WordPress 2.8.5 has been released. You can read the release notes for WordPress 2.8.5 below:

WordPress 2.8.5: Hardening Release

I was waiting for Fantastico to release an update with WordPress 2.8.5 before posting this. They have since done so. If you installed WordPress with Fantastico, you can also update it through the Fantastico link in your cPanel.

Steven

A new version of Joomla has been released, version 1.5.15.

All users of Joomla are encouraged to upgrade.

For more information see The Joomla Release statement below:

Joomla 1.5.15 Released

Please Note: Fantastico has not yet updated to Joomla 1.5.15. If you installed Joomla through Fantastico you will want to wait until Fantastico has published an update in their script library. Keep looking for this update in Fantastico by using the Fantastico link in your cPanel.

Update 11/09/09 Fantastico has released an update to Joomla 1.5.15.

Steven

AMS is proud to introduce a new feature for all of our cPanel accounts. Now you will be notified whenever someones logs into FTP on your account. You will be notified via e-mail at the contact address you have specified on your account. For information on updating your contact information, see our previous post on this topic.

Below we have addressed some frequently asked questions regarding this system.

Why did you start this system?

Lately we have been seeing a lot of accounts becoming compromised due to FTP hijacking. Some how, some way hackers learn your FTP login credentials. They then FTP into your account and upload malicious material or deface your website. Common ways that hackers attain this information is due to malware on an end-user’s computer or outdated scripts installed on a website. While this system will not prevent these hackings, it will serve to notify you when someone access your FTP account and can therefore notify you whenever there is unauthorized access to your FTP account.

How am I notified?

Notifications are sent to the e-mail address or addresses you have set up as contact addresses on your account. You should insure that this information stays up-to-date so that you can be aware of any unauthorized access. If you do not have a contact address set up or if your contact address is set to an e-mail address that you no longer check, then you will not be notified of FTP connections on your account.

The message that you will receive will look something like:

The Time, IP, and FTP User may differ.

I just received an FTP notification message, should I be worried?

That depends. Did you or someone you have authorized recently connected to your FTP account? If you recently logged into your account’s FTP then you should not be alarmed by this message. If you recently logged into FTP account, then this is a legitimate FTP login and can safely be ignored. Because the system cannot determine what is a legitimate FTP connection and what is not, a message is sent for all FTP logins (hackers and malicious users do not log in any differently than you do).

If you have given your FTP information out to someone else or if you have other FTP users on your account, then you will be notified when they log into FTP. Again you have to be the judge to determine whether or not that login is legitimate or not.

One key piece of information to look at is the IP address in the FTP notification:

IP: xx.xx.xx.xx (US/United States/-Hostname-)

This gives the IP address, the hostname that the IP address resolves to, and the country that is associated with that IP address. If the country is a foreign country and nobody from a foreign country should be accessing your account, then this might be cause for concern. The hostname can usually be used to identify the ISP associated with the connecting user, again this can be used to identify whether or not a connecting user is legitimate or not. This should not be used as the sole arbiter for determining legitimacy of a connection, but it can play a role.

How do I know if a login is legitimate or not?

Again, this depends. Have you given your FTP login credentials out to anyone? Is anyone else suppose to be making changes to your website? You, as the owner of the account, are the only person that can make that determination. If you have other individuals that are suppose to be accessing your account, you may want to contact them and see if they have recently accessed your account via FTP.

I am seeing a lot of FTP connections from my IP address, but I am not FTPing into my account.

Do you have any automated systems that automatically connect to your account? For example, do you have an automated system that automatically uploads webcam images to your account? Any type of automated system that logs into your FTP account will register as an FTP login. If this is the case for you, then you can safely ignore these messages.

Are Virtual FTP users also notified?

Yes, virtual FTP users are also included in this notification. Virtual FTP users are FTP usernames that are identified as someuser@yourdomain.com. If someone logs in with one of these FTP usernames, you will receive an FTP notification message.

I connect to my FTP account several times a day, won’t this fill up my Inbox?

The system is designed to only send a notice once an hour per FTP user per IP address. This means that if you first connect to your FTP account at 8:11, then you will receive an FTP login notification. If you login from the same computer (same IP address) as the same FTP user at 8:26, 8:37, and 8:43 you will not receive a notification for those logins. You won’t receive another FTP login notification until 9:11.

Keep in mind, the purpose of this system is to keep you informed so that you will know if any unauthorized FTP activity is taking place on your account. In order to perform this service, the system has to notify you of every unique FTP login. The system cannot know who is authorized and suppose to be accessing your FTP and who is not (no matter how smart they try to make computers).

The Time of the FTP connection appears to be off.

While it is possible that the e-mail notification could be delayed somewhere along is way to you, you may want to look at the time stamp on the FTP connection:

Time: Oct 27 13:02:12 CDT

The Time is stamped with the timezone of the server, in this example CDT (Central Daylight Time) is used. If you are living on London, GB then you are likely running on GMT time. CDT is 5 hours behind GMT, so while it is 13:02 CDT it would be 18:02 GMT. This may coordinate with your time system.

Can I filter these messages out so as to not clutter my Inbox?

While this isn’t recommended, this can be done. See our post concerning this matter.

As always, any questions or concerns can be raised by submitting a support ticket at:

http://www.amshelp.com

Steven

All users are encouraged to update their contact information in their control panel and keep it updated with valid information.

To update your contact information log into your control panel by going to:

http://www.yourdomain.com/cpanel

(Obviously, change yourdomain.com to your actual domain name).

Then click on the Update Contact Info link that is in the Preferences box. The icon will look like:

There you will find two fields that you can enter an e-mail address into. You do not have to have a secondary e-mail address for contact, it is just there in case you want to enter multiple addresses.

In the fields labeled:

Email address that you can be contacted at.
If you wish to provide a second email address to receive notifications, enter it here.

You can enter a valid e-mail address.

If you ever change your e-mail contact address then you need to update this information. Keeping your e-mail contact information up-to-date insures that you stay up-to-date with regards to your account.

Why keep this information updated?

Along with staying up-to-date with happenings on your account, keeping your contact information up-to-date can be important so that you are notified of potential issues on your account.

We have been testing an FTP login notification system that will use this information to keep you notified. We will have a separate post concerning this system. But the general idea around this system is that we have had a lot of accounts compromised lately due to FTP hacking, the FTP login notification system will keep you appraised of FTP logins on your account and will use this contact information to inform you.

As always, if you have questions concerning this you can discuss this with our support staff by submitting a support ticket at:

http://www.amshelp.com

Steven

We are seeing a lot of e-mails from users concerning the outdated Fantastico installed scripts that users have been receiving.

Users are receiving these notices because they at one time installed the stated script with Fantastico from within their control panel.

We are seeing a lot of e-mails from individuals who have upgraded their scripts manually and are wondering why they are still receiving these notices.

To explain this, you have to understand that Fantastico is a script library. It is an entity in itself. If you install a script with Fantastico, you are expected to keep the script updated through Fantastico. This is the only way that Fantastico can be made aware of what version of the script you have installed.

Fantastico keeps a database of what is installed, where it is installed, and what version is installed. When you use Fantastico to install a script, it adds this to its database.

WordPress was installed in /home/user/public_html/wordpress and is version 2.7.1

When you manually update one of these scripts, this internal database is not updated. If you update this WordPress install to version 2.8.4, but do it manually, then the Fantastico internal database still thinks you have version 2.7.1 installed.

When Fantastico runs its check and looks for outdated installs, it uses this internal database to determine the versions of the software installed. So even though you may have manually updated your script to the latest version, Fantastico is not going to know about this and is going to think that you still have an outdated script.

What can be done about this?

Contact support if this affects you. We can remove your script install from the Fantastico internal database so that you will not receive the notices any more. You won’t be able to update the script with Fantastico any more, but if you have already manually updated the script, it is likely that Fantastico will not be able to update your script, without messing something up. This is because of the version mismatch in its system.

PLEASE NOTE: It is highly recommended that if you install a script with Fantastico that you keep the script updated with Fantastico. This may mean that it takes a few days longer to get script updates applied to your script. If you are really into following the development of a script and wish to always have the latest version of the script installed we highly recommend that you manually install the script instead of using Fantastico for the initial install.

Steven