securephp phpsecureinfoI know: "Brian sounds like a broken record here, doesn't he?  Blah blah security blah blah updates. Either he's paranoid, or he's vigilant."

OK, I'm not going to say I overly vigilant. But I am cautious when it comes to web server security. And even with my monitoring of installed scripts on the servers (automated and manual), some slip past.

And, when I don't find the exploit, the hackers/spammers will. Like last week.

Somehow one website missed my usual checking for old scripts, and as hack-bots will do, it was eventually found by a bot searching for known old exploits. Once found, the bot didn't delay in quickly using the hole to upload a mailing script, and then proceed to send spam to a mailing list of over 35,000 addresses.

Any spam is bad spam, and coming from our servers risks getting all the websites on the servers blocked by spam filters. So it is vital to prevent any abuse of a mail server.  In this case, though I had missed the old exploit, active monitoring saw the spike in outgoing email traffic, and the flow was halted before the full list of spam got out.

The website account was temporarily suspended while the software was checked for other potential exploits.

This review of the one website led to a full review of all sites on all the servers, and though no known exploited scripts are detected, there are some older installations of software no longer supported by the developers.

End of Support for old Scripts

Unfortunately, internet technology is moving at a very fast pace, and what was new 5 years ago is, many times, no longer viable. Forums, CMS's, Shops, any site that uses any type of programming are all subject to the short life-cycle of the web.

As such, all websites on the Seven Sages servers will be reviewed, and where necessary, upgraded to the latest versions of the software. Some of these updates may be quick and easy, but for those that require special handling (extra extensions, custom coding), there will be some charges for these upgrades.

As most sites on the servers are managed directly by Seven Sages (website management), this is not likely to affect many. Many of the sites have no idea what their sites are coded in, which is ok because that responsibility is ours.  But there are also sites not managed by us, and the owners still have no idea what their sites are coded in... and THAT is bad.

If anyone notices any issues with any our your websites, please contact Seven Sages immediately. Though each site will be reviewed to make sure it works after an upgrade, it is very easy to miss something.

Nothing is more expensive than trying to save a buck.