16Apr

Update About the Heartbleed Bug


This is just a quick note to all our Mr.Host customers about the Heartbleed bug that has been making its ways around the internet and all over the media lately.heartbleed

If you’re not familiar with the Heartbleed bug, there is a really good explanation of the bug on the heartbleed.com website. In short, it’s a software bug in certain versions of encryption software called OpenSSL. This bug only affected a handful of versions of OpenSSL, none of which are currently in-use, or have ever been in-use by Mr.Host.

We’ve done an exhaustive verification of all of our servers, network hardware- anything that might have OpenSSL libraries installed, and none have used these versions of this software, now, or in the past. So Mr.Host is not, and has never been affected by this bug.

That being said, customers always have the ability to change their passwords via the Mr.Host Customer Control Panel; and Mr.Host recommends customers use strong password of at least 8-16 characters, with a mix of letters, numbers, and symbols.

Mr.Host takes customer security seriously. Our signup process, Control Panel, and Web-Mail services are all protected by high level encryption. Our Email servers all support encrypted Email via secure POP3, secure IMAP, and secure SMTP, and our FTP servers all support secure encrypted FTP.

We recommend any customers not already using encryption for their Mr.Host Email or FTP, update their settings to enable encryption.

If you have any questions about the Heartbleed bug, or about using encryption with your Mr.Host services, please let us know.

 

The Mr.Host Team

27Dec

Control Panel Updates


We’re happy to announce that we’ve released a new version of the Mr.Host Customer Control Panel.

Most of the changes in this release were simply a face-lift, bringing the old, dated look of the Control Panel, to something more modern. Including, changes to the web stats sections, upgrading the graphs to more dynamic, JavaScript based graphs.

stats

We’ve also, unfortunately, had to remove the Domain Privacy feature from the Control Panel. This feature used to be a free add-on available to us from our domain provider, so Mr.Host in-turn provided it free to all our domain registration customers. Unfortunately, our domain provider has decided to start charging for this feature- at a significant cost.

We’ll likely re-add this feature at a later date, as a premium domain add-on- for those customers that would like to pay an additional fee to have this service, but Mr.Host will no longer be able to provide this feature free of charge.

If you have any questions, please feel free to contact us anytime,

 

Happy Holidays!

The Mr.Host Team

27Oct

Apache 2.2.25 and PHP 5.3.27 Upgrade


This evening all Mr.Host web servers were upgraded to Apache 2.2.25 and PHP 5.3.27.

Apache 2.2.25

This version of Apache is principally a security and bug fix legacy release, including the following security fixes:

  • SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.
  • SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file.

PHP 5.3.27

  • Core:
    • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
    • Fixed bug #64960 (Segfault in gc_zval_possible_root).
    • Fixed bug #64934 (Apache2 TS crash with get_browser()).
    • Fixed bug #63186 (compile failure on netbsd).
  • DateTime:
    • Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
  • PDO_firebird:
    • Fixed bug #64037 (Firebird return wrong value for numeric field).
    • Fixed bug #62024 (Cannot insert second row with null using parametrized query).
  • PDO_pgsql:
    • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
  • pgsql:
    • Fixed bug #64609 (pg_convert enum type support).
  • SPL:
    • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
  • XML:
    • Fixed bug #65236 (heap corruption in xml parser).
12Apr

New MySQL Hosting Platform – v5.5.30


This evening, Mr.Host migrated all of it’s MySQL hosting services, to a brand new MySQL database hosting platform, as well as upgraded the MySQL version to 5.5.30.

The new hosting platform is a significant upgrade from the old system, with much more memory, processing power, and much much faster hard drives.

All customer databases were moved to this new platform automatically; no changes were required to your sites or your site content to make this switch. Customers should immediately notice an improvement in their website performance and response time.

If you have any questions or comments about this upgrade, please don’t hesitate to Contact Us.

11Apr

DDOS Attacks Against WordPress Installations


For about 2 hours today, we experienced a DDOS attack against the estimated four thousand WordPress installations hosted on our web hosting platform. During this time customer WordPress installs were still accessible, but were degraded in performance.

It looks like the attacker was trying to (unsuccessfully) brute force the wp-login.php page, in an attempt to gain access to the WordPress admin interfaces.

We’ve managed to squash about 90% of the junk traffic, returning service levels back to normal. The remainder of the traffic should die out over the next few hours.

Customers are encouraged to re-evaluate their WordPress admin interface passwords, and to ensure that their WordPress installations, and any installed plugins, are fully up-to-date.

UPDATE:

TechCrunch posted an article about this with some more details:

http://techcrunch.com/2013/04/12/hackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access/