adding the <NSFW> tag, this could be made much simpler and standardized. Browsers could then have an option to automatically hide all <NSFW> content. A tag is preferred to an attribute since it could then also be used around content and not just links.
Examples:
<nsfw><a href=”http://www.example.com”>Pics here!</a></nsfw>
<nsfw><img src=”badkitten.jpg”></nsfw>
The use of tags (rather than CSS and JavaScript) to hide or show content is an intriguing and controversial aspect of HTML 5. It’s intriguing because using a standard tag—instead of writing custom CSS and JavaScript that someone else may someday have to maintain—potentially simplifies web development and maintenance, bringing advanced techniques of content presentation to more sites for less money. It’s controversial because it sticks presentation and behavior back in markup, after we all just spent a decade separating site structure and semantics from behavior and presentation.
Taken from: zeldman.com
Cacti is an awesome tool for monitoring your network and keeping an eye on your current network status. You can quickly and easily add switch ports and browse your network via a very simple, easy to use web based GUI. However, Cacti uses SNMP and a number of other available methods to determine your network flow.Therefore, in the situation where you have VPS containers, Cacti itself can only monitor traffic by default on switch port where the hardware node is connected.
Here is a quick rundown on how to monitor network traffic by IP rather than monitoring network devices.
Pingdom have performed a survey of the top 10,000 websites on the Internet to find out not just how many of them are using Google Analytics, but also the division between the legacy urchin.js script and the new ga.js script.
Pingdom found out two very interesting things:
That second point is very important. Google switched its development over to ga.js well over a year ago. It’s truly remarkable that almost half of the sites using Google Analytics have yet to migrate to the new ga.js script.
Facebook has been targeted by malicious hackers seeking to steal valuable data from members.
The social network site has been hit by five separate security problems in the last seven days, say security experts.
By creating fake messages padded with details of Facebook members the thieves are capitalising on the trust and social links that drive the network.
Security firms warn that the popularity of social networking sites makes them a tempting target for hi-tech thieves. Read more…
News, PHP Applications, Rambles, Scripting & Coding, Security, Software
WordPress is by far the most popular blogging system known to man. It provides a great back-end with great flexibility and customization without having a complex management console to navigate. It powers this blog right here. Here is a number of plugins which you should take a look at, When installing or running a WordPress website.
Keeping your blog secure is extremely important these days. So much so that new installs of WordPress ask the user to create four security keys. These keys help ensure that the cookies placed in your browser when logged in are not easily de-coded by would be hacker sites.
Some pre-existing installs of WordPress may only have one or two security keys while others may have none.
“Beginning with Version 2.6, three (3) security keys, AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY, were added to insure better encryption of information stored in the user’s cookies. Beginning with Version 2.7 a fourth key, NONCE_KEY, was added to this group.
You don’t have to remember the keys, just make them long and complicated or better yet, use the online generator. ”
If you have been using Wordpress for a while, you may not have these keys in place and this could cause security issues. It’s a simple fix though.
Wordpress has a tool to randomly generate the four keys. You can get yours at: http://api.wordpress.org/secret-key/1.1/
Once you have them, open up your wp-config.php file and past them in. If you have one or two security keys already you can either replace them or just add in the new ones.
Save the file, re-upload it and you’re done.
You’ll probably have to re-login to your blog, but the security keys will now be in place and can help give you peace of mind.
ModSecurity is a web application firewall module designed for use with Apache web servers. It provides an increased level of server security by protecting the server from vulnerabilities present in web application code. This increased security is achieved by detecting and preventing possible attack fronts before they reach the actual application. It is now estimated that over 70% of all attacks on web servers are carried out at web application level, hence the need for more secure web hosting environment.
AUSWEB deploys ModSecurity on all of our shared Linux hosting solutions to ensure we are able to provide the most secure shared hosting environment possible for our clients. Whilst it is not a guaranteed solution to protect against all web vulnerabilities, it reduces the attack surface of our hosting environments and therefore reduces the chances of a security breach.
From time to time, having ModSecurity installed will mean clients may experience ip blocks if code on a client website is deemed insecure. These blocks can also occur when using applications that are attempting to communicate with the server in an insecure manner, which can be caused by trojans/viruses on your pc or other software programs or their plugins.
AUSWEB Tutorials