Insecure Nonce Generation in WPtouch

Posted by Nick in News on July 15, 2014

wordpress-logoIf you use the popular WPtouch plugin (5m+ downloads) on your WordPress site, you should update it immediately.

This was discovered yesterday, it’s a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server. Someone with bad intentions could upload PHP backdoors or other malicious malware and basically take over the site.

If you’re running WPtouch, then please update immediately!

This only applies to 3.x versions of WPtouch. Admin’s using 2.x and 1.x versions of the plugin will not be affected by this vulnerability.

Magento Go has gone

Posted by Nick Powell in Magento Hosting on July 3, 2014

Magento Go will close it’s doors on Feb. 1, 2015.

magento-goMagento, the e-commerce platform of eBay Inc.’s e-commerce division eBay Enterprise, will discontinue two of its products geared toward small and mid-sized e-retailers, Magento announced today. The Magento Go and ProStores platforms, which count as clients 10,000 merchants, will have the plug pulled on Feb. 1, 2015.

Magento will continue to offer the Enterprise and Community editions of its e-commerce platform, which are geared toward larger e-retailers. Craig Peasley, Magento’s senior director of marketing, says e-retailers that are growing fast and looking for more customization in the platform could consider either of those options. Help is at hand for existing Magento Go customers as Simple Servers will carry out migrations from Go to Community.

In an interview, Magento marketing head Craig Peasley said the company is making these cuts to focus on the two Magento e-commerce software products: Magento Enterprise and Community Edition offerings. Magento previously cut dozens of employees as it realigned its focus. Peasley said the company does not expect further layoffs related to the shutdown of the business.

http://go.magento.co.uk/

Dell Poweredge R220 review

Posted by Nick Powell in News on June 2, 2014

We have used the Dell R200, R210, R210 II so were looking forward to getting our hands on the R220.

Externally nothing much has changed, you get a slightly different status display and a grey bezel that matches the other next gen Dell Poweredge servers.

The R210II was based on the Ivy bridge architecture and the R220 is based on Haswell this is the codename for the Intel processor microarchitecture that is the successor to the Ivy Bridge microarchitecture.

Most Haswell products are branded as 4th Generation Intel® Core™ Processors for client systems, and Intel® Xeon® v3 Processors for server systems, in addition to some Pentium and Celeron-branded processors. Haswell is built on the 22-nm manufacturing process (lithography). Intel officially announced processors with this microarchitecture in 2013. Haswell delivers significant performance advancements over previous architectures, including improved graphics, battery life, and security.

The Intel® Xeon® processor E3-1200 v3 family featuring 33 percent more cache per core. This help improve response times with up to 32GB of memory in four DIMM slots and boost data-transfer speeds with latest-generation PCIe Gen3 I/O.

We also see a new raid controller, the PERC H310, this replaces the old PERC H210. The R220 is no enterprise player thanks to the lack of redundant power and hot swap drives but represents a good mix of cost vs performance.

Magento Community Edition 1.9 Released

Posted by Nick Powell in News on May 14, 2014

magento-home-badgeMagento have announced the latest release of Magento Community Edition 1.9 today.
This latest release, which is available for download as of now, includes major improvements and represents a great step forward. The big news is that the default theme in Magento has been replaced with a fully responsive theme, reducing the time and expense required to make a Magento site responsive.

Magento Community 1.9 also includes the PHP 5.4 patch to make sure that your Magento site will run well under PHP 5.4, and our initial testing shows that this patch also allows Magento to operate under PHP 5.5, which brings some nice performance gains. The Simple dev team will continue to test this and update their findings on our blog.

PayPal integration has been overhauled in Magento Community 1.9, with an eye on conversions optimisation by streamlining the PayPal Express Checkout process and adding support for Bill Me Later.

There are also a large number of security enhancements and fixes, including closing potential cross-site scripting (XSS) vulnerabilities, improving file system security and addressing a potential session fixation vulnerability during checkout.

This latest update to Magento Community means that after upgrading, your site will be more secure and should experience higher conversion rates thanks to the improvements to the payment options.
See the official Magento release

Samsung launches enterprise 3-bit SSD drives

Posted by Nick Powell in News on May 1, 2014

Samsung Electronics have said today that it has begun mass producing the industry’s first high-performance, three bit NAND-based SSD for servers and data centers. Installations of the 3-bit MLC (multi-level-cell) NAND SSDs, initially in large-scale data centers, are expected to begin in the next few months.

The new PM853T SSD, available in 240GB, 480GB and 960GB capacities, claims high levels of random IOPS, performance and quality of service. The new drive promises a sequential read speed of 530 megabytes per second, while writing sequentially at 420MB/s. It also will read data randomly at 90,000 IOPS and handle sustained random writes at 14,000 IOPS, through a SATA 6Gb/sec interface.

The big advantage of 3-bit MLC is a lower cost per bit. Samsung says the new drives deliver a 30 percent increase in manufacturing efficiency compared to SSDs that use 2-bit NAND flash components.

Samsung’s first 3-bit NAND-based 840 EVO SSD, introduced in 2012, has been successful in and powers many of our existing customers. We will be running a test install soon!

Heartbleed bug in OpenSSL made public

Posted by Nick Powell in News on April 8, 2014

*******

UPDATE  10th April 2014

We are aiming to have all managed and shared customers secured by the end of business today. We have seen issues with Litespeed needing a separate fix, this is now resolved

*******

Administrators should patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications.


The flaw, called “Heartbleed,” is contained in several versions of OpenSSL. Most websites use either SSL or TLS.


The flaw, which was introduced in December 2011, has been fixed in OpenSSL 1.0.1g, which was released on Monday.

The vulnerable versions of OpenSSL are 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8, according to a special website set up by researchers who found the problem.

If exploited, the flaw could allow attackers to monitor all information passed between a user and a Web service or even decrypt past traffic they’ve collected.

“This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users,” the researchers wrote.

The bug was discovered by three researchers from Codenomicon, a computer security company, and Neel Mehta, who works on security for Google.

Operating systems that may have a vulnerable version of OpenSSL include Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2, they wrote.

OpenSSL also underpins two of the most widely used Web servers, Apache and nginx. The code library is also used to protect email servers, chat servers, virtual private networks and other networking appliances, they wrote.

The problem, CVE-2014-0160, is a missing bounds check in the handling of the TLS heartbeat extension, which can then be used to view 64K of memory on a connected server, according to another advisory.

It allows attackers to obtain the private keys used to encrypt traffic. With those keys, it is also possible for attackers to decrypt traffic they’ve collected in the past.

Attacks using the flaw “leaves no traces of anything abnormal happening to the logs,” .

Also see http://heartbleed.com/

Simple Servers administrators are actively applying this patch on shared and managed servers as a priority.

New R1 Backup Server

Posted by Nick Powell in From The NOC on April 4, 2014

Our newest R1soft backup server went live this week, with an impressive 18TB drive array. This marks the latest step in our commitment to customers data. All backup servers are now running the 18TB raid ten arrays and we have seen a great improvement in disk IO and backup time. We added 2 SSD drives in raid 1 for the ultimate system IO, its our fastest backup server yet!

We now have a total of 90TB R1 Soft backup space available for customer use!

Backup is key to our customers and our 3 tier backup is second to none in the industry, with 2 Cpanel backups running nightly and R1soft (Idera) running nightly also.

We have had our fair share of issues with the R1 platform but a lot of the recent issues seem to have been ironed out in the latest release, our big investment in all new backup arrays has also helped.

Images of the latest build:

First new rack install of 2014

Posted by Nick Powell in From The NOC on February 24, 2014

After another record year for growth we have kicked off 2014 with another new rack install here at Simple! As always we have diverse power and network to this 1Gb rack.  This will be a home to dedicated and shared customers.

Magento Community Edition 1.8.1.0 Release

Posted by Nick in Magento Hosting on December 19, 2013

magento-home-badgeThe latest Magento 1.8.1 release includes many contributions from the Magento developer community and empowers merchants to operate their online stores more easily and efficiently by delivering significant tax calculation updates, functional improvements, and security enhancements, including:

Tax Calculation Updates

Building on tax improvements made in our most recent release, Magento Community Edition 1.8.1.0 provides more accurate and consistent Value Added Tax (VAT) and Fixed Product Tax (FPT) calculations for the Magento admin, invoices, and credit memos. It also improves tax calculations for cross-border transactions, bundled products, and multi-tax scenarios, as well as supports the Waste Electrical and Electronic Equipment recycling tax in the EU.

Functional Improvements

Magento Community Edition 1.8.1.0 includes important improvements across the shopping cart, checkout, content management system, and product import and export.

Security Enhancements

Magento Community Edition 1.8.1.0 delivers several important security enhancements, helping to further strengthen the platform against potential threats. These enhancements were identified through a rigorous process that included comprehensive internal testing, quarterly penetration testing by expert consultants, and engagement with the Magento developer community. Additionally, one improvement from Magento Community Edition 1.8.0.0 is now available for download for earlier Magento Community Edition releases.

How to Upgrade

You may be eager to start testing out Magento Community Edition 1.8.1.0. But, before you do, please take a few minutes to carefully review the upgrade instructions. We strongly recommend that you do not upgrade Magento Community Edition 1.8.1.0 in the same directory on the same server as your current deployment to avoid any post-upgrade errors. PLEASE DO NOT USE THE AUTO UPGRADE TOOL FROM YOUR APP POOL THIS MAY BREAK YOUR SITE

How to install

This latest version is already available in our app pool for easy installation.

Christmas comes early…

Posted by Nick in News on December 17, 2013

We had lots of new shiny boxes arrive this week from Mr Dell. Much to the horror of the Simple install team who were hoping for a rest over the festive period!

This is shaping up to be a very busy holiday period with server installs scheduled right into the 23rd December. We always see a big bandwidth spike in November-December but this year has been something else with several or our ports going over 100MBS this month, good job all of our ports are 1000mbs ;)

xmasboxes

Magento Hosting Back to Top

2014 © SimpleServers Ltd | Vat No. 974629277 | Company No. 06813119 Terms and Conditions

Cloud Computing: Compute, SAN, CDN
Google+