Click Here to Register Your Domain!

.ORG domains are perfect for non-profit groups and organizations, churches, non-profit sites providing help and information, charities, and religious/spiritual sites.

OCS Solutions gives back to our community and those in need.  We are happy to assist charities and non-profit organizations with their technical and Internet needs at discount, or in some cases, as time is available, for free.  If you want more information, please contact us.

Any outages you encounter should be brief and after the 11 PM mark, so please bear with us.  We appreciate your understanding and patience and apologize for any inconvenience this may cause.

The OCS Website Protection Scanner performs an initial scan on your site and checks for vulnerabilities and security issues.  Once our scan is done (typically within 24 hours), we present you with a full report highlighting any issues that need attention with specific help on fixing them.  If you need assistance with any particular issue, our security support team is available via phone or e-mail to give you the advice you need to fix it.

You might expect a service like this to be expensive, but the OCS Website Protection Scanner service is only $4.99 per month.

To learn more or to get started securing your site today, please contact us or visit our Website Protection Scanner page.

The entire OCS staff was uninjured and we only sustained minor damage.  Our thoughts go out to the families that weren’t so lucky.

Our offices were without power and Internet services for all of yesterday and most of today, but things are starting to come back up.  Phone service is still very limited so the best way to reach us now is to open a ticket if you need assistance.

None of our datacenter locations were affected by the storms and continued with Internet connection and power without interruption.

If you have any questions about these vulnerabilities please contact us.

CVE-2011-0446 – Potential XSS Problem with mail_to :encode => :javascript

This vulnerably can allow an attacker to circumvent the Cross-Site Request Forgery mechanism inside Ruby on Rails.

This issue is likely to affect many 2.3.x and 3.x users, and thus we recommend applying the patch found at the above link.  There are no workarounds known at this time.

CVE-2011-0449 - Filter Problems on Case-Insensitive Filesystems

This vulnerability can allow attackers to circumvent filters in your application.  This can be a potentially devastating impact, but it only applies to Rails applications using Ruby on Rails 3.x (2.x or 1.x series aren’t affected) on file systems that are case-insensitive.

This means that all Rails applications hosted by OCS Solutions are presumed safe from this issue, because we use Linux and ext3/ext4 based filesystems which are case sensitive.

If you run your Rails application in production on a Windows server (thought I wouldn’t advise that anyway), you are advised to click the link above and apply the patch.

CVE-2011-0448 - Potential SQL Injection in Rails 3.0.x

This vulnerability allows an attacker to potentially perform an SQL injection on a Rails 3 application.  This can be serious, and users of Rails 3.x are advised to upgrade to Rails 3.0.4 immediately.  We’ll be installing Rails 3.0.4 on all of our servers over the next 2-3 days but you may use 3.0.4 immediately by freezing Rails 3.0.4 to your application and redeploying.

Note that Rails 1.x and 2.x users are unaffected by this issue.

A workaround is available as well at the above link, but given the ease of upgrade from 3.x to 3.0.4 an upgrade to 3.0.4 is recommended.

CVE-2011-0447 – CSRF Protection Bypass in Ruby on Rails

This issue allows the Cross-Site Request Forgery protection included in Ruby on Rails 2.1.x and above (including the 3.x series) to be circumvented in certain cases.

A patch has been included in the above link and all users with Rails applications using versions 2.1.x and above are encouraged to either use it or upgrade to 2.3.11 (if you’re using the 2.x series) or 3.0.4 (if you’re using the 3.x series).  We’ll be installing these versions on our servers over the next 2-3 days but you may use these new versions immediately by freezing 2.3.11 or 3.0.4 to your application and redeploying.

It’s often said that the shoemaker’s children have no shoes, and this holds true in our business as well.  We’ve been so busy expanding our services and servicing our customers that our blog has fallen into a sad state of neglect.

We’ve been hearing from you more and more that you want more information, news, and helpful tips and tricks from us, so we’re here to deliver!

Every day someone from the OCS staff will be posting a helpful tip, some important news, or a notice about a new feature.  Be sure to add us to your favorites and check back often!

Please feel free to leave a comment about any of our posts and participate in the discussion!

Our initial demand for Django was very low, and since we have a strong focus in hosting Ruby on Rails and PHP, our Python/Django support was limited.  However, we have recently developed a deployment procedure for Django applications and have documented it in our wiki article titled Deploying a Django Site.

As an added benefit, we also now support the WSGI module for Apache, allowing the hosting of non-Django applications, such as Zope, CherryPy, and TurboGears, to name a few.  Our documentation only covers Django currently, but we look forward to adding more documentation on other Python-oriented frameworks soon.  In  the meantime, we’ll be glad to help with any issues you have deploying non-Django Python framework-based applications.

You can find the new bandwidth limits on our shared hosting page.

We are applying these changes to all servers, but some servers will be upgraded before others. We intend to have all upgrades complete by November 1st, 2009.  If you find your account hasn’t been upgraded yet and its after November 1st, 2009, please open a ticket and we’ll be glad to perform the upgrade.

PassengerAppRoot /home/user/rails_apps/yourapp

Replace “user” with your username and “rails_apps/yourapp”  with the path to your Rails application. 

On the servers we have deployed the upgrade to we have added this to any existing .htaccess file or created a new one with that line in it.  However, if you use Subversion or Git repository, you’ll need to add this change to it so that the next time you do an update this change will be preserved. 

You have not made this change already, please do so as soon as you can.  This will ensure upgrades on the rest of our shared hosting cluster will go smoothly.

On the off chance that your Rails application isn’t functioning correctly, make sure the above line is in your .htaccess file in the public folder of your Rails application.

Many have asked our policy on RAM usage and how we enforce the limits.  All of the RAM limits on shared hosting are soft, with a high hard limit to prevent a runaway process with a memory leak to cause problems for other accounts.  If your Rails application goes over your limit by 5 or 10% we do not typically mind.  Since we don’t oversell, the limits are there to help keep resources free for all users on shared hosting plans.  If you start to use too much RAM over the buffer zone we allow for all accounts, we will notify you with options on how to proceed.

These new limits will take effect both on new and existing accounts.