As some of you may be aware SSH access on our servers has been disabled. This is in response to a recent security exploit that has been making the rounds throughout the Internet. There have been a lot of rumblings throughout the Internet and with experts regarding this particular issue. It is thought that SSH plays a role in how the exploit works. As a precautionary move we have disabled SSH access on all of our servers.

We are in the middle of reviewing some security policies and considering making changes to our SSH set up. The issue surrounding this exploit has caused that process to be put on the back burner for the time being while we focus our attention on this exploit and what can be done to prevent damage to our servers.

We don’t have a time table for when SSH will be re-enabled. It is not our intention to close SSH access completely, but it has been a topic that has been discussed. The only way I can really see SSH access being closed completely is if we continue to see exploits that are tied to SSH throughout the rest of the year. Right now we are focusing on understanding this exploit better and making sure that our servers are completely safe before re-enabling SSH. How long that will take is where I am uncertain. There’s just not a lot of information regarding this exploit and we have to do everything possible to insure that our servers stay safe and secure. I won’t enable SSH on the servers until I am satisfied that the issue has been patched, explained, or otherwise properly addressed.

I do apologize for the inconvenience that this has caused our users. I just want to assure you that we are doing this to safeguard our servers and provide a level of security to prevent bad things from happening to our servers and to your accounts.

Scott

I am reading a lot of rumblings in some blogs and forums on the Internet about a new type of exploit that is running rampant on the Internet these days. Unfortunately all of this information is jumbled together and I think multiple exploits are being discussed where parties involved in the discussion are confusing one exploit for another. There just doesn’t seem to be any definitive way to identify the exploit or how to stop it. Some discussion is centered around whether or not this is a real exploit or just accounts using weak passwords.

At any rate, this is probably a good time to stress the importance of keeping your scripts up-to-date with their development. This is why it is so very important that you keep your scripts up-to-date and do not lag behind in updating your scripts. If there is an exploit, it may be taking advantage of a known vulnerability in a script or application, if you’re not running the latest version of that script or application, then you may be vulnerable to this exploit.

This is also a good time to stress the importance of using a good strong password for anything associated with your account. A weak password might be easier to remember, but it is also easier for a hacker or malicious user to guess. If you are using a weak password and someone is able to guess that password, then you have effectively opened up the entire account to allow that user to perform whatever tasks they desire on your account. They could delete the files on your account, inject the account with a virus or malicious code, or some other malicious action.

Steven

I hope everyone had a wonderful Holiday season. With the holiday season wrapping up, it is time for us at AMS Webhosting to get ready for 2008. I want to take a moment and give my thanks and appreciation to all of those that have been with us throughout 2007. I know there were a lot of changes made in 2007 and I truly appreciate the patience and understanding that everyone held throughout these changes. Some of the changes we experienced through 2007:

· Server Upgrades – Throughout 2007 we did a lot of server upgrades through our server migration program. This was done with the intent to bring some of our older servers up-to-par with newer technologies and parts. The upgraded servers have faster processors, more RAM, more disk space and just provide for a better hosting experience. We tried our best to limit the downtime associated with these migrations, but I know that not all downtime was avoidable. We really do appreciate everyone’s willingness to wait through these downtimes so that we could bring you a better hosting experience.

· Updated all servers to cPanel 11 – cPanel 11 brought along a lot of changes to the control panel and backend software. A lot of the benefits are from an administrator perspective, but it also brought along new features for end users and laid the groundwork for future updates.

· Anti-spam and security updates – In addition to the server upgrades and cPanel 11, this allowed us to implement greater anti-spam measures on the server and implement new security updates that really help us keep the servers secure. More security features are planned for 2008 as we continue to balance server security with server usability.

· PHP 5 Upgrades – This was one of the last things we did in 2007, we now have all of our servers updated and using PHP 5 by default. PHP 5 took a long time to reach a level where it was accepted by the webhosting community. With a look towards the future, we decided to join in with fellow webhosting companies and make the move to PHP 5, while at the same time keeping PHP 4 available for legacy support.

2008 brings a new year and a new list of objectives that we want to bring our users as we continue our efforts to make your webhosting experience the best it can be. Some of the things we are hoping to accomplish this year include:

· Apache 2.2 Update – One of the first things we want to look into is bringing all of our servers up to the Apache 2.2 standard. Our servers are currently following the Apache 1.3 release cycle and they have worked very well. However the webhosting industry in general is making the move to Apache 2.2 and there has been reports of markedly better performance with Apache 2.2 over Apache 1.3. Our servers contain a lot of customized configurations, which can hinder an upgrade such as this, but this should not be used as an excuse to avoid the upgrade. We are going to move slowly with this, but it is something we are actively investigating and will get accomplished this year.

· Additional cPanel Updates – The cPanel developers have been hard at work to continue to improve the cPanel 11 offerings. There are currently some updates in the pipes for a new cPanel release. I’m not sure of an exact timeframe but these should be available very soon. In addition to these updates we have also been working on some in-house cPanel modules and we may start bringing those out and making them available with these new cPanel updates.

· Additional Security and Anti-spam measures – Our focus has always been on server security and providing the best security systems that we can offer. Our support and development staff are always working on new security modules that can be placed on the server to insure greater server security. The measures themselves are transparent to the end user but help our administrators keep the servers clean and secure. Several new security measures and anti-spam measures are currently being designed and should be rolled out sometime this year.

These are just a few features we hope to add throughout 2008. As new options become available our priorities may shift, but in any case I wanted our users to be aware of where things are headed in 2008. We look forward to a good and prosperous 2008 and hope that our efforts continue to improve your hosting experience with us.

Scott Mutter
Director of Administration

We have sent several notices out the past few weeks and a lot of those are being bounced back to us, saying that the e-mail address is invalid. I am going to be going through the system in the next few weeks and removing these e-mail addresses from our billing system, because if they are no longer active addresses, then we don’t need to be writing them.

I am asking everyone to please be sure that your contact information with us is up-to-date.

If you update your contact information in your control panel, that does not reach our billing system. The control panel contact information system is a completely different system than our billing contact system. Please be sure that your contact information is up-to-date with our billing system as this is the information we use to contact you.

We also received some auto-responders stating that your e-mail address has changed. This might be good for casual contacts, such as friend or relatives, but we need to be able to verify that you are who you say you are before we can update the contact information. Otherwise anyone would be able to change the contact information on your account. To change your contact information with us, you need to follow our procedure for updating this information.

To update your contact information please use the appropriate link at our Account Management area:

http://amshelp.com

Click on the Update your Contact Information link to update your contact information.

If your contact information is not kept up-to-date, then we will have no way to contact you concerning issues regarding your account.

Thank You
Steven

I was taking a look at the calendar the other day and realized that the holiday season is really upon us and the end of the year is not too far away. I would like to get a few things accomplished before the end of the year and begin looking at some other changes on into next year. I have to walk a fine line between keeping the servers up-to-date in terms of what the webhosting community is offering and making sure that the upgrades can be offered in a seamless manner.

To that end, below is a list of upgrades and additions that I am looking to have accomplished or researched by the end of the year.

· Script Installation Service – This is an idea that we have been tossing around for some time, we just weren’t sure if it would be feasible to offer. We’re still not sure if this something that will see wide-scale use or really what will become of the offering. The only way we are going to really see how something like this would be used is to make it available and evaluate its status.

We seem to be seeing a lot of issues where end users are installing scripts on their website and then never updating them. New versions of scripts are generally released to fix a security issue within the script. The security issue may be small or large, there’s no real way of knowing, but in any case the only way to avoid complications caused by the security issue is to keep the script up-to-date. For whatever reason, it seems that end users are not keeping their scripts up-to-date.

To help combat this problem, we are considering a Script Installation Service where our administrators would install a script on your account, catalog it, and stay up-to-date with script updates. We are still working out all of the specifics in regards to this project, I would stay tuned to the blog for a more formal announcement concerning this.

· PHP 5 Upgrade – All of our servers currently support both PHP4 and PHP5. PHP4 is the default PHP used on all of the servers. This means that if you have any .php file it is being processed as PHP4, unless you have written in with specific instructions to use PHP5 by default. PHP4 is going end of life according to the PHP developers and the GoPHP5 initiative has set a February, 5th 2008 deadline for major script developers and service providers to drop support for PHP4. We intend to honor this and make PHP5 the default offering on our hosting plans. This will basically entail swapping the default structure of PHP on the servers. Instead of PHP4 being the default, PHP5 will be the default. If you specifically need PHP4, you can submit a support request and we will have PHP4 turned back on for your account.

It is our hope to begin switching servers over to a PHP5 by default setting sometime in early December and we hope to have the process completed by the end of December. We will likely do this switch in a phase-in procedure, we will first do this switch on a couple of servers and evaluate the procedure based on feedback from that test. Should there be major problems concerning this switch, we will not hesitate to switch everything back to PHP4 and then re-evaluate how we are going to lay this out.

The GoPHP5 initiative and the PHP developers are correct, PHP 5 has been released for over 3 years now and it is time for widespread adoption of PHP 5. PHP developers cannot continue to support an old and outdated language framework. Like it or not, the Internet is ever changing. PHP version 6 is already being talked about, and the Internet community has yet to see a widespread adoption of PHP 5.

Will upgrading to PHP 5 break your script’s functionality? I can’t say for sure. The vast majority of popular scripts have been updated within the past 3 years and those developers are aware of PHP5. You can check the GoPHP5 website for a list of projects that support PHP 5. Just because a script is not listed does not mean that it will not work with PHP5. If you are unsure, you should contact the developers or vendor of the particular script you are using and ask them if the script will work with PHP 5. If it does not work with PHP 5, you should inquire as to why this is the case. PHP 5 is coming whether the developers like it or not, the web hosting community cannot continue to support old and antiquated frameworks forever.

· Apache 2.2 Upgrade – This is a project that will not get completed before the end of the year and the timetable for the upgrade may be more Spring ’08 than early 2008. However I did want to mention it here as I’m sure there are a few users that are interested in this upgrade. Apache is the service that serves up webpages on the server, in affect it is the web server.

With the release of cPanel 11 this past summer and fall, cPanel now supports the newer Apache trees including version 2.2. Our servers are currently running the Apache 1.3 tree and are serving us very well. Apache 2.2 mainly includes a lot of code fixes that can improve overall performance of the server and just like PHP, it is becoming more and more difficult for the Apache developers to justify supporting the Apache 1.3 tree. We don’t want to be left so far behind that we receive an end-of-life statement regarding the Apache 1.3 tree and then have to scurry to upgrade our servers to a newer version of Apache.

Our Apache setups contain a little bit of custom work done by our server administrators, so translating all of this over to Apache 2.2 will take some time. We want to develop a procedure to where we can easily migration from Apache 1.3 to Apache 2.2 with as little downtime and as little affect on our end users as possible. Right now I don’t have a solid timetable for when this upgrade might be done. I would like to have it in place by the Spring of 2008, but we are just now getting to the point where we can perform test upgrades on our test servers. While I still think that a Spring ’08 timetable is very feasible, it could be postponed.

We have some other upgrades and new features that are also being planned but these are the main things that we are focusing on. Our aim has always been to give our users the best webhosting experience in terms of stability, security, usability, and features. We look forward to continuing to offer you this same webhosting experience throughout 2008 and the years to come.

Scott Mutter
Director of Administration