Providing Business Class
Web Hosting Since 1996
Sales Chat

Bitcoin Ransom Messages


Monday, October 22nd, 2018 - General

Since we seem to getting a lot of messages from our users inquiring about this, we thought it might be a good idea to address this here.

Lately there has been an increase in the number of ransom messages going out threatening to expose certain details about you if you don’t pay the hacker in bitcoin. We really can’t tell you if the message being sent to you and pertaining to you is legit. I don’t think it’s wise for any hosting company or security firm to state as much. But we can advise you on what we are seeing in regards to this. We are seeing a lot of messages like this, so it is very likely a scam in your case, but in the end you will have to make the determination on your own.

The message in question may look something like:

The wording might be a little different. But the same general message is the same. A few key takeaways here:

This is your password Is that really your password? Or has it ever been your password? If not, then you can stop right here, it’s a scam! If it is your password, then is it an easy to guess password? Have you reused that password some where else? How do they do this? Pretty simple actually, they pick a random password – usually a pretty common one – and then send out this message to millions and millions of email addresses… it’s bound to be the correct password for a handful of those users. The scam is not meant to work for every single user they email, but if it works for just a handful of users, the scammers make money.

I sent you an email from your account This is trivial to do. Email does not have a mechanism in place to verify that the person behind the computer/device that sends a message is actually who they say they are. Mechanisms do exist that can help verify a message was sent from a likely reliable sender, that are done on the recipient end of the message exchange. But those mechanisms aren’t infallible and aren’t universally accepted. How do they do this? Any knowledgeable or trained computer person can send a message to appear to have come from your email address. Just because the From line in an email has your email address does not mean it was sent by your computer or device.

I made screenshot with using my program from your camera of yours device Do you computers and devices have cameras on them? Have you actually visited any of the adult rated websites the message suggests? If you answer no to either of these, then it’s a scam! This is a scare tactic aimed to scare individuals into giving the scammers money. The tactic here is that a significant portion of Internet users may visit sites like this. Again, the scammers aren’t expecting the scam to work on 100% of the people they send this message to. It just has to work for a select few and the scammers make money.

After receiving the specified amount, all your data will be immediately destroyed automatically Since they have presumably sent this message out to hundreds if not millions of email addresses, how do they know which user a specific payment is referring? So how would they know to discard the information they collected if you pay? Simply answer: They don’t – because 1) they have no information and it’s a scam or 2) they will keep the information and continue to extort you for more money. Again this taps into people’s fears and resolution centers, that money can fix all problems and that’s what the scammers are hoping for.

• What information is missing? – If the scammers really wanted you to believe their message and if they had really stolen some of your information, don’t you think they would have addressed you by name? Or at least given some proof that they have. In kidnapping/ransom cases negotiators will ask for “proof of life” or proof that the kidnappers have the person in question, negotiators want this assurance before giving any ransom. In this particular case all the scammer has is a password that might not even be yours and if it is – it’s a common password that many people use and a scare tactic that they sent the email from your very own email address which is trivial for any knowledgeable computer person to do.

So is the message a scam? Probably. But this is something you really need to make a determination for yourself. I can tell you that we are seeing many complaints about such messages and we’re even getting them as well. So if you think you are being singled out and are the only one receiving these messages, know that you are not.

How can you protect yourself?

• Keep an up-to-date virus and malware detection system. A malware detection system like MalwareBytes can be helpful in regards to this.

• Keep your computer up to date. When computer vulnerabilities are discovered, programmers and developers that wrote that software will work to fix the security holes that led to that vulnerability. But it does you absolutely no good if you never install the updated code that they developed. If you want your computer and device to be safe and secure you have to apply security updates as soon as they become available.

• Use strong and secure passwords. If you are using simple and easy to guess passwords then this just increases the chances of your password being compromised. It may be difficult to remember a strong and secure password, but it’s going to be even more difficult when your password is compromised and your information is leaked out.

• Don’t reuse your passwords. If you’re using the same password for everything, then all it takes is for one service to suffer an information leak, and then the password you are using for everything is then in the public domain and capable of being compromised. Use separate, strong, and secure passwords for every service you use.

• Keep a backup of your files. If the files on your computer and device are important to you, make sure you keep a copy of them stored some where off of the computer or device. This way if you ever do get compromised or have your files deleted, you will have something to restore from.

Again, our aim is to give you the tools and information so that you can make your own informed decisions. If you are relying on someone else to make this determination for you, then you can fall victim if their determination is wrong. Educating yourself is the best defense you can have in regards to scams like this.


Upcoming PHP 5.6 disabling


Monday, October 15th, 2018 - General

(Update: October 16 – This will also apply to users using PHP 7.0, but there are very, very few users using PHP 7.0. We skipped PHP 7.0 as a default version and went straight to PHP 7.1 so there are only a handful of PHP 7.0 users that will be affected by this)

We will be switching accounts that use PHP 5.6 to PHP 7.1 on November 20, 2018. This date is more than a month away, if you are affected by this, please use this time to work towards updating your script/web application/plugins to be PHP 7.1 compatible.

Why is it important to switch to remove PHP 5.6?
PHP 5.6 is approaching end-of-life. If you don’t believe me, you can visit the php.net website and see the full schedule:

http://php.net/supported-versions.php

There you can see PHP 5.6 will receive security support updates until December 31, 2018 – that is fastly approaching. We did not design this schedule. This is simply PHP’s schedule of life for it’s programming language. It is not a good idea to rely on a programming language that is not being supported by it’s developers.

My script works, why do I have to upgrade it?
Just because your script works, doesn’t mean it’s not being exploited or has security holes that cannot be compromised. A lot of hacks and abuse happen because hackers are able to burrow their way into a website’s script or web application and perform malicious actions without the website owner knowing about it. If you are using a script, web application, or plugins that still relies on PHP 5.6 then chances are great that the developer of that script/web application/plugin has not audited the security of their work in several years.

If your account is using a script, web application, or plugin that still requires PHP 5.6, then it falls into 1 of 2 categories:

• The script, web application, or plugins you are using are out of date. Updates may be available but for whatever reason, you have not applied them to your account. Updates have to be applied to your account in order for you to reap the benefits of those updates. I think sometimes people may think that just because an update to a script/web application/plugin is released to the public then they are protected. That is not the case. Developers release updates of their products, but it’s up to the users of those products to grab the updates and apply them to their account.

• The script, web application, or plugin you are using has been abandoned by it’s developers. This is called abandonware and it is quite common. A developer may create a script, web application, or plugin release it to the public – they may even release a few updates for it – but eventually it becomes too time consuming for the developer and they quit publishing updates or working on the project and the project becomes abandoned. This puts the people that have installed and used that particular script, web application, or plugin in a difficult spot. This is why we always encourage you to use only reputable scripts, web applications, and plugins – items that have a higher confidence of staying actively developed.

Developers of scripts, web applications, and plugins have a responsibility to stay in tune with the current scheduling of the programming language they are using. There’s really no excuse for a reputable developer to be unaware of PHP 5.6 upcoming end-of-life at the end of 2018. I know that I would not want to put a lot of trust in a developer that is caught off guard of this upcoming end-of-life.

So what actually is going to happen on November 20, 2018?
On Tuesday November 20th, 2018 we will begin switching accounts that are using PHP 5.6 to PHP 7.1. If you find your website to no longer be working after this switch, contact us and let us know and we will reluctantly switch your account back to PHP 5.6. But please understand, you are going to have to get with it, because PHP 5.6 will be removed at the end of 2018 meaning a downgrade to PHP 5.6 will no longer be possible.

Why are you pushing PHP 5.6 out the door?
Because we believe in a safe and secure Internet. We believe scripts that still rely on PHP 5.6 are a security risk to you, to our servers, and to the rest of the Internet users. Compromised scripts, web applications, and plugins is what leads to spamming, phishing attacks, information leaks, and other malicious/abusive actions. Our purpose in all of this is to promote a safer and secure hosting environment for all of our users.

When will PHP 5.6 be completely disabled?
Our hope is that by November 20, 2018 everyone that was using PHP 5.6 will have updated their scripts/web applications/plugins to PHP 7.1 compatible versions. But we will reevaluate where we stand after November 20, 2018. We may have to do another round of disabling PHP 5.6 in December depending on what the uptake is for this November 20th deadline.

My script requires PHP 5.6 and there is no update to it.
See the abandonware paragraph above. If your script requires PHP 5.6 and there is no update for it, then it has been abandoned by it’s developers and you need to seek an alternative script/web application/plugin.

Can you please give me more time to get ready for this November 20th deadline?
No, unfortunately we cannot push this date back any further. If you are still having issues with this on November 20th after your account has been switched to PHP 7.1, contact us and we will reluctantly switch you back to PHP 5.6. But please understand you are getting very close to the deadline for PHP 5.6 to officially become end-of-life. We are not going to push back this November 20th soft deadline because it will take away the sense of urgency to this matter.

Can you use a hardened version of PHP 5.6?
No, this is not something we philosophically believe it. The issue at hand isn’t really so much the PHP version, the issue is more the fact that you are using a script that requires an end-of-life version of PHP. Hardening old versions of PHP is fine, but it’s not going to stop compromises and security holes in old scripts/web applications/plugins that rely on these end-of-life versions of PHP. And a hardened PHP version is not going to protect your outdated, security-hole filled script from being exploited.


Hurricane Florence


Wednesday, September 12th, 2018 - General

We are monitoring Hurricane Florence which is on track for the Carolina coast later this week. Our foremost concern is the people within the path of this hurricane. This adds a little perspective when talking about web hosting and server datacenters when people’s lives may be in danger. We hope everyone in the affected region stays safe.

We do have two servers located in North Carolina, one in Virginia, and one in Georgia that may be affected by this storm. The two in North Carolina are of the major concern, but they are both located inland in North Carolina, so our hope is that they will be less affected by this storm. All of these datacenters have backup generators available just in case.

Again, our foremost concern is with the people in this affected region. If you live in this affected area, please stay safe and we encourage you to follow any government issued evacuation orders.


Upcoming SquirrelMail Removal


Friday, August 3rd, 2018 - General

The SquirrelMail webmail suite will be removed from our servers probably around the end of 2018. An exact date has not been determined, but it will be removed before the calendar turns over to 2019.

Why is SquirrelMail being removed?
SquirrelMail is a simple, yet very old piece of software. The last version of SquirrelMail was released in July 2011 and the last update was in May 2013, so that’s over 5 years old since it was last updated. It just simply isn’t coded to work with modern day versions of PHP. It also lacks a lot of features that are present in modern day webmail applications.

The decision to remove SquirrelMail is being made by cPanel. They have packaged SquirrelMail with their software for quite some time and tried to maintain it the best they can, but the time has come to just kill it off and use other, better alternatives.

What can I use to replace SquirrelMail?
We recommend using Roundcube, it is also an available webmail application provided by cPanel. When you log into webmail, simply click the option to use Roundcube.

Roundcube is another simple webmail application, much like SquirrelMail. But Roundcube has a much more modern feel to it and is still being actively developed.

We would encourage you to begin switching over to Roundcube as soon as possible. Since SquirrelMail is just a basic webmail application, there should not be a lot tying you to it, making the transition to Roundcube a bit easier.

We don’t really recommend switching to Horde webmail. Horde webmail is a great webmail application suite and it offers several productivity tools. But if you were using SquirrelMail chances are you are just needing a simple webmail application, Roundcube fits better in that situation.

My webmail automatically logs me into SquirrelMail, how do I get to Roundcube?
In the top-right corner of the webmail screen, next to the Logout button you’ll see your email account with a drop down icon. Click on that email account link. This will bring down a drop down menu where you can select to use Roundcube.

Select Roundcube

You can click the star icon next to Roundcube to make it the default webmail suite that you will be logged into when you next log into webmail.

Will Horde and/or Roundcube be removed?
No, this is only referring to SquirrelMail. Horde and Roundcube will remain active.

I don’t know if any of my email users are using SquirrelMail
We will be sending out notices in the next few weeks to accounts that are using SquirrelMail, letting the web hosting account owners know about this so they can be making arrangements to move off of SquirrelMail.

When will SquirrelMail be removed?
We don’t have an exact timetable for this. Our hope is that as we start sending out notices, more and more people will stop using SquirrelMail and we can remove it sooner rather than later. We don’t specifically know when cPanel will remove SquirrelMail. We hope to be able to remove it before cPanel does. Either way, barring something unforeseen, SquirrelMail will definitely be removed before January 2019.

As always if you need to contact us, simply submit a support ticket and we will answer any questions you may have.


Upcoming TLS changes


Wednesday, June 27th, 2018 - General

Post Summary

If you do not want to read through this whole blog post, just understand that there are issues with older versions of TLS. If you have been sent to this post by our support staff, then this probably means you have a program or operating system that is still using these older versions of TLS. You need to make changes to your system to bring it in line with upcoming security standards. If you choose to ignore that, then you should anticipate experiencing issues later on when older versions of TLS are completely shut off.

This post is detailing what you need to do. If you are using Windows 7 there is information in this post that might help you. I know this is a lengthy post, but there is a lot of information included.

If you are using an old, outdated, and end-of-life email client, program, or operating system, then you really can’t expect it to be secure. This is just the way the Internet works.

SSL/TLS is a technology that is used to encrypt data transmission from a source to a destination. For example, from your web browser to a web server. Or from your email client to the mail server. This is what prevents someone from listening in on the connection and being able to understand what is being transmitted (like passwords or personal information).

A small back story regarding the naming convention of SSL and TLS. When public/private key transmission encryption was first developed, it was called SSL. There got to be a copyright issue regarding the name SSL, so the IETF organization (a standards controlling group on the Internet) decided to change the name from SSL to TLS. But SSL was, and still is, a hard name to shake off. So officially the name is actually TLS, but it’s often used interchangeably with SSL.

What is SSL/TLS?
TLS or Transport Layer Security is a protocol that is used to negotiate how two parties will communicate in secret. TLS uses a public/private keypair set of encryption. Basically it’s set up to where the source has a private key that it uses to encrypt data. In order for a destination to understand what is written in that encrypted data, it needs a public key to decrypt the data. The public key cannot be used to encrypt data, and likewise the private key can’t be used to decrypt data. During this negotiation process, the source (i.e. your browser or email client) is going to send the destination server (i.e. our web server or email server) a public key that it can use to decrypt what the source is sending. Likewise, the destination server is going to send it’s public key back to the source server so it can decrypt what the destination server sends back.

What is changing?
Without getting to in-depth on this, just understand that there are different versions of SSL/TLS that are used in this negotiation. There are 5 different versions of SSL/TLS. SSLv2 and SSLv3 were created way back in the 1990s, they were long ago deprecated and deemed insecure (this is also where the naming convention copyrights came into play) so we won’t discuss those.

TLSv1, TLSv1.1, and TLSv1.2 are the remaining TLS versions. As you can guess, vulnerabilities were later discovered in TLSv1 and TLSv1.1. These vulnerabilities essentially nullified and security gains in using these two versions of the TLS protocol. But, unfortunately, adoption of TLSv1.2 was very, very slow so support for TLSv1 and TLSv1.1 had to linger for a very long time.

But the time has now come to officially drop TLSv1 and TLSv1.1 and rely solely on TLSv1.2. This is because the Internet industries want to promote a safe and secure Internet, and that can’t happen if insecure protocols are allowed to be used.

Why is this changing?
You really have to consider the Internet as a living and breathing beast. The Internet is not something you can turn off. You can’t check your email if you don’t have an Internet connection. You can’t check Facebook if you don’t have an Internet connection. Way back when, when computers were not used so much as a communication device and before the Internet, security issues were less of an issue. In order to hack into a computer or device, you really had to have physical access to the computer or machine. If your home PC wasn’t on the Internet, or on an always-on Internet connection, security threats from the Internet weren’t really an issue for you.

But now the Internet exists, and millions and billions of different devices are connected to the Internet all the time. As a result security of these devices becomes a bigger issue. As new security holes and vulnerabilities are discovered, no longer can these just be ignored because physical access is no longer required to exploit these vulnerabilities. These devices are constantly connected to the Internet and are therefore constantly a target of these vulnerabilities.

When the security holes were discovered in the TLSv1 and TLSv1.1 security experts knew that this would affect a lot of users. Unfortunately, developers – such as Microsoft – were slow to roll out security updates and end-user adoption of these new security updates was even slower. This meant that Internet hosting companies and Internet service providers had to continue to allow connections using these insecure versions of TLS due to usability concerns.

It’s important to note that security and usability and opposite ends of the same string. Any time you add a bit of security you take away a bit of usability. Consider that if you really want to keep your computer secure, the best advice is to turn it off. That will definitely keep it secure, but you can’t use it, there’s zero usability. The struggle that server administrators, security experts, and the Internet industries as a whole have is balancing out this security vs. usability equation. How can we make the Internet more secure while also keeping it usable? Where is that balancing act?

This is what lead to the prolonged service of TLSv1 and TLSv1.1. A lot of users were still relying on these versions, and even though security experts knew they were insecure – they could not recommend removing them because it would affect a lot of users.

Now the time has come that the PCI Security Council (one of those industry leaders in being Internet security experts) has concluded that enough time has passed for developers and users to switch to the secure TLSv1.2 protocol, so TLSv1 and TLSv1.1 can be disabled. And while, the vast majority of our users are using TLSv1.2 compatible email clients, operating systems, and programs, there are still quite a few that have not yet updated and will be affected by this shutdown of TLSv1 and TLSv1.1.

Again, this security vs. usability thing comes into play. At what point is the overall health and security of a server more important than the usability concerns of a few clients? If a server has 1000 users on it and 900 of them are using TLSv1.2 but 100 are still relying on TLSv1 or TLSv1.1, how is it justified for the 1000 users to suffer through an insecurity just to protect those 100 that have not updated? Or where does that justification point lay? What if it’s 920 vs 80? Or 950 vs 50? The later is what we are seeing. We are seeing about a 96% adoption of TLSv1.2, so given this information we feel that it is best to go ahead and disable the insecure TLSv1 and TLSv1.1 protocols so that all of our users can benefit from better security on our servers. But this also means that about 4% of our users are going to experience problems. Is that a justifiable percentage?

I got a message saying that I would be affected by this, what do I need to do?
If you get a message saying you are affected by this shut down of TLSv1 and TLS1.1, then that means we detected someone using your account to check or send out mail using TLSv1 or TLSv1.1. This TYPICALLY means that you are using and out of date and end-of-life email client. Examples known to be affected include Outlook 2007, Outlook 2013, Windows Live Mail. Some operating systems are also affected. Anything before Windows 7 will likely have issues (and everything before Windows 7 is end-of-life anyway). I believe versions of MacOS before High Sierra might have issues. Linux distributions that are still in-life should not have any issues. Older versions of Android or iOS may experience issues. There’s really just too many factors to know for us to give a detailed list of what will experience issues.

You just need to find and identify what email program or operating system you are using and make sure it is up to date, and that it is still in-life and being actively supported.

To search for Microsoft based products to see if they are still in life, you can visit:

https://support.microsoft.com/en-us/lifecycle/search

and search for your specific email client and version.

If you are using Windows 7 and you are using a still supported version of Outlook, you might find the patch information at:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

to be useful for you. As I understand it, Windows 7 did not ship with native TLSv1.2 support was added later on in this patch. Your Microsoft update may have already applied this patch years ago or you may need to manually install it now. I really do not know why some people do not already have this patch.

Additionally, it would appear that simply installing this patch is not enough, you have to edit your registry in Windows 7. You can find instructions for this at:

https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it

and scroll down to the section about creating the TLS12-Enable.reg file:

tls12.reg image

You will need to manually create this file and run this file on your system. (Don’t ask me why Microsoft did not include this in the patch, direct those questions and frustrations to Microsoft)

We have created this TLS12-Enable.reg file for you. You can download this file and run it on your system. Although from a security standpoint, randomly downloading .reg files and running them from sites on the Internet is generally frowned upon. It’s best if you can follow the instructions Microsoft’s TechNet page.

If you are using an end-of-life email client, then you really need to update to a newer email client. Again, you have to consider the Internet as a living and breathing beast, so you can’t expect old technologies – technologies that are no longer being maintained – to always be secure. And again, we are showing a 96% adoption rate for TLSv1.2. If you are still using clients and operating systems that don’t support TLSv1.2, then you are part of a much smaller percentage of our user base.

Outlook 2007 is end of life

If you really cannot change your email program, then you should consider switching to insecure connections for sending and checking mail. Insecure connections really aren’t recommended, but sadly if you are not going to update your email client to a secure email client, then security is not a top priority for you. Remember, usability vs. security.

I have updated my email client, how can I know if I’m using TLSv1.2 now?
If you’ve updated your email client and you want to be sure that you are using TLSv1.2 now, simply check your email account or send out a message, then contact us and we will check the logs to make sure you are using a TLSv1.2 connection. If you are, that’s great! If you are not, then you will need to make additional changes to your setup.

How do I know the specific accounts that are still using TLSv1 and TLSv1.1?
All we can see is the usernames that are connecting using TLSv1 and TLSv1.1 secure connections. You can contact us, and we can send you a list of those usernames on your account. But we really have no idea what computers or devices are being used to make those connections. This may be extremely problematic if a specific user is checking their email on 20 different devices, it may only be 1 of those 20 devices that is using TLSv1 or TLSv1.1, but we have no way of seeing that.

When will you be shutting off TLSv1 and TLSv1.1?
We would like to be able to shutdown TLSv1 and TLSv1.1 support by the end of July 2018. But I really don’t know how feasible that will be. Again, we are seeing just a small percentage of users that have not yet updated to TLSv1.2 compatible clients – so while we want to give those users the opportunity to update their software, it’s also not fair to most of our other users that have already updated to TLSv1.2 to have to wait a pro-longed period for these users to update.

Is email the only thing that will be affected by this?
Email won’t necessarily be the only thing affected by this TLSv1 and TLS1.1 shut down. Web, FTP, and cPanel/Webmail access may also be affected by this. Unfortunately it’s not as easy to detect TLS versions with these services. If you are affected by this with email, then you should consider what the underlying root cause of why you are affected by this to help determine if web and other services will also be affected. For example, if you are still using Windows XP and are affected by this, then you will probably be affected by this in regards to web and other services. This is because Windows XP does not support TLSv1.2. But it’s also worth noting that Windows XP is severely end-of-life.

Again, the intent behind all of this is to make the Internet more secure. There is a big push to make increase the overall security of the Internet. And this can’t happen if insecure protocols are allowed to continue to run. The past has taught us (the Internet industries) that you sometimes have to disable insecure protocols in order to force movement to better and secure protocols. It would definitely be nice if we never had to change anything. But as long as there are hackers, malicious users, and poorly written code there will always be security updates that have to be followed.


Contact Information

AMS Computer Services, Inc

Contact Sales/Billing
Submit a Support Ticket
Password Reset Link
Account Management Area

Mailing Address:
AMS Computer Services, Inc
299 Midway Rd.
Murray, Kentucky 42071
USA

Facebook:Like us on Facebook
Google:

Twitter: @AMSCustomerCare

Latest Announcements:
Copyright AMSComputer Services, Inc. All rights reserved.

Products and Services
Infrastructure
Datacenter Information
About Us
Policies and TOS
Support
Open a Support Ticket
Guides and Information
Support Blog
Access Welcome Letter


logo_placeholder logo_placeholder logo_placeholder logo_placeholder

logo_placeholder       logo_placeholder       logo_placeholder