Maplegrove Hosting has officially migrated all production services from PHP 7.4 to PHP 8.0! PHP 7.4 security support will end on 11/28/2022 and is no longer maintained for new feature updates.
PHP8 introduces major language changes and performance enhancements and is the recommended versions to comply with WordPress support requirements (https://wordpress.org/about/requirements/)
Maplegrove Hosting has officially migrated all production services from PHP 7.1 to PHP 7.3 and MySQL 5.5 to 5.7. PHP 7.1 end of life occurred on 12/1/19 and MySQL 5.5 on 12/31/18. Both new release branches feature performance, feature, and reliability enhancements and are the recommended versions to comply with WordPress support requirements (https://wordpress.org/about/requirements/)
Maplegrove has officially migrated all production services from PHP 5.6 to PHP 7.1.
PHP 7 brings a variety of performance improvements into the runtime environment and increases application responsiveness. We will continue to monitor and look for any breaking changes from PHP 5.6 to PHP 7.1 If your application is encountering an unknown issue error, please let us know as soon as possible so that we can address it!
Maplegrove Hosting is now offering FREE SSL through the Let's Encrypt project at letsencrypt.org - This is a project managed in conjunction with the Electronic Frontier Foundation to provide fully validated SSL certificates for web hosts. Given Google will now rank your content higher when SSL is enabled, it's a great time to have this be a standard part of your website.
For more information, visit:
If you would like to enable SSL on your sites, please feel free to open a ticket with us!
Dear Maplegrove Customers,
On 11/25 our networks observed unusual mail traffic being relayed through our systems. Upon further investigation we discovered spam was being relayed through our outbound gateway as a result of a compromised customer WordPress instance. This report summarizes the incident and the security steps we have taken to resolve this issue. If you are hosting a WordPress website with us please consider reading through this advisory in detail. We will also send separate guidance directly to customer(s) impacted in our shared-managed hosted environment. If you do not receive follow-up communication directly, you are not impacted by this advisory. You may wish to read specific sections based on the relevance/interest you may have regarding this alert (SUMMARY, IMPACT, RESOLUTION).
After a review of our mail logs we quickly determined the offending website instance. No active malware or anti-virus signatures in our database were able to detect the malware, but we identified the custom files that had been placed onto this customer’s hosting environment. We “reverse-engineered” and studied the malware further to re-create the capabilities employed by the unauthorized access. Our analysis led us to discover that a custom shellcode had been loaded to try and obtain system privileges. We identified the point of entry as being a vulnerable WordPress plugin, “Google Analytics Counter Tracker,” which allowed for custom PHP code to be injected directly into the customer website. This vulnerability was discovered and made accessible on 11/15/2016.
No customer email services or dedicated hosting environments were impacted by this infection as these services are isolated. We identified that the loaded shellcode was likely automatically installed, which we assess based on the infection date and vulnerability disclosure date being the same. We also observed in our web logs regular interval traffic, suggesting that the infection was launched and executed automatically. The offending IP address is: 22.214.171.124. This host continues to try and make contact after the infection was removed, suggesting an automated botnet coordinating email spam delivery. Our network is dropping all packets from the originating source.
We do assess, however, that had this shellcode been employed and used by an individual manually managing the compromise, the potential to break out of the managed web host containers and read other database configuration files was possible, as an unprivileged, non-administrative entity. Although the evidence suggests this was automated, we cannot rule out that these configuration files or other web-based files could have been read for individual web applications in the same environment. No forensic evidence or review suggests that this happened, but we have taken the following steps to ensure adequate resolution and security posture.
Maplegrove has taken the following steps to remediate the issue and improve security posture:
The webserver(s) responsible for our managed hosting/podcast community package have been modified to prohibit certain PHP functions from being executed, to prevent future compromises from being able to utilize techniques to escape the customer’s individual website host. This protects our containerization strategy and ensures the compromise of an individual customer website will not impact other customer containers nearby.
All WordPress / community sites that we are authorized to automatically manage for our customers have been patched and updated to the latest release. Plugins have been updated and reviewed to ensure similar vulnerabilities to the one reported are not present in other customer installations.
All database application servers will have passwords rotated. Our database hosting environment is not accessible from the internet, but we have taken this as an extra precautionary step.
Queued emails with illegitimate mail were expunged and updated. We have ensured IP rating and reputation are at full functionality and that mail is delivering to commercial ISPs as expected.
Our edge network is blocking all future packets from the offending source of this attack, and monitoring alerts are being configured to directly alert on new sources that may impact customers in the future.
Maplegrove takes seriously the security and integrity of our systems and resources. Should you have any questions about this advisory or any potential impacts, please reach out to us directly or open a support ticket with us.