Providing Business Class
Web Hosting Since 1996
Sales Chat

Email client SSL/TLS issues


Tuesday, June 12th, 2018 - General

An upcoming change to our servers will affect some older email clients (potentially older browsers as well).

Changes to the way security is run on the servers is going to change the available ciphers and only allow for TLS version 1.2. The aim here is to provide better security throughout the Internet. Known issues with TLS versions 1.0 and 1.1 essentially make them insecure.

Most users won’t notice this change. If you are using a modern email client, browser, and operating system then it’s probably already using TLS 1.2, and if not, it will switch to it when other insecure TLS versions are unavailable.

But if you are using an older email client, such as Outlook 2007 or Windows Live Mail (plus many others – too many to list), you will likely be affected by this. It is important to note that both Outlook 2007 and Windows Live Mail are end of life. That means they are no longer supported by their developer any more. And anything that is end of life, you really shouldn’t be using any more. You can’t expect end of life’d software to continue to be updated and work in modern system. It just doesn’t work that way.

So if you encounter an issue checking or sending out mail – consider the email client that you are using and if it is up to date and being kept up to date. If it’s end of life, then you really need to switch to a modern email client and/or operating system.

This will only affect you if you use one of these email client AND use secure mail settings. You can continue to use your old email client, you just can’t use secure settings – but we don’t recommend doing that. The best solution is to update to a modern email client or operating system.

We recommend Thunderbird, although any modern email client should be sufficient:

https://www.thunderbird.net

Additionally, you can use webmail to log into your email accounts. Simply point your browser to:

http://yourdomain.com/webmail

Enter the email address you want to check as the username and the password is that email account’s corresponding password. (Replace yourdomain.com with your actual domain name you have hosted with us).

All of this is being done with an object of making the Internet more secure. The Internet cannot be secure if insecure protocols and system are allowed to continue to operate. All of those insecurities will eventually be phased out.

Update – June 13, 2018

If you are having issues with this and you are using one of Microsoft’s Outlook products on Windows 7, then you might try applying this patch:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Some have made progress by utilizing this patch to update their Outlook to allow for modern and updated versions of TLS. But if you are depending on an outdated or discontinued version of Outlook, this patch probably won’t help you.

Update – June 14, 2018

So what’s the bottom line?

If you have been sent to this post or if you are otherwise affected by this then this statement rings true:

You are using an email client or operating system that does not support valid security protocols.

Perhaps this can be fixed, perhaps not. We’re really not going to know. There are just too many email clients out there for us to have knowledge about what settings are where and what patches may or may not need to be applied. It’s best to contact the developer or vendor of the product you are using.

But chances are, if you are having problems with this, then the product you are using has reached it’s end-of-life and that may have occurred several years ago. Up until this latest server update, secure connections using TLSv1 were still being allowed. But it’s important to note that TLSv1 connections were never secure to begin with. That is why they have been disabled. To raise awareness that the client and operating system you have been using is not secure.

The Internet is always on, always available – which means it has to be secure. This means things have to change in order for it remain secure. When security vulnerabilities are discovered in Internet protocols, you can’t expect a secure Internet to continue to use those protocols. This is what has happened here. Vulnerabilities in TLSv1 have been known about for some time, but the Internet industries were giving people time to migrate to knew clients, programs, and protocols before completely shutting down TLSv1. The shut down of TLSv1 is beginning now.


WordPress comment spam


Monday, May 14th, 2018 - General

We are starting to see a lot of WordPress comment spam being sent out through a lot of the accounts hosted on our servers. A lot of users have comment moderation enabled for their WordPress site, perhaps unknowingly. When a comment is posted by someone and the moderation bit is set, then that comment is emailed to the WordPress site administrator for them to take action.

Recently Google and Gmail have started flagging these comment moderation messages as spam. Unfortunately this can have the affect of Gmail blacklisting or weighing all messages sent from our servers as spam. Since we cannot allow this to happen, we are going to be forced to take action regarding this.

We will have to start putting websites into a read-only state if this continues. A read-only state means that nobody will be able to post any comments to your site and you will not be able to log into the WordPress dashboard on your account. Your website will still appear to any visitors, but you just won’t be able to take any actions on your website.

What can you do to prevent this?

If you are not using comments, I would recommend that you disable them. You can do that by logging into your WordPress admin dashboard and clicking Settings -> Discussion then make sure the option for Allow people to post comments on new articles is unchecked. However, if you have specifically enabled comments on any specific posts, comments will still be enabled for that post.

If you are using comments, I would highly recommend that you install some type of captcha system to prevent bots from posting comments on your site. The Google Captcha might be a good plugin to use.

We are doing all of this in an effort to stay proactive and insure that the hosting system your website is hosted on remains clean. We cannot allow comment abuse to affect the reputation of our servers.


My account was caught sending out spam


Monday, March 5th, 2018 - General

Have you received an email from us stating that your account has been used for spamming? That message may have looked like:

A routine security check on the server found that your account – youraccount.com – was being used to send out spam through the server.

Someone is using SMTP authentication with the account – email@youraccount.com – to relay out questionable mail through the server.

What does this message mean?

This means that someone (probably not you, right?) has logged into the server using the email@youraccount.com account information to send out spam. We are assuming that this person wasn’t really you (otherwise, you’d be the spammer and we’re going to err on the side that it wasn’t really you) so this means that spammers somehow got their hands on the password for email@youraccount.com.

This means you likely have an information leak some where. Information, such as the password to this email account (and potentially other information that may not be affecting your web hosting account with us) is being leaked out. If you don’t stop the source of that leak, then information will continue to leak out.

How did they get their hands on the password for email@youraccount.com? We don’t know. And by that we mean that we really don’t know – we haven’t been looking over your shoulder every where you have used this account or what type of password you are using.

One question we often get asked regarding these incidents is: Why didn’t you just block the IP address of the individual sending out the spam? Well, the issue isn’t necessarily WHO is sending out the spam. The issue is that your information was compromised. The IP address isn’t the common point of entry. Often times the spammers are connecting from 100s of different IP addresses, and even if we did block those IPs, they’d just connect from others. The common point of entry is the compromised email account. That is why the password to the email account has to be changed and why IP addresses are not directly blocked.

Typically hackers and spammers get your password information by one of three different ways:

• Malware, viruses, or keyloggers. Your computer or device may be infected with something that is leaking out your password information. If you have malware or a keylogger on your computer (or mobile phone, tablet, or other device) then that malware can be transmitting your password information for all of the accounts you access back to hackers and spammers. This is also how identity theft usually starts. To resolve this, you need to identify which computer or device is checking this account and which computer or device has the malware and keylogger on it, and remove the malware or keylogger. Then you need to change the password for your email account and any other account for any other business you may have logged into on this device.

• Insecure network or network probing. If you check your mail or use your computer, phone, or tablet on any public wifi or insecure network, then you are potentially leaving your data vulnerable to hacking from others on that network. Someone else sharing that public wifi hotspot may be listening in on your connection and stealing password information as you transmit it. To resolve this, you need to identify what sources of insecure networks or wifi that you are using and either secure them or stop using them and then change your email account password and any other account for any other account for any other business you may have logged into on these networks.

• Using weak and insecure passwords. We covered this a bit in detail in a previous post. Bottom line, you are responsible for choosing strong and secure passwords for your accounts. If you are using simple and easy to guess passwords for your account – then you should expect to be compromised – and you need to accept some responsibility for having your account hacked, compromised, and used to send out spam. To resolve this, you need to choose strong and secure passwords for all of your accounts.

These are just some of the scenarios that can explain how your password was compromised. It is not a conclusive list.

The bottom line is – we detected spam being sent out from your account. We are assuming that it is not you sending out the spam, so we draw the conclusion that your password has been compromised. We do not know how the password was compromised, nor can we know how the password was compromised. But you need to figure out how the password was compromised and then resolve whatever the situation was that allowed the password to be compromised. Doing nothing means that your account will probably just get compromised again and we may have to suspend your account if that happens.


PHP 7.1 broke my website


Wednesday, February 21st, 2018 - General

We are continuing to slowly push out PHP 7.1 by default on all of our servers (see this post). Some users are experiencing issues with this upgrade.

First of all, I want to point out that PHP 7.1 was released on December 1, 2016 (see the table directly from php.net). That was nearly 15 months ago. So to claim that PHP 7.1 is brand new, is false. It has been around for quite some time and anyone that develops or writes applications in PHP should be aware of this.

Second, we are seeing some rather significant performance gains with PHP 7.1. So it would be to your benefit to insure that your website and scripts can take advantage of PHP 7.1 so that your website can experience the performance gains.

If you are having problems after the server has been upgraded to PHP 7.1, then you fall into one of two categories:

1. You are using an outdated script (or addons/component/extension/plugin/theme/etc) on your website. Keeping your scripts (or addons/component/extension/plugin/theme/etc) up to date is important to insure that your website is patched up from any known security holes. When developers of these scripts or addons find a security hole in their code they will typically fix this and patch it up and release an updated version of the script. But if you are not using that updated version then you are not protected against that security hole. That means that if you have Example CMS version 1.0 installed on your website and a privilege escalation bug is found in Example CMS version 1.0, the developer of Example CMS fixes the security hole and releases Example CMS version 1.1 to fix it, then if you continue to use Example CMS version 1.0 you are still vulnerable to this privilege escalation bug.

Additionally developers release updated versions of their scripts to take advantage of newer technologies. Software goes end of life - we explained some of the end-of-life reasons back in this post from 2013 - and developers have to stay in step with what is current. PHP 5.6 included a lot of functions and methods that were slow, those functions and methods have been completely replaced in PHP 7.1. Developers of scripts and web applications have to be aware of this and change their code accordingly.


2. You are using an abandoned script (or addons/component/extension/plugin/theme/etc) on your website. Keeping your scripts (or addons/component/extension/plugin/theme/etc) up to date is important. But just as important is making sure that you are using reputable scripts (or addons/component/extension/plugin/theme/etc). This is probably a bit more common with script addons rather than core scripts themselves. If the developer of a script or script addon is not going to properly maintain the code in that scripts then it is of no use to you. Sure, you may be using the latest version of Example Script Addon, but if the last version of Example Script Addon was released 5 years ago, then it is not being properly maintained and the developer likely abandoned the project. We see this happening a lot.

Think of all of the security holes that may have been found in Example Script Addon in those 5 years. Those security holes are not being patched. Think of all of the poor coding that exists in that addon. That coding is not being fixed.

So if you are experiencing problems with the PHP 7.1 upgrade and all of your scripts (and addons/component/extension/plugin/theme/etc) are up to date, then you are very likely using an abandoned script or script addon and the developer is no longer concerning themselves with it. You should stop using that script or script addon.

If you continue to have issues with PHP 7.1 we can switch you back to PHP 5.6, but please understand that this is only a temporary fix. PHP 5.6 support is not going to be around forever. If your the script or script addon you are using on your website is not working with PHP 7.1 then the issue is with the script - it fits into one of the two categories from above. You need to be making arrangements to have the script or script addon updated or switched to support PHP 7.1 so that you will not be caught off guard when PHP 5.6 support is completely removed.

One of the reasons why we are doing this upgrade now is so users can identify if they fall into one of the above categories and can make arrangements to resolve those issues before PHP 5.6 support is completely lost.

Joomla! Update Issues


Thursday, February 1st, 2018 - General

(Please note – at the time of this post – February 1, 2018 – the latest version of Joomla! was version 3.8.4. If you are reading this post after February 1, 2018 then the versioning may have changed)

Updating your Joomla! script can be a hassle. Unlike a lot of other Content Management Software, Joomla! updates are typically more demanding. Depending on what version of Joomla! you are updating from, the update process may cause you some issues.

Joomla! 3.8.0 or greater – Update should go through without any issues.
Joomla! 3.6.5 – Joomla! 3.8.0 – Update should go through but you may have to sort out some issues.
Joomla! 3.6.5 or lower – The update very likely won’t go through.

Keep in mind, if you don’t keep your Joomla! script up-to-date, then it’s a matter of WHEN your website will be hacked, compromised, and abuse and not a question of IF. While updating your Joomla! script might be painstaking it is a necessary step.

We really encourage you to post any questions you have about updating your Joomla! script at the Joomla! Community Forums:

http://forum.joomla.org

We are not all that well-versed in how Joomla! is coded and how it is maintained. The folks at the Joomla Community Forums have a much better grasp of this.

3.8.0 or greater
If you are updating from a Joomla! 3.8.0 or greater, then the update process should go on without any issues. Although I would encourage you to make sure that you have plenty of disk space on your account, and making a backup before performing the update is never a bad idea.

A version between 3.6.5 and 3.8.0
If you are updating a Joomla! script that is 3.6.5 or greater, then the update process will probably go through – although you may encounter a few issues. I would encourage you to make sure all of your themes, extensions, and addons are up-to-date before attempting an update. Again make sure you have plenty of disk space for the update process and backing up your script before performing the update is never bad idea.

From what I have read, Joomla! versions 3.6.5 and greater have very few issues with the update process, but issues are known to pop up.

A version less than 3.6.5
If you are using a Joomla! version less than 3.6.5, then chances are the update process won’t work. Depending on how far you are from Joomla! 3.6.5, you might be able to wiggle your way into an update, but it requires a lot of work and just depends on each individual case.

If you find yourself using an extremely old version of Joomla! we would really recommend that you delete that script and start your website over with a fresh, up-to-date version of Joomla! (or another CMS) and keeping the script up-to-date from now on.

If you encounter any issues with the update process, again we are going to refer you to the Joomla! Community Forum at:

http://forum.joomla.org

If you have any other questions about the Joomla! update process, we would recommend that you discuss it on their forums.


Contact Information

AMS Computer Services, Inc

Contact Sales/Billing
Submit a Support Ticket
Password Reset Link
Account Management Area

Mailing Address:
AMS Computer Services, Inc
299 Midway Rd.
Murray, Kentucky 42071
USA

Facebook:Like us on Facebook
Google:

Twitter: @AMSCustomerCare

Latest Announcements:
Copyright AMSComputer Services, Inc. All rights reserved.

Products and Services
Infrastructure
Datacenter Information
About Us
Policies and TOS
Support
Open a Support Ticket
Guides and Information
Support Blog
Access Welcome Letter


logo_placeholder logo_placeholder logo_placeholder logo_placeholder

logo_placeholder       logo_placeholder       logo_placeholder