Yesterday one of our monitoring tools alerted us that AutoSec Tools reported a “local file inclusion” vulnerability in Vanilla 2.
We examined the report, and attempted to duplicate the vulnerability across a variety of systems. We were unable to verify that the exploit was, in fact, a functional exploit. As a result, we are not making any changes to the core of Vanilla since there is nothing to patch.
On Jan 27, 2010 at noon our servers began experiencing unexpected load. When we dug into the issue, we discovered that a remote attack was being performed against our service, causing a fault in one of the core modules on our primary server. We were forced to perform emergency maintenance that brought down our hosting service for a number of hours.
What Happened?
Our hosting service has been steadily growing for the last 12 months, and our infrastructure has been able to deal with this growth with ease. On Thursday when the attack occurred, the APC module that handles in-memory caching began eating up all free memory on the server causing it to be unresponsive to new requests. We were forced to immediately shut down our core web server to diagnose the problem.
Quick Fix
The quick fix for the problem was to increase the memory on that specific server so it could handle the extra load, and decrease usage of our APC module across all sites. The reason it took so long to get back online was purely due to the fact that resizing a server on our hosting provider took longer than expected.
Future-proofing
We are now in the process of updating our infrastructure so that this problem won’t happen again. In the coming weeks we will be implementing this change, and the downtime associated with these changes will be minimal. We will be notifying all hosting customers as the maintenance window for upgrades approaches.
We sincerely apologize for this unexpected downtime, and we appreciate your understanding as we work to prevent future attacks from causing similar problems.
When designing your Vanilla theme you’re going to need some sample, or dummy content. Something to theme! The dummy content file contains everything you will need to ensure your final design is complete.
Theme away!
We will be activating a security RSS Feed soon to help keep you updated on security issues.
Vanilla 2.0.14 has been released and contains some major upgrades, including support for Single Sign On from Facebook, Twitter, Google and OpenID! Check out the details on our forum.
We’ve just finished crossing all the t’s and dotting all the i’s in Vanilla 2.0.12, and it is now available for download. Check out the details on our forum.
Today Netfirms, a premier provider of web site hosting, announced in their newsletter that Vanilla Forums is now available in the AppsUniverse™ as a one-click install. Here is what they had to say:
Online forums are a great way to bring individuals together for open discussions, to ask questions and to build communities related to topics of interest. In fact, forums can be considered the most original form of social networking. With the rise of Facebook and Twitter, online forums are now becoming popular again as all businesses, large and small, look to develop communities around their product, brand, and business. In the spirit of making great technology accessible to all our clients, we added the best open-source forum application in the market, Vanialla Forums, to our Netfirms AppsUniverse™ as a 1-click install. Go to the Vanilla Forums page on your Control Panel to give it a spin!
Thank you Netfirms!
We often get requests for help with custom Vanilla installations, faster responses to support requests on our community forum, or straight-up answers about how the Vanilla code works.
I am very pleased to announce that we are now offering a variety of services, including: Installation & Setup, Support & Maintenance contracts, as well as Training & Consultation. Check out our services page for more information.
*Click to see larger
The administrative dashboard behind Vanilla just got a whole lot prettier and easier to use.
We’ve wanted to give the dashboard a makeover for quite some time and we’re really happy with the results.
What we’ve done
In keeping with our philosophy, simple, customizable, and versatile, we have not made any changes to the layout. We’ve added some colour, cleaned up the sidebar, and used some visual cues and icons to make things clearer. It’s the same Vanilla you’ve grown to love but prettier!
Try out your own forum at VanillaForums.com, or download the latest version of Vanilla to check it out.
Enjoy!
We are happy to announce the Vanilla Forums Partner Program!
As of right now you will earn a 20% revenue share on any client you bring to VanillaForums.com.
Full details of the Vanilla Forums Partner Program here.
We build fast, scalable, customizable community solutions.
Todd Burry Lead Developer, Co-Founder
Tim Gunter Developer & System Administrator
Lizzie McGlinchey Project Manager
Mark O'Sullivan CPO, Co-Founder, Sandwich Expert
Matt Lincoln Russell Developer
Luc Vezina CEO
