26Jul

Hardware Upgrades


Over the last week, we’ve been busy upgrading all our web and email hosting servers, to faster servers, with more processing power, more memory, and more storage.

All Mr.Host servers are now running brand new Dell servers, with:

  • 24 x 3.2Ghz Xeon Processor cores
  • 64 GB of memory
  • RAID SSD (Solid State) storage

These changes equal faster loading websites and email, for all our customers, at no additional cost.

If you have any questions, please feel free to contact us anytime,

The Mr.Host Team

16Apr

Update About the Heartbleed Bug


This is just a quick note to all our Mr.Host customers about the Heartbleed bug that has been making its ways around the internet and all over the media lately.heartbleed

If you’re not familiar with the Heartbleed bug, there is a really good explanation of the bug on the heartbleed.com website. In short, it’s a software bug in certain versions of encryption software called OpenSSL. This bug only affected a handful of versions of OpenSSL, none of which are currently in-use, or have ever been in-use by Mr.Host.

We’ve done an exhaustive verification of all of our servers, network hardware- anything that might have OpenSSL libraries installed, and none have used these versions of this software, now, or in the past. So Mr.Host is not, and has never been affected by this bug.

That being said, customers always have the ability to change their passwords via the Mr.Host Customer Control Panel; and Mr.Host recommends customers use strong password of at least 8-16 characters, with a mix of letters, numbers, and symbols.

Mr.Host takes customer security seriously. Our signup process, Control Panel, and Web-Mail services are all protected by high level encryption. Our Email servers all support encrypted Email via secure POP3, secure IMAP, and secure SMTP, and our FTP servers all support secure encrypted FTP.

We recommend any customers not already using encryption for their Mr.Host Email or FTP, update their settings to enable encryption.

If you have any questions about the Heartbleed bug, or about using encryption with your Mr.Host services, please let us know.

 

The Mr.Host Team

12Apr

New MySQL Hosting Platform – v5.5.30


This evening, Mr.Host migrated all of it’s MySQL hosting services, to a brand new MySQL database hosting platform, as well as upgraded the MySQL version to 5.5.30.

The new hosting platform is a significant upgrade from the old system, with much more memory, processing power, and much much faster hard drives.

All customer databases were moved to this new platform automatically; no changes were required to your sites or your site content to make this switch. Customers should immediately notice an improvement in their website performance and response time.

If you have any questions or comments about this upgrade, please don’t hesitate to Contact Us.

02Jul

Secure FTP (Implicit and Explicit FTPS)


We’re excited to announce that the Mr.Host FTP servers have been upgraded to support secure encrypted connections, for all Mr.Host web hosting customers.

We’ve included support for both “implicit” SSL (running on port 990), and “explicit” (also referred to as TLS, AUTH TLS or FTPES), running the standard FTP port 21.

 

How to Upgrade

We’ve added a Knowledge Base article with details on how to enable encrypted FTP in the most common FTP clients, available here:

http://mrhost.ca/system/knowledge-base/ftp-access/ftp-client-setup/secure-ftp-using-ssl-encryption-with-ftp/

If you have any questions or need help configuring your FTP client, you can contact us @help@mrhost.ca

 

Technical Stuff – Implicit vs Explicit vs FTPS vs SFTP

There seems to be a lot of confusion over the different types of secure FTP, as there are several methods of securely transferring files that have been called “Secure FTP” at one point or another:

FTPS

Explicit FTPS  is an extension to the FTP standard that allows clients to request that the FTP session be encrypted. This is done by sending the “AUTH TLS” command. The server has the option of allowing or denying connections that do not request TLS. This protocol extension is defined in the proposed standard: RFC 4217.

Implicit FTPS is a deprecated standard for FTP that required the use of a SSL or TLS connection. It was specified to use different ports than plain FTP (usually port 990).

Mr.Host support both of these FTPS methods.

SFTP

Is not actually FTP, but a method for copying files over an SSH connection, using a similar command set.

Mr.Host does not currently support this.

26Feb

PHP 5.3.10 and MySQL 5.5.21 Upgrade


This evening all Mr.Host web servers have been upgraded to PHP 5.3.10 and MySQL 5.5.21

PHP 5.3.10

Security Fixes in PHP 5.3.10:

  • Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

Security Enhancements and Fixes in PHP 5.3.9:

  • Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
  • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

Key enhancements in PHP 5.3.9 include:

  • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
  • Fixed bug #55609 (mysqlnd cannot be built shared)
  • Many changes to the FPM SAPI module

MySQL 5.5.21

A full list of MySQL 5.5.21 changes is available here:

http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html