PDA

View Full Version : New security updates



wildjokerdesign
04-14-2005, 05:45 PM
I like the new notice that was sent out via email about updateing your scripts to make sure they where secure. It mentioned phpBB and Awstats. It also said you could upgrade phpBB using Site Manager. I was wondering if it would help to also have the upgrade notice in the site Manager either on the Overview page, the actual area page or both. I did just check my Site Manager and it is a bit confuseing since the version listed for phpBB is 2.0.11. It would help to reflect the change in version number.

The email also mentioned that since we have free rain to install other scripts that it would be impossible for WH to know about those scripts and keep us updated. I was wondering if maybe we could get an area of the fourm devoted to Security where we as user could perhaps post when we know there is a new version of a script that has security updates that would not be one provided by WH. I know in the past I have tried to do this with phpBB in the php section but might be more usefull to have such post in one area. It may even flag WH about a script that many of us use that they could then perhaps include in one of there emails since I am pretty sure they included Awstats in the email based on the fact that many here have installed it.

Although it would take a bit more work on WH side they could prehaps add a tag like the Sticky and Anouncement feature that they could use if they knew it was a valid security issue. Something like [Confirmed]. That may get too involved but thought I would mention it.

Anyone else have ideas for keeping up security on a VPS account? Tips and Tricks? Maybe if the area was created in the forum those could also be post by folks. I know I sometimes have trouble sorting out what truely is a security risk and what is not. I try to keep up on the scripts that I use but it can be hard at times and there is often conflicting information.

jalal
04-15-2005, 02:32 AM
And next time WH put out a security warning, spell the subject line correctly... my first impression was that it was a spam email!

If you want to track security issues, you can sign up to one of the security mailing lists, for example:
http://www.securityfocus.com/newsletters

Ideally a WH server should have a package management system, such as RPM, to facilitate security updates, but I can see that that would be a lot of work for WH.

j103c
04-15-2005, 07:42 AM
And next time WH put out a security warning, spell the subject line correctly... my first impression was that it was a spam email!

Same here! Run that spell-check on those official e-mails.. :)

Secunia seems to be a good place for info as well. I signed up for their Secunia Advisories awhile back, and the info seems pretty comprehensive:

http://secunia.com/mailing_lists/

WestHost - TErnstrom
04-15-2005, 08:20 AM
Wildjokerdesign,

I thought that you would like to know that PhpBB 2.0.13 is now available in your reseller manager (as is the case for all WestHost Resellers). You are welcome to add it to any of your service packages/accounts and upgrade to the latest version of phpBB.
We do not force newer versions of Site Applications on to the clients of our Resellers. Standard WestHost clients should see the new application in their Site Manager, Resellers will need to add it via their Reseller Manager login.

Hope this information is helpful.

wildjokerdesign
04-16-2005, 10:19 AM
PhpBB is now up to version 2.0.14 (http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=281963) as of 4/15/05.