Domainsrush
Server Status
Updated
18 August 2010
Accounts
with login at; http://cp.domainsrush.org
Dedicated
email connectivity issues - Free BSD
Created:
18 August 2010
Our engineers have isolated the issue
affecting the dedicated servers and are now rolling out patches
which will bring affected users email back online over the course
of the day. Once this process is complete we will be upgrading
our servers
We
are aware of connectivity issues with our dedicated servers
running the FreeBSD operating systems and for this reason we are
upgrading to Ubuntu6 The migration will take place over
the next day or so and should be seamless.
Sorry
for the inconvenience.
________________
PHP.
We have switched off the PHP setting "register_globals"
as this now represents a security weakness.
All
Accounts
This
update is to make you aware of a security issue that we have
found some of our users are experiencing recently.
We
have found that many users use the same password for accounts
and databases. If there is an out of date script or program on
the account, a hacker can potentially gain access to the
database password stored in the scripts configuration files.
Recently
we have found that if a database password is found, the hacker
then tries to login via FTP to the account. If successful,
they gain complete access to that account.
If
you run scripts or programs such as phpBB2 or OSCommerce, please
ensure they are always up to date. New security
vulnerabilities come out regularly and they must be patched to
ensure the integrity of your account.
If
you no longer are using a script, please remove it from your
account to prevent it from being abused.
Lastly,
if your database password is the same as your account
password, please change this ASAP. You can change your account
password on the "Account Details" page on your
control panel. Database passwords can be changed in the MySQL
Manager on the "Web Tools" page.
All
Accounts
*****KEEPING
SOFTWARE UP TO DATE*****
A
point we would like to bring to users attention is
keeping software up to date. For example form mail scripts,
forums and content management systems with the last version of
the code available. This is important as old code can contain
vulnerabilities that allow hackers to abuse your web sites and
possibly attack us. You do not have to worry about server side
software like PHP, MySQL and Apache as we will keep this up to
date for you.
This
is regarding the popular OSCommerce shopping cart and PHPBB2
forum software that you may use. There are some
vulnerabilities for these software packages that require
URGENT attention. If you use any of these packages please read
this. If any of your users or developers use these software
packages, please forward this E-mail on to them.
OSCOMMERCE ---------- There
is a vulnerability in OSCommerce that allows spammers to send
out multiple E-mails using contact_us.php. There are two
options to resolve this problem:
1.
If you do not use the contact us feature in OSCommerce, simply
delete the contact_us.php file. This can be found in the root
of your OSCommerce installation.
2.
Follow the instructions from the link below to update a PHP file.
We recommend you back up the original file before you attempt
to modify it:
http://www.bpweb.net/oscommerce-fix.htm
If
you are unsure about how to do this, please contact us and we
will be happy help.
PHPBB2 ------ There
have been several vulnerabilities recently that can result in
an attacker taking over or corrupting your forum.
Please
upgrade all of your PHPBB installations to the latest version
by downloading the upgrade file from the link below. Once
downloaded, unzip it, upload the files to your PHPBB2
installation and follow the upgrade instructions in the
install directory.
Download
for upgrading PHPBB2 is the "Changed Files Only" file
and NOT the "Patch File Only" file.
1.
Download this file from http://www.phpbb.com/downloads.php
and unzip it 2. Make a backup of your current PHPBB2
installation 3. Follow the upgrade instructions in the
docs/INSTALL.html directory
If
you have any queries or problems, please don't hesitate to
contact us.
If
you have any questions or queries about this change, please
don't hesitate to contact us.
Domainsrush
|