WooCommerce oops!

A critical vulnerability has been discovered in WooCommerce prior to version 5.5 (the current version). You can read about it here, but they don’t give much info on what might happen.  I dug into the code and I think that if someone exploited this on your store, they could have access to order, customer, and administrative information via a cleverly crafted search string.

CloudLinux - CloudLinux Blog - New vulnerability discovered - the fix for  CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

It is extremely important that if you have WooCommerce installed you upgrade to 5.5.1 as a matter of urgency.  Once these vulnerabilities become public, the baddies know about and start using them.Please don’t ignore this.  And while you are at it, check that WordPress is at version 5.7.2

If you subscribe to the 123Host WordPress Management service, I have already upgraded WooCommerce for you.

What is an IP address?

From: Mozilla, the makers of FireFox

Every time you are on the internet, IP addresses are playing an essential role in the information exchange to help you see the sites you are requesting. Yet, there is a chance you don’t know what one is, so we are breaking down the most commonly asked questions below.

What is an IP address?

Your IP address is a unique identifier, kind of like a mailing address, associated with your online activity. Any time that you use the internet (shopping online, sending emails, streaming TV), you’re requesting access to a specific online destination, and in return, information is sent back to you. How does that work? Well the IP stands for Internet Protocol, which lays out the standards and rules (yes, otherwise known as the protocol) for routing data and connecting to the internet. This protocol is a set of rules each party needs to follow to allow for a bi-directional flow of data.

Does it travel with you?

No. Your IP address is only associated with one location unless you are using a VPN (we will get more into that later). When you are at your home and connecting to the internet you pay for, you are using one. However, if you check your email at home in the morning, then scan the news at a local coffee shop while waiting for your coffee, and then work from an office, you will have used different IP addresses at each location.

Does your IP address change?

Yes. Even if you are only using the internet at home, the IP address for your home can change. You can contact your internet service provider (ISP) to change it, but even something as routine as restarting your modem or router because of internet connection problems could result in a change. You can find out your current IP address here.

Can more than one device have the same IP address?

This is a bit of a tricky question — the answer is both yes and no. More than one device can share the same external (public) IP address, but each device will have its own local (private) IP address. For example, your ISP (internet service provider) sets your home up with one external IP address. Since your router is what actually connects to the internet, the IP address is assigned to your router. Your router then assigns a local IP address to each device that is connected to the internet at a time. The external IP address is what is shared with the outside world. Your local IP address is not shared outside of your private home network.

Can we run out of them?

When the Internet was first designed it used ‘version 4’ addresses. These are 32 bits, which means that we could have up to 4.2bn addresses. This seemed like enough at the time, but is nowhere near enough in a world where the average U.S. household had 11 connected devices.

We now have version 6 IP addresses, which have 128 bits per address. Unfortunately, version 4 and version 6 can’t talk to each other directly, so people are going to need version 4 addresses for a long time.

Should you hide your IP address?

You don’t need to hide your IP address, but there are some times where you may want to. The most common reason is privacy. In the U.S., Congress overruled privacy regulations designed to protect the privacy of broadband users. Internet service providers can see your browsing habits, what you are using the internet for, and how long you spend on each page. This communication is not encrypted, so third-parties can see what website you’re visiting. One way to combat this is DNS-over-HTTPS (DoH). This encrypts your DNS (Domain Name System) traffic, making it harder for ISPs to see the websites you are trying to visit. For US Firefox users, by default your DoH queries are directed to trusted DNS servers, making it harder to associate you with the websites you try to visit.

There are also situational reasons to hide your IP address. You may want to hide it when traveling. A VPN will also give you more privacy when connecting to WiFi to stream and shop while you explore the world.

Reaching the limits

A few months ago I set a challenge to beat the 123host support ticket response time of 51.7% within 1 hour and 82.7% within 4 hours.

Thank you so much for getting back to me so quickly!! Legendary as always. Katherine M-S.

It isn’t like all stops have been pulled out to try to beat earlier metrics, but those stats keep tumbling.

Steve!! It worked!! Thank you!!! I really appreciate how patient you’ve been with me. Sally S.

January 2021 – almost 69% of customer support tickets answered within an hour! That’s unheard of!

Within 4 hours, 95.4% of the 83 support tickets opened during the month had been answered.

It is getting harder to get better, but we’ll keep trying.

My word, you are a superstar! Thank you dearly!!!!! Nelle G.

Because I forget

It isn’t important until I remember to post the support ticket stats.

This is November…

63% heard back from me in under an hour and 93% received their first reply in less than 4 hours.

Happy customers :o)

You. Are. The. Actual. Best. Nelle G.

Thanks Steve! You are too good 🙂 Emma D.

I just wanted to say…. you are an outstanding human being! Michael G.

Thank you! What an amazing job you’ve done, I’m so grateful! Missy R.

The great customer service continues

The 123host mantra is “to give the level of customer service we wish we received elsewhere” because, let’s face it, most internet customer service sucks. It takes days to get a response to your inquiries…if you do get a reply.

Not at 123host. Pretty happy with these stats for September 2020.

Over half of tickets received their first answer within 1 hour. An incredible 82% were answered within 4 hours and 93% were answered within 8 hours. During September the average first response was 2.2 hours.

And it is all done with Australian staff…

Wide open spaces

The server restart referred to in the last post was used as part of updating the amount of storage. Did I say updating? I meant doubling.

There is now twice as much disk space on the server giving us all room to grow. I am committed to not having the server get overcrowded, often an issue if you use a cheap hosting service.

To “celebrate” I have doubled the storage quota for each plan.

Basic hosting has bumped from 15Gb to 30Gb and Advanced Hosting is up from 50Gb to 100Gb.

Use the space wisely grasshopper.

Anxiety is over-rated

Running a server is a mix of learning, fun, puzzle solving and terror. A lot of people rely on 123host (or any hosting company for that matter) to keep everything working so their business can operate.

What users might not realise is how much house-keeping is involved in keeping a server running smoothly. One of the most important aspects is keeping the software up to date.

And the most crucial component of any operating system is the kernel

The Linux kernel is the main component of a Linux operating system and is the core interface between a computer’s hardware and its processes. It communicates between the 2, managing resources as efficiently as possible.

When the kernel is updated the server needs to be restarted to have the changes become effective. I had been holding off a reboot for a long time, but as part of the upgrade to disk storage a reboot became necessary.

I hate it.

The server is going to be offline for a period. In the past it hasn’t restarted cleanly. The world could end. What if…?

I had sent everyone an email warning it would happen Friday night. Due to circumstances in the data centre, it didn’t. I don’t like bombarding people with emails so I gritted my teeth and set 6:30PM Sunday to reboot, figuring it is likely a time when fewest customers are doing any work on their sites.

Expecting a 5 minute downtime I clicked “restart” and waited, shunning all attempts by my partner to talk to me…even the offer of chocolate was spurned (just kidding, I took the chocolate).

And then…in less than 2 minutes, the server was up and running again. TWO.MINUTES!

Needless anxiety indeed.


Another layer of security

I confess to now being security paranoid. I hope I don’t become obsessive…then again, it might not be a bad thing.

In order to share bits of code, passwords, whatever there is now a resource at https://paste.123host.com.au. Paste your bits in there, click “send” and you will be given a URL to share with the recipient.

NOTHING is seen or retained by the server (or me) unless I get the URL

If you check the “burn” box the data will only be viewable once.

123host – keeping the internet safe for kittens.

Sunday 16th Feb

All sites have been moved to the new server and a few minor hiccups ironed out. It all seems good. I am still monitoring for re-infection and there has been none so far. This is very good.

The migration was less stressful than I expected. Maybe it was just less so compared to the last couple of weeks.

I have had some people send me emails they don’t understand…this is good too. Keep it up.

Also let me know anything weird or not working via support.123host.com.au

Today I was surprised to find I was chilled enough to take up a freebie offer at Dreamworld where we went on all the rides.