 |
Latest News - Feb 20, 2007 - New Site Online - New FAQ Section Online! - PHP 5.2 Upgrade notification (Read More) |
 |
Recent News:
Internet Services that simply work.
|
System updates; Maintenance; November 9th, 2007 | Network maintenance in iAdvantage (Hong Kong) |
|
Network maintenance is planned
in our Hong Kong data center
between 20:00 and 21:00 GMT on
Friday, 2 November 2007. During this time window our customers may experience about 15 minutes of intermittent connectivity problems. |
|
System updates; General; August 9th, 2007 | ENOM Huge Denial of Service Attack |
|
One of the leading online
providers of domain name
registration worldwide, Enom
encountered a major DDOS
(Distributed Denial of Service)
attack today. When this occurs,
it causes many of their
customers to experience erratic
or no connectivity for their
email or websites with domain
names registered with the
company. Enom is working
diligently to resolve the issue
and to prevent future outages.
As of about 5pm EST, ENOM seems to have the attack under control. To read more of what a DoS attack is and how it affects millions of Internet sites, click here. |
|
System updates; General; July 26th, 2007 | IMPORTANT: PHP4 End-Of-Life announced. |
|
The development team of PHP
announced the End-Of-Life of PHP
4. There will be no more
releases of PHP 4.4 after Dec
31, 2007. Critical security
fixes will still be released on
a case-by-case basis until
August 08, 2008. eHosted.com will continue supporting PHP 4 until possible, but we urge our customers to look for ways to make their PHP applications suitable to run on PHP 5. After the end of 2007, we may be forced to discontinue any support for PHP 4, in case of a discovered security vulnerability which may endanger the integrity of our hosting environment. After Sep 10, 2007, we will start setting PHP5 as default PHP interpreter on our servers. This means that files ending with .php will be parsed by PHP5 by default. However, customers will still be able to set PHP4 as default interpreter, by using a directive in their .htaccess files. The change will happen gradually on each of our servers and the exact date for each server will be announced later. We advise our customers to take the necessary steps to make their PHP driven software completely suitable to run on PHP5. If the software is a third-party application, upgrading to the latest stable version should be enough, as developers of popular software (forums, blogs, CMSs) have already released versions, ready to run on PHP5. |
|
System updates; General; June 20th, 2007 | HTTP requests to xmlrpc.php files filtered |
|
Due to a
recent wave of exploits, our
System administrators set a
rule, which blocks HTTP access
to files named xmlrpc.php. This file contains a PHP module (PHPXMLRPC). It is a third party module, whose main purpose is to allow POST requests between applications (without a browser). Although the module is included in several popular CMS programs, it is not widely used/accessed. Note that the vulnerability is not related to the server software, it is at a third-party application. The purpose of the applied filter is to protect customer sites (that contain xmlrpc.php) from being exploited/defaced. In case you need to use this module on your site, you can remove the filter by creating a .htaccess file in the folder that contains the file, and adding the following lines to it: <IfModule mod_security.c> SecFilterRemove 114 </IfModule> |
|
System updates; General; March 12th, 2007 | IMPORTANT: Frontpage server extensions availability |
|
This note is
to inform you of the decision of
Microsoft to discontinue the
support for FrontPage extensions
for UNIX. These extensions are
necessary in order to utilize
the FrontPage dynamic features
on a UNIX server. We have been
offering FrontPage extensions
since 2001, and as we have many
customers using them, we will
not be stopping support for them
immediately. Unfortunately,
Microsoft have decided to
discontinue any support for the
extensions, and no further
updates/bugfixes/patches will be
released. Therefore, we will
need to eventually stop offering
FrontPage server extensions. For
now, this is "in the distant
future", but unforeseen
circumstances, such as an
unexpectedly released security
exploit of the FrontPage
extensions, may force us to
fully discontinue them
immediately. We will do our best
to offer FrontPage extensions as
long as possible. Note that if you are using FrontPage to design and publish your site, you do not necessarily need FrontPage server extensions enabled and functioning. The extensions are needed only for certain dynamic features that can be developed in FrontPage, such as shared borders, forms, etc. If you do not use such features, you can continue using FrontPage indefinitely, and disable the extensions at any point in time. In such a case, you would be able to upload your FrontPage site via FTP. If you are using dynamic components, we strongly encourage you to look for alternatives. For example, FrontPage Counter can be replaced with the counter offered at your online Control Panel -> Counter section. You can check your online Control Panel -> Scripts section also, where you can find alternatives to other FrontPage dynamic components (search script, email submission script). |
|
System updates; Maintenance
notifications; March 6th, 2007 | PHP Upgrade notification |
|
Please be
advised that the PHP 5 version
on the server, is scheduled for
an upgrade to version 5.2.1 on
Mar/15/2007. Along with PHP, we
will be upgrading Zend Optimizer
to version 3.2.2. Minimal to
none downtime is expected during
the upgrade. IMPORTANT: A number of popular applications may require an upgrade to the latest version in order to continue functioning properly. Some of the affected applications include but are not limited to: - Drupal, versions below 4.7.6 and version 5.1 - Wordpress, versions below 2.1 - MediaWiki, versions below 1.9.2 - ZenCart, versions below 1.3.7 If you are using one of the above applications, please make sure that you upgrade to the latest version provided by the vendor no later than Mar/15/2007, or some features may stop functioning properly. Other applications running under PHP 5 might be affected as well, so we advise that you check your software. Upgrading to the latest version provided by the vendor is always recommended. No applications running under PHP 4 will be affected. |
|
General; February 10th, 2007 | Fake maintenance alerts being sent to domain owners |
|
In the last
couple of days we have received
several reports from customers
about false security maintenance
alerts being sent to them. The
email message usually has a
subject "Hosting Regular
Security Maintenance" or similar
and includes instructions how to
upload and run a PHP script on
their website. The email message in question is not sent by our company, nor does it originate from our servers. It is a fake, fraudulent message with spoofed Internet headers. eHosted.com will NEVER send you unsolicited files to upload to your web directory. Do not ever install a .php, .js or .html file that is sent to you by somebody you do not know as it may contain malicious code which allows other parties access to your account. In case you receive such an email messages, please delete it and do not download its attachment. Here is a copy of a sample fake message: ======Start of spoofed message======== Reply-To: security.admin@[hosting-server].com Subject: Hosting Regular Security Maintenance Date: Thu, 08 Feb 2007 00:20:54 -0800 Dear valued Members Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment. So, to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html" or (for Windows Based servers which use ASP) upload the file " guard.asp" in: "./wwwroot" in your site. If you do not know how to use it, you can use the following instruction: For Unix/Linux based websites that use PHP/CGI/PERL: 1) Download the attachment named " guard.zip" 2) Extract file "guard.php" 3) Login to your site Control panel. 4) Open "File Manager" window. 5) Go through "Public_html" or "htdocs" 6) Choose "Upload Files" 7) Upload the file "guard.php" 8) Check its URL too "http://www.yoursite.com/guard.php", if it is ok For Windows based websites that use ASP: 1) Download the attachment named "guard.zip" 2) Extract file "guard.asp" 3) Login to your site Control panel. 4) Open "File Manager" window. 5) Go through "wwwroot" directory 6) Choose "Upload Files" 7) Upload the file "guard.asp" 8) Check its URL too "http://www.yoursite.com/guard.asp", if it is ok Thank you for using our services and products. We look forward to providing you with a unique and high quality service. Best Regards ======End of spoofed message======== These fake email messages are being sent to the WHOIS administrative email address for the respective domain name. Our System engineers and Abuse Department are already working on proper rules to block such fake email messages on a server level as well as we are in process of implementing several other security measures to restrict the number of users which might be affected by this fraudulent email. We strongly advise that you doubt any email message with attachment you receive from an email address not familiar to you. .. |
|
Incident
reports; January 6th, 2007 | Savvis datacenter network problem |
|
On Jan/2/2006
there was a major failure within
the network of our upstream
provider SAVVIS, which caused
their Boston datacenter to be
isolated from the rest of their
network. As the server that
hosts your account is located in
this datacenter, your site was
affected by the outage, which
lasted for about 7 hours. Although the uptime of the server was not affected, during the outage it was inaccessible from outside locations. The outage affected all companies hosted in the same datacenter, including Lycos Mail, Tripod, the websites of the magazines CIO and CSO and others. We are aware that this is a serious problem and we will review all redundancy and recovery procedures of Savvis to ensure that such issues will not occur again.. |
|
System updates; September 26th, 2006 | PHP Upgrade notification |
|
Please be
advised that the PHP 5 version
on the server, is scheduled for
an upgrade to version 5.2.1 on
Mar/15/2007. Along with PHP, we
will be upgrading Zend Optimizer
to version 3.2.2. Minimal to
none downtime is expected during
the upgrade. IMPORTANT: A number of popular applications may require an upgrade to the latest version in order to continue functioning properly. Some of the affected applications include but are not limited to: - Drupal, versions below 4.7.6 and version 5.1 - Wordpress, versions below 2.1 - MediaWiki, versions below 1.9.2 - ZenCart, versions below 1.3.7 If you are using one of the above applications, please make sure that you upgrade to the latest version provided by the vendor no later than Mar/15/2007, or some features may stop functioning properly. Other applications running under PHP 5 might be affected as well, so we advise that you check your software. Upgrading to the latest version provided by the vendor is always recommended. No applications running under PHP 4 will be affected.. |
|
General; February 10th, 2007 | Fake maintenance alerts being sent to domain owners |
|
In the last
couple of days we have received
several reports from customers
about false security maintenance
alerts being sent to them. The
email message usually has a
subject "Hosting Regular
Security Maintenance" or similar
and includes instructions how to
upload and run a PHP script on
their website. The email message in question is not sent by our company, nor does it originate from our servers. It is a fake, fraudulent message with spoofed Internet headers. eHosted.com will NEVER send you unsolicited files to upload to your web directory. Do not ever install a .php, .js or .html file that is sent to you by somebody you do not know as it may contain malicious code which allows other parties access to your account. In case you receive such an email messages, please delete it and do not download its attachment. Here is a copy of a sample fake message: ======Start of spoofed message======== Reply-To: security.admin@[hosting-server].com Subject: Hosting Regular Security Maintenance Date: Thu, 08 Feb 2007 00:20:54 -0800 Dear valued Members Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment. So, to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html" or (for Windows Based servers which use ASP) upload the file " guard.asp" in: "./wwwroot" in your site. If you do not know how to use it, you can use the following instruction: For Unix/Linux based websites that use PHP/CGI/PERL: 1) Download the attachment named " guard.zip" 2) Extract file "guard.php" 3) Login to your site Control panel. 4) Open "File Manager" window. 5) Go through "Public_html" or "htdocs" 6) Choose "Upload Files" 7) Upload the file "guard.php" 8) Check its URL too "http://www.yoursite.com/guard.php", if it is ok Thank you for using our services and products. We look forward to providing you with a unique and high quality service. Best Regards ======End of spoofed message======== These fake email messages are being sent to the WHOIS administrative email address for the respective domain name. Our System engineers and Abuse Department are already working on proper rules to block such fake email messages on a server level as well as we are in process of implementing several other security measures to restrict the number of users which might be affected by this fraudulent email. We strongly advise that you doubt any email message with attachment you receive from an email address not familiar to you. In case you are not sure if it is safe to open a certain email message, please do not hesitate to contact our support department. |
|
© Copyright 2007 BrunerHaus, Inc.