SonnetUK.info - the support and information portal for customers of:

SonnetUK News + Announcements

» Essential Upgrades - All Servers

As you may be aware, PHP4 reached its end-of-life at the end of last year, and no more security updates are being released for it as of August of this year.

Our servers have been running both PHP5 and PHP4 side by side for some time now; this is an advance notice to inform customers that we will be recompiling PHP on all of our servers to remove PHP4 support within the next fortnight.

MySQL will also be upgraded to MySQL5 at this time, and Apache to Apache 2.

Specific dates for each server will be announced shortly.

Please take this opportunity to ensure all your code is fully compatible with PHP5 and MySQL5. This should include a review of all self-written code as well as upgrading any installations of third party scripts such as forums, blogs, CMS, etc. Most commercial and open-source scripts have supported PHP5 for a long time, but if in doubt, you should contact the developer of the script(s) in question.

Upgrading to Apache2 and MySQL seldom causes problems, however changing from PHP4 to PHP5 can affect some scripts. The main change to affect sites with an upgrade to PHP5 is often the setting of register_globals to off instead of on by default.

This is an important security change and we will not be re-enabling register_globals by default once the servers are upgraded.

OSCommerce sites have been noted to be particularly affected by this. If you are presented with a blank white page with PHP5 enabled, this is the most likely cause.You can either enable register_globals using the method described below, or modify your OSCommerce installation so that it no longer requires register_globals to operate, please see OSCommerce's website for more details.

If the disabling of register_globals proves to be an issue for your site, you can enable register_globals on your account via .htaccess by adding the following line to an .htaccess file in your script directory, or public_html if you wish to enable it for your whole account - please only do this if your script actually requires it:

php_value register_globals 1

Also worth noting is the fact the register_globals is deprecated and removed from PHP as of PHP6. Although it will be some time before our servers are running PHP6, it is worth bearing this in mind.

These upgrades are essential to maintain the security, stability and performance of our servers. If you have any questions regarding the upgrades, please don't hesitate to contact support at help@sonnetuk.net

15 Oct 2008 02:07

Posted by Support

» IMPORTANT - Insecure Scripts

Once again, an increasing number of insecure scripts on our servers are being compromised and used for phishing or spamming, causing performance problems and having serious implications for everybody.

The scripts most affected appear to be CMS Made Simple and WordPress, although there are others, including custom written scripts.

Therefore, we are undertaking a plan to remove these vulnerable scripts from our servers.

In the first instance we are asking all users to check their accounts for outdated scripts and update them immediately, or remove them if they are not being used. Please also ensure that you do not use world-writeable (777) permissions on any files and folders unless they are absolutely necessary to the running of the script.

In addition, anyone using simple passwords, for example those based on names or dictionary words, are asked to change these to more secure passwords - there is a very good password generator in cPanel (and WHM for resellers) which can be used to create secure passwords.

This will be followed up by server wide checks similar to those undertaken last year; if any insecure or compromised scripts are found at this time, they will be disabled or the account suspended, depending on the level of insecurity. More details will be posted before these sweeps begin, which will be within the next week.

At any time, where we find accounts that have been compromised (for example, by having code inserted into pages, or spam/DDoS scripts uploaded), either through a script in that account or through another user's account, the affected file(s) will be cleaned and the cPanel password will be changed and the user informed.

If this happens to you and you are not running any scripts, then we apologise for the inconvenience caused but hope you can understand why this is necessary.

It is important to note that scripts installed using Fantastico or cPanel are NOT automatically updated when the auto-installer program is. It is the responsibility of the user to keep their scripts up to date, however they were originally installed.

Resellers are reminded that scripts running on resold accounts are the resellers responsibility; if one of your clients' scripts is compromised, you will be held responsible for any damage caused. You will also be our point of contact for these accounts, we will never contact your clients directly unless asked to do so.

It is our policy at all times that, if a script on a user account is exploited, we won't hesitate to disable the content and/or suspend the whole account before contacting the account owner. Keeping your scripts up-to-date helps ensure server stability and helps keep your site up.

As always, Sonnet is willing to advise on or help with upgrades if necessary, please submit a helpdesk ticket to help(at)sonnetuk.net if you would like help with updates, if you have any questions, or if you are unsure whether your script is out of date/insecure.

We thank you for your co-operation and understanding on this matter, and will post further details about the security sweeps in the coming days.

15 Aug 2008 12:18

Posted by Support

» Warning - Immediate crackdown on insecure scripts

Due to an increasing number of attacks on our servers, caused by insecure scripts being compromised, we will be undertaking an urgent search of accounts to root out old and insecure installations.

This will begin immediately.

Several users have found iframes and/or Javascript strings inserted into their web pages, which was made possible by an insecure script being exploited on the server. In addition, accounts have been used to send out spam, or run scripts which attack other servers. Despite our higher than average security measures, these things have been made possible by users not keeping their scripts up to date.

The following process will be followed during our searches:

- If an outdated installation is found, in the first instance clients will receive a request to upgrade or remove their vulnerable script. Where this is on a reseller account, the reseller will be notified.

- If a response is not received within 24 hours, we may suspend the account, block access to the script, or remove or upgrade the script. If we force upgrade a script, any custom modifications or hacks will be lost, and we will not take responsibility for lost customisations or data.

- In addition, where we find accounts that have been compromised (for example, by having code inserted into pages, or spam/DDoS scripts uploaded), either through a script in that account or through another users account, the affected file(s) will be cleaned and the cPanel password will be changed and the user informed.

If this happens to you and you are not running any scripts, then we apologise for the inconvenience caused but hope you can understand why this is necessary.

It is important to note that scripts installed using Fantastico or cPanel are NOT automatically updated when the auto-installer program is. It is the responsibility of the user to keep their scripts up to date, however they were originally installed.

Resellers are reminded that scripts running on resold accounts are the resellers responsibility; if one of your clients' scripts is compromised, you will be held responsible for any damage caused. You will also be our point of contact for these accounts, we will never contact your clients directly unless asked to do so.

It is our policy at all times that, if a script on a user account is exploited, we won't hesitate to disable the content and/or suspend the whole account before contacting the account owner. Keeping your scripts up-to-date helps ensure server stability and helps keep your site up.

As always, Sonnet is willing to upgrade installations for all clients at no cost, please submit an upgrade request in a helpdesk ticket at http://helpdesk.sonnetuk.info/ if you would like us to do this, if you have any questions, or if you are unsure whether your script is out of date/insecure.

We thank you for your co-operation and understanding on this matter.

18 Apr 2007 15:39

Posted by Marie

» Winter Warmers from SonnetUK

Yes, it's that time of year again. Temperatures are plummetting, small (and big!) children are getting excited and the high street is packed, so why not stay in the warm and celebrate with us with our fantastic Christmas offers - treat someone you love with a new website for 2007, or just treat yourself!

Web Hosting

As an extra winter warmer, each shared hosting special comes with a free domain!*

Not only that, but pay with PayPal and receive 50% extra disk space and bandwidth, absolutely free for as long as you keep the plan.

2006 Winter Warmers - Christmas Cracker #1

* 400MB of disk space (600MB with PayPal)
* 12GB of monthly data transfer (18GB with PayPal)
* 200 POP3 email accounts
* 40 Subdomains
* 40 MySQL databases
* 40 FTP accounts
* 20 Parked domains
* 5 Add-on domains
* 5 Mailing lists
* FREE DOMAIN NAME*
* All the standard features of our other shared hosting plans
* £50/yr
* Want to order? https://billing.sonnetuk.info/step_one.php?gid=10

2006 Winter Warmers - Christmas Cracker #2

* 800MB of disk space (1200MB with PayPal)
* 20GB of monthly data transfer (30GB with PayPal)
* 400 POP3 email accounts
* 100 Subdomains
* 100 MySQL databases
* 100 FTP accounts
* 40 Parked domains
* 10 Add-on domains
* 10 Mailing lists
* FREE DOMAIN NAME*
* All the standard features of our other shared hosting plans
* £100/yr or £10/m
* Want to order? https://billing.sonnetuk.info/step_one.php?gid=10

View full details and terms of our web hosting offers - http://www.sonnethosting.co.uk/offers.php

Web Design

25% or more off our pre-defined website packages? 10% off bespoke web design? 5% PayPal or cheque payment discount on top of that? Start the New Year with a new website for your business, your family, or even just yourself...

View full details of our web design offers - http://www.sonnetdesign.co.uk/offers.php

Please note: These special offers are available for a limited time only. Hosting offers are available to new hosting customers only. Existing Sonnet Hosting customers can take advantage of these offers if purchasing additional account(s). Please see individual special offers pages for any further terms and conditions

19 Dec 2006 11:06

Posted by Marie

Pages(20): 1 [2] 3 4 5 Last »

The time now is 14:55 (GMT +0)

| Announcements |