Updated 24th January 2008

Accounts with log in at conrtrolpanel.cc

As you are probably aware we are having issues with the server
ftp3.dns-systems.net which is causing mail and web sites to slow. This
is being caused by an issue with the hard drive array on this server
which is running slow due to an error on it.

The solution is to put into action our backup plan to move to the backup
server for this system. This will happen Thursday night, we have already
started the move and files are being transferred now from our backups to
the new server. Then Thursday night we will transfer all files that have
changed so the server so it is up to date.

The Plan is as follows:

18:00 - 24/01/2008 - Incoming mail will be switched off so mail can be
transferred to the new server, mail sent in this time should be stored
and delivered when the server comes back online.

00:01 - 25/01/2008 - Web site files will be transferred to the new
server and FTP will be turned off during this time, we hope to keep web
sites online.

06:00 - 25/01/2008 - Web sites and MySQL will be switched off so MySQL
can be transferred

08:00 - 25/01/2008 - The server will be rebooted and brought back
online.

We are working as quickly as we can to resolve this but it has taken
longer than normal as it was hard to pinpoint the exact issue as we
first thought it was a software problem. Also as the disk array is going
slow it is harder to transfer the data to the new server and we don't
want to just use the backups so no one looses any data. We have also
chosen to do the move the following evening and not in the day as this
might cause too many issue as the server is up and mail is working
slowly.

Please accept our apologies for the service of the past few days and
thank you for your patients. This is a very rare thing to happen and has
been reported to 3ware the array manufacturer who will be investigating.

PHP. We have switched off the PHP setting "register_globals" as this now represents a security weakness.

All Accounts

This update is to make you aware of a security issue that we have found
some of our users are experiencing recently.

We have found that many users use the same password for accounts and
databases. If there is an out of date script or program on the account, a
hacker can potentially gain access to the database password stored in the
scripts configuration files.

Recently we have found that if a database password is found, the hacker then
tries to login via FTP to the account. If successful, they gain complete
access to that account.

If you run scripts or programs such as phpBB2 or OSCommerce, please ensure
they are always up to date. New security vulnerabilities come out regularly
and they must be patched to ensure the integrity of your account.

If you no longer are using a script, please remove it from your account to
prevent it from being abused.

Lastly, if your database password is the same as your account password,
please change this ASAP. You can change your account password on the
"Account Details" page on your control panel. Database passwords can be
changed in the MySQL Manager on the "Web Tools" page.

All Accounts

*****KEEPING SOFTWARE UP TO DATE*****

A point we would like to bring to users attention is keeping
software up to date. For example form mail scripts, forums and content
management systems with the last version of the code available. This is
important as old code can contain vulnerabilities that allow hackers to
abuse your web sites and possibly attack us. You do not have to worry
about server side software like PHP, MySQL and Apache as we will keep
this up to date for you.

This is regarding the popular OSCommerce shopping cart and
PHPBB2 forum software that you may use. There are some vulnerabilities
for these software packages that require URGENT attention. If you use
any of these packages please read this. If any of your users or
developers use these software packages, please forward this E-mail on to
them.

OSCOMMERCE
----------
There is a vulnerability in OSCommerce that allows spammers to send out
multiple E-mails using contact_us.php. There are two options to resolve
this problem:

1. If you do not use the contact us feature in OSCommerce, simply delete
the contact_us.php file. This can be found in the root of your
OSCommerce installation.

2. Follow the instructions from the link below to update a PHP file. We
recommend you back up the original file before you attempt to modify it:

http://www.bpweb.net/oscommerce-fix.htm

If you are unsure about how to do this, please contact us and we will be
happy help.

PHPBB2
------
There have been several vulnerabilities recently that can result in an
attacker taking over or corrupting your forum.

Please upgrade all of your PHPBB installations to the latest version by
downloading the upgrade file from the link below. Once downloaded, unzip
it, upload the files to your PHPBB2 installation and follow the upgrade
instructions in the install directory.

Download for upgrading PHPBB2 is the "Changed Files Only" file and NOT the "Patch File Only" file.

1. Download this file from http://www.phpbb.com/downloads.php and unzip
it
2. Make a backup of your current PHPBB2 installation
3. Follow the upgrade instructions in the docs/INSTALL.html directory

If you have any queries or problems, please don't hesitate to contact
us.

If you have any questions or queries about this change, please don't
hesitate to contact us.


Domainsrush