We are encouraging all of our users to take the time to modify the password for their account. Some changes have been made to the control panel interface for changing your password which helps to insure that your password is strong and secure. In the past we have had a lot of trouble with very weak passwords being used. If you use a weak password, then you are basically contributing to weak security systems which can allow a hacker to gain access to your account. If you don’t take care of your passwords and use very weak passwords then it just becomes that much easier for hackers to gain access to your account. Once hackers gain access to your account, they would then have full privileges to your account.

We have no reason to believe that any of our accounts have had their passwords compromised. There has been a lot of talk recently concerning account security, especially in light of the recent server-wide exploit that is still being investigated. However it is always a good idea to change the password on your account regularly just in case a hacker or malicious user has gotten access to your password. This is the point that we are stressing with this post.

We have written a guide that details how to change your account password. You should probably consider changing the passwords for everything associated with your account, POP passwords, MySQL passwords, etc. However your main account password is the main thing to pay attention to.

Steven

As some of you may be aware SSH access on our servers has been disabled. This is in response to a recent security exploit that has been making the rounds throughout the Internet. There have been a lot of rumblings throughout the Internet and with experts regarding this particular issue. It is thought that SSH plays a role in how the exploit works. As a precautionary move we have disabled SSH access on all of our servers.

We are in the middle of reviewing some security policies and considering making changes to our SSH set up. The issue surrounding this exploit has caused that process to be put on the back burner for the time being while we focus our attention on this exploit and what can be done to prevent damage to our servers.

We don’t have a time table for when SSH will be re-enabled. It is not our intention to close SSH access completely, but it has been a topic that has been discussed. The only way I can really see SSH access being closed completely is if we continue to see exploits that are tied to SSH throughout the rest of the year. Right now we are focusing on understanding this exploit better and making sure that our servers are completely safe before re-enabling SSH. How long that will take is where I am uncertain. There’s just not a lot of information regarding this exploit and we have to do everything possible to insure that our servers stay safe and secure. I won’t enable SSH on the servers until I am satisfied that the issue has been patched, explained, or otherwise properly addressed.

I do apologize for the inconvenience that this has caused our users. I just want to assure you that we are doing this to safeguard our servers and provide a level of security to prevent bad things from happening to our servers and to your accounts.

Scott

I am reading a lot of rumblings in some blogs and forums on the Internet about a new type of exploit that is running rampant on the Internet these days. Unfortunately all of this information is jumbled together and I think multiple exploits are being discussed where parties involved in the discussion are confusing one exploit for another. There just doesn’t seem to be any definitive way to identify the exploit or how to stop it. Some discussion is centered around whether or not this is a real exploit or just accounts using weak passwords.

At any rate, this is probably a good time to stress the importance of keeping your scripts up-to-date with their development. This is why it is so very important that you keep your scripts up-to-date and do not lag behind in updating your scripts. If there is an exploit, it may be taking advantage of a known vulnerability in a script or application, if you’re not running the latest version of that script or application, then you may be vulnerable to this exploit.

This is also a good time to stress the importance of using a good strong password for anything associated with your account. A weak password might be easier to remember, but it is also easier for a hacker or malicious user to guess. If you are using a weak password and someone is able to guess that password, then you have effectively opened up the entire account to allow that user to perform whatever tasks they desire on your account. They could delete the files on your account, inject the account with a virus or malicious code, or some other malicious action.

Steven

I hope everyone had a wonderful Holiday season. With the holiday season wrapping up, it is time for us at AMS Webhosting to get ready for 2008. I want to take a moment and give my thanks and appreciation to all of those that have been with us throughout 2007. I know there were a lot of changes made in 2007 and I truly appreciate the patience and understanding that everyone held throughout these changes. Some of the changes we experienced through 2007:

· Server Upgrades – Throughout 2007 we did a lot of server upgrades through our server migration program. This was done with the intent to bring some of our older servers up-to-par with newer technologies and parts. The upgraded servers have faster processors, more RAM, more disk space and just provide for a better hosting experience. We tried our best to limit the downtime associated with these migrations, but I know that not all downtime was avoidable. We really do appreciate everyone’s willingness to wait through these downtimes so that we could bring you a better hosting experience.

· Updated all servers to cPanel 11 – cPanel 11 brought along a lot of changes to the control panel and backend software. A lot of the benefits are from an administrator perspective, but it also brought along new features for end users and laid the groundwork for future updates.

· Anti-spam and security updates – In addition to the server upgrades and cPanel 11, this allowed us to implement greater anti-spam measures on the server and implement new security updates that really help us keep the servers secure. More security features are planned for 2008 as we continue to balance server security with server usability.

· PHP 5 Upgrades – This was one of the last things we did in 2007, we now have all of our servers updated and using PHP 5 by default. PHP 5 took a long time to reach a level where it was accepted by the webhosting community. With a look towards the future, we decided to join in with fellow webhosting companies and make the move to PHP 5, while at the same time keeping PHP 4 available for legacy support.

2008 brings a new year and a new list of objectives that we want to bring our users as we continue our efforts to make your webhosting experience the best it can be. Some of the things we are hoping to accomplish this year include:

· Apache 2.2 Update – One of the first things we want to look into is bringing all of our servers up to the Apache 2.2 standard. Our servers are currently following the Apache 1.3 release cycle and they have worked very well. However the webhosting industry in general is making the move to Apache 2.2 and there has been reports of markedly better performance with Apache 2.2 over Apache 1.3. Our servers contain a lot of customized configurations, which can hinder an upgrade such as this, but this should not be used as an excuse to avoid the upgrade. We are going to move slowly with this, but it is something we are actively investigating and will get accomplished this year.

· Additional cPanel Updates – The cPanel developers have been hard at work to continue to improve the cPanel 11 offerings. There are currently some updates in the pipes for a new cPanel release. I’m not sure of an exact timeframe but these should be available very soon. In addition to these updates we have also been working on some in-house cPanel modules and we may start bringing those out and making them available with these new cPanel updates.

· Additional Security and Anti-spam measures – Our focus has always been on server security and providing the best security systems that we can offer. Our support and development staff are always working on new security modules that can be placed on the server to insure greater server security. The measures themselves are transparent to the end user but help our administrators keep the servers clean and secure. Several new security measures and anti-spam measures are currently being designed and should be rolled out sometime this year.

These are just a few features we hope to add throughout 2008. As new options become available our priorities may shift, but in any case I wanted our users to be aware of where things are headed in 2008. We look forward to a good and prosperous 2008 and hope that our efforts continue to improve your hosting experience with us.

Scott Mutter
Director of Administration

We have successfully updated all of our servers to run PHP5 by default. All of our accounts are now running PHP5 unless you have specifically written in requesting that your account be turned back over to PHP4.

One thing to note, if you run into issues with PHP5 and your scripts check to make sure that you are running the latest version of that script. It cannot be stressed enough as to how important it is that you keep your scripts up-to-date. Keeping your script up-to-date avoids problems with your script being exploited by malicious users and hackers. It is in everyone’s best interest to keep your script up-to-date. It keeps the servers from being exploited and it keeps your website up and running without being defaced or used for some other malicious activity.

A lot of developers may have made recent changes to their scripts that are required in order to make the script work with PHP5. PHP5 is the future of PHP, everything is moving to PHP5 and sooner or later PHP4 will be completely in the past and no longer supported. This is why it is important that you have your scripts updated to work with PHP5 the sooner the better. If you are running the latest version of a script and it is still not working with PHP5, then you need to contact the developer of that script and find out why it is not working with PHP5 and what they are going to do about this. If a script developer wants their script to continue to work in the webhosting industry, it is going to have to support PHP5.

I don’t have a problem with setting your account to use PHP4, but please don’t confuse this with a permanent solution. If your account is set back to use PHP4, then this should only be viewed as a temporary measure put in place to get your website working while the issues with the script and PHP5 are worked out.

At any rate, I wanted to inform all of our users that PHP5 is live and active on all of our servers now. If you encounter any problems, please submit a support request so that our support technicians can handle your issue.

Thank You
Steven