Ike.ninja

[+] Plesk 10.4 for Windows Migration Agent has been updated. Improved error reporting and several bug fixes were included to this release. You can download new version of Migration agent here. We strongly recommend you to update your local copy if any.

The following bugs have been fixed:
[-] Automatic key update fails for KAV if the additional key is installed as a part of PowerPack

Social network Bebo is still inaccessible after an apparent technical error took the site offline yesterday.

The following bugs have been fixed:
[-] Atmail upgrade failed on action ‘Inserting old Atmail database data…’
[-] Automatic key update fails if KAV additional key is installed, but KAV itself is not.
[-] Can not connect service nodes using CLI gate
[-] Cannot change FTP user’s password if “Setup of potentially insecure web scripting options” disabled on subscription

The following bugs have been fixed:
[-] Atmail upgrade failed on action ‘Inserting old Atmail database data…’
[-] Automatic key update fails if KAV additional key is installed, but KAV itself is not.
[-] Can not connect service nodes using CLI gate
[-] Cannot change FTP user’s password if “Setup of potentially insecure web scripting options” disabled on subscription

In order to know that you need to add an ID to a rule you will have already found the error in the logs. To white list the rule this requires the rule to have an ID. All of the […] ↓ Read the rest of this entry…

Whitelist A Rule in Mod Security   # Find Modsec Errors cat /usr/local/apache/logs/error_logs | grep -i modsec # Check the domain logs if you don’t see it in the apache logs cat /usr/local/apache/domlogs/$DOMAIN | grep -i modsec # Add this […] ↓ Read the rest of this entry…

• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 1.7.3 and all earlier versions
• Exploit type: XSS Vulnerability
• Reported Date: 2012-January-22
• Fixed Date: 2012-January-24

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by David Jardin

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
• Exploit type: XSS Vulnerability
• Reported Date: 2011-November-16
• Fixed Date: 2012-January-24

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 1.7.3 and all earlier versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by Ankita Kapadia

Contact

The JSST at the Joomla! Security Center.

New feature has been added:
[+] (Windows only) Support of PHP 5.3 has been added. More details in article http://kb.parallels.com/en/113179

The following bugs have been fixed:
[-] Cross-site scripting in health monitor
[-] Web presence Builder has session identifier without HttpOnly flag
[-] Synchronization of subscription with Service Plan doesn’t work if Service Plan has disabled webhosting
[-] (Linux only) Licence key update failures aren’t logged
[-] (Linux only) Receiving DrWeb license key doesn’t work
[-] (Windows only) Cannot create MSSQL database if MySQL databases limit is 0
[-] (Windows only) Health Monitor fails to create configuraion files on Turkish Windows

New feature has been added:
[+] (Windows only) Support of PHP 5.3 has been added. More details in article http://kb.parallels.com/en/113179
The following bugs have been fixed:
[-] Cross-site scripting in health monitor
[-] Web presence Builder has session identifier without HttpOnly flag
[-] Synchronization of subscription with Service Plan doesn’t work if Service Plan has disabled webhosting
[-] (Linux only) Licence key update failures aren’t logged
[-] (Linux only) Receiving DrWeb license key doesn’t work
[-] (Windows only) Cannot create MSSQL database if MySQL databases limit is 0
[-] (Windows only) Health Monitor fails to create configuraion files on Turkish Windows

AWstats was updated to version 7.0 for Parallels Plesk Panel 10.4.4 on RPM-based OSes:
– CentOS 5
– CentOS 6
– RedHat 5
– RedHat 6
– SuSE 11.3
– SuSE 11.4
– CloudLinux 5
– CloudLinux 6

[+] Added possibility to hide advertisement in Plesk Panel. More details in article How to hide promos in Parallels Plesk Panel?

The following bugs have been fixed:
[-] (Windows only) Backups fails on dumping tomcat for sites
[-] (Linux only) Cannot change php safe_mode status via panel if FastCGI mode is used
[-] Domain alias zone is synced with main domain, even if DNS zone sync is disabled
[-] Domain disk space statistics is not displayed if amount exceeds 2Gb on 32-bit systems
[-] (Windows only) Hosting settings cannot be changed if FrontPage is enabled on a domain
[-] Migration from FreeBSD fails because of ‘df’ illegal option
[-] Backup files rotation o FTP repository fails in some cases.
[-] Listing of files in backup FTP repository fails in some cases.
[-] (Windows only) There is able to override system user home path at creating new additional FTP account

The Plesk Service team is proud to announce that Parallels Plesk Panel 10.4.4 has been switched to the Stable mode.

To get Plesk 10.4.4 in Stable you have to install the Micro-Update #11 (or later) which delivers more than 60 fixes in total.

We are going to continue improving Plesk 10.4.4 until next major release is available.
Please continue helping us to identify bugs and drawbacks to make Plesk better.

Dear Hosting Providers, We believe the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) bills recently introduced by the U.S. Congress pose severe threats to the hosting industry as a whole and we ask that you take…