Updated 16th April 2010

Accounts with login at; http://cp.domainsrush.org

Dedicated connectivity issues - Free BSD and ubuntu

Created: 16 April 2010, 09:26
Last Updated: 16 April 2010, 11:31

Updates to the systems are underway and working well. We are progressing through the systems currently.

Our engineers have isolated the issue affecting the dedicated servers and are now rolling out patches which will bring affected users back online over the course of the day. Once this process is complete we will update this page again.

We are aware of connectivity issues with our dedicated servers running the FreeBSD and Ubuntu6 operating systems. Our engineers are currently working towards a resolution and we will post updates on this page as they come in. Thank you for your patience and we hope to have this resolved as quickly as possible.

We are always working to make our systems as secure as we can and we do a lot of work on this but some parts of the systems security can be affected by users for example password security. We've seen over the past few months a rise in users having FTP passwords stolen/guessed which can lead to sites being attacked. We have decided to impose a forced FTP password update so everyone has to change their FTP/account passwords to new ones so we can make sure they are all secure.

The way this will work is we are now changing all FTP passwords on all accounts to random passwords, users then need to login to their control panels where they will be prompted to change the account password. You should choose a password which is 8 characters in length with at least one number and you should not base them on common words or names as these can be guessed easily. Users won't be able to login to FTP until they update the account password but as soon as this has been updated you will have full FTP access again within 1 minute.

Users also need to look at the security of any computers they use to login to the control panel or for FTP as hackers are using Trojan/key loggers to steal users login's. All users need to make sure they run an up to date virus scanner that can look for root kits/Trojans/Key loggers, ones we recommend are:

http://www.bitdefender.co.uk
http://www.kaspersky.co.uk

You also need to be careful who you give login details to for example web designers, making sure that they have a secure system before allowing them to use FTP.

We understand that this is not convenient and we apologise for the short notice of this password change but we have seen sharp rise in users reporting ftp details being stolen. You may have seen stories in the news about Hotmail and how hackers are using Trojan/key loggers on user computers to steal login information so we feel it is important to take this action to keep everyone secure.

If any customers have any queries please let us know and sorry for any inconvenience caused.

You may have noticed that we no longer allow catch-all redirects to be set up on our control panel. Forwarding E-mail through a redirect also forwards Spam, which causes problems with catch-all redirects as they can be regularly flooded. This causes reputation issues with other hosts and can affect the sending of legitimate E-mail messages.

We plan to stop offering this feature on Friday 31st July 2009 on the Fusion (FTP3) server, and will be phasing it out at a later date on our other servers. We recommend you remove your catch-all redirect addresses and set up redirects for only the aliases you need (For example: sales@, info@ e.t.c). Please note that this does not affect catch-all mailboxes, which will continue to operate as usual.

Sorry for the inconvenience.

________________

PHP. We have switched off the PHP setting "register_globals" as this now represents a security weakness.

All Accounts

This update is to make you aware of a security issue that we have found
some of our users are experiencing recently.

We have found that many users use the same password for accounts and
databases. If there is an out of date script or program on the account, a
hacker can potentially gain access to the database password stored in the
scripts configuration files.

Recently we have found that if a database password is found, the hacker then
tries to login via FTP to the account. If successful, they gain complete
access to that account.

If you run scripts or programs such as phpBB2 or OSCommerce, please ensure
they are always up to date. New security vulnerabilities come out regularly
and they must be patched to ensure the integrity of your account.

If you no longer are using a script, please remove it from your account to
prevent it from being abused.

Lastly, if your database password is the same as your account password,
please change this ASAP. You can change your account password on the
"Account Details" page on your control panel. Database passwords can be
changed in the MySQL Manager on the "Web Tools" page.

All Accounts

*****KEEPING SOFTWARE UP TO DATE*****

A point we would like to bring to users attention is keeping
software up to date. For example form mail scripts, forums and content
management systems with the last version of the code available. This is
important as old code can contain vulnerabilities that allow hackers to
abuse your web sites and possibly attack us. You do not have to worry
about server side software like PHP, MySQL and Apache as we will keep
this up to date for you.

This is regarding the popular OSCommerce shopping cart and
PHPBB2 forum software that you may use. There are some vulnerabilities
for these software packages that require URGENT attention. If you use
any of these packages please read this. If any of your users or
developers use these software packages, please forward this E-mail on to
them.

OSCOMMERCE
----------
There is a vulnerability in OSCommerce that allows spammers to send out
multiple E-mails using contact_us.php. There are two options to resolve
this problem:

1. If you do not use the contact us feature in OSCommerce, simply delete
the contact_us.php file. This can be found in the root of your
OSCommerce installation.

2. Follow the instructions from the link below to update a PHP file. We
recommend you back up the original file before you attempt to modify it:

http://www.bpweb.net/oscommerce-fix.htm

If you are unsure about how to do this, please contact us and we will be
happy help.

PHPBB2
------
There have been several vulnerabilities recently that can result in an
attacker taking over or corrupting your forum.

Please upgrade all of your PHPBB installations to the latest version by
downloading the upgrade file from the link below. Once downloaded, unzip
it, upload the files to your PHPBB2 installation and follow the upgrade
instructions in the install directory.

Download for upgrading PHPBB2 is the "Changed Files Only" file and NOT the "Patch File Only" file.

1. Download this file from http://www.phpbb.com/downloads.php and unzip
it
2. Make a backup of your current PHPBB2 installation
3. Follow the upgrade instructions in the docs/INSTALL.html directory

If you have any queries or problems, please don't hesitate to contact
us.

If you have any questions or queries about this change, please don't
hesitate to contact us.


Domainsrush