The Second Superpower of Web Hosting | |||
We are HostWerks. A different approach to the web hosting business. |
|||
Important If you have a received this email or something similar, it was not sent by Hostwerks. Please treat this or any other email with a proper amount of caution. Dear user of "Hostwerks.com" mailing system, We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions. Pay attention on attached file. Cheers, The Hostwerks.com team http://www.hostwerks.comOne of ths issues with this is the grammar. While not a Rhodes scholar, I generally am able to write well enough that this would not pass for my writing. And I don't use 'Cheers' in my signature line. |
|||
Important update on Domain Registry of America scam In the past, Hostwerks has warned you about various companies running domain name scams. Usually these scams involve trying to get the owner of a domain to transfer to another provider with much higher rates by tricking them into thinking they need to "renew." The letters these scammers send out are very professional looking, and unfortunately many people have unwittingly transferred their domains to these more costly providers.
Domain Registry of America (DROA), whose fake renewal letters are actually transfer authorizations, is probably the most well-known of these companies. Thankfully, a federal district court has now barred DROA from misleading consumers in the marketing of their domain name services. The court ordered that DROA, based in Ontario, Canada, may be required to provide redress to up to 50,000 consumers, is prohibited from engaging in similar conduct in the future, and is subject to stringent monitoring by the Federal Trade Commission to ensure its compliance with the court order. To read an article about these developments, please click here. Please remember that Hostwerks only sends customer communications via e-mail. If you receive a domain renewal/expiration notice in the mail, it is NOT from Hostwerks. If you follow the instructions in these letters, you will be renewing your domains at significantly higher prices than you currently pay at Hostwerks. If you have any questions or concerns about these deceptive letters, please contact us at support@hostwerks.com Thank you for your vigilance |
|||
6 July 2003 Uptime Milestone Unblemished by Weather On Saturday July 5, at 4:20 AM CDT, a major storm system moved though the northern Illinois. Although a lot of damage was done to much of the city, Hostwerks' servers remained online and available throughout the ordeal. |
|||
30 June 2003 Uptime Milestone Approaching On Friday July 4, at 9:12 AM CDT, this Hostwerks server will surpass the 200 day uptime point. While it may not seem to be such a big deal, most Windows-based servers are rebooted on a regular basis just to keep them in their semi-stable state. |
|||
12 May 2003 AWStats Online for All Domains awstatsraq_5.3.pkg All domains now have the option of using either Webalizer or AWstats for their statistics. Log in using http://yourdomain.com/awstats/ You will be prompted for the site admin user name and password. |
|||
1 April 2003 Root DNS server update 2.0.1 RaQ4-All-System-2.0.1-16365.pkg The IP address of one of the root DNS servers (J.ROOT-SERVERS.NET) has been changed. This patch updates the list of root DNS servers on your appliance. Reboot Required: No |
|||
1 April 2003 Tar & Unzip Security update 2.0.1 RaQ4-All-Security-2.0.1-16170.pkg The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. Reboot Required: No |
|||
18 March 2003 Eudora/Qualcom Qpopper-4.0.5 (Security upgrade) RaQ34-Qpopper-4.0.5.pkg A vulnerability was discovered in Qpopper-4.0.4 which could lead to a potential exploit. Qpopper is the POP2/POP3 service installed on the RaQs. On an up-to-date patched RaQ Qpopper-3.0.2 is installed. The newer Qpopper-4.0.5 is much faster and (opposed to Qpopper-3.0.2) supports APOP properly. Works fine with POP-before-SMTP, too. Reboot Required: No |
|||
11 March 2003 Cgiwrap Update 2.0.1 RaQ4-All-Security-2.0.1-16261.pkg This package addresses a cross-site scripting vulnerablity with cgiwrap when used with browsers that ignore input before the HTML and BODY tags. Reboot Required: No |
|||
3 March 2003 Sendmail Vulnerability Addressed RaQ4-Sendmail-8.10.2-C1sol1.pkg This PKG for the RaQ4 only. It fixes a "Remote Header Processing Vulnerability" in Sendmail-8.10.2 which is installed on the RaQ4. Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. The full details of this vulnerability are outlined in ISS X-Force's Advisory. RaQ4-Sendmail-8.10.2-C1sol1.pkg fixes this vulnerability as it was built with a patch that the Sendmail consortium released to address this issue. Reboot Required: No |
|||
24 February 2003 Open WebMail 1.81 Changes from Neomail: |
|||
22 February 2003 Web-based File Editor Now Online FileMan is now available to any user that has site administrator privileges on their account. FileMan will allow the user to securely log in, and perform routine file maintenance as well as handle most site updates. All from their favorite browser.
This update is being written via FileMan through Apple's superb Safari browser, so I can vouch that it works fine. It also seems to work OK with Internet Explorer. Please let us know if you find a browser that FileMan does not work properly with. Try it out by going to http://domain/fileman/fileman.cgi and logging in. I'll work on some rudimentary documentation for this feature as the author has provided none. As always, questions can be directed to support@hostwerks.com. |
|||
22 February 2003 DoS Attack Slows Network A massive DoS from a customer's server caused this problem in our Washington, DC facility (note that our other network was not affected at all, so only the clients at DC were affected). It has been now resolved and the offending server disconnected permanently. DNS will take an hour or so to recover but is improving already.
|
|||
18 February 2003 UNIX Help Pages Added Just added, the UNIX help pages. These are particularly helpful if you are administering a dedicated server. |
|||
17 February 2003 Proftpd Security Update 2.0.1 RaQ4-All-Security-2.0.1-15823.pkg This patch fixes an upload file permission issue in proftpd. It also adds an extra security measure by preventing some default system accounts from logging in via ftp.
|
|||
15 February 2003 Util-linux Update 2.0.1 RaQ4-All-Security-2.0.1-15673.pkg The chfn binary from the util-linux package could be used to gain unauthorized access. This vulnerability has been addressed.
|
|||
11 February 2003 Acceptable Use Policy Updated Hostwerks' Acceptable Use Policy has been updated to better reflect current standards. |
|||
3 February 2003 FAQ Page Updated See the new and improved FAQs. |
|||
25 January 2003 Cross-Site Tracing issues Earlier this week a paper was published, "Cross-Site Tracing" which gave details of how the TRACE HTTP request could be used in Cross-Site Scripting attacks. Unfortunately this issue has not been very well understood by the media and has received a unwarranted amount of attention. When an HTTP TRACE request is sent to a web server that supports it, that server will respond echoing the data that is passed to it, including any HTTP headers. The paper explains that some browsers can be scripted to perform a TRACE request. A browser with this functionality could be made to issue a TRACE request against an arbitrary site and pass the results on elsewhere. Since browsers will only send authentication details and cookies to the sites that issue them this means a user having a browser with this functionality could be tricked into sending their cookies or authentication details for arbitrary sites to an attacker. For example, if you visited a page that an attacker has carefully crafted, the page could cause your browser to bounce a TRACE request against some site for which you have authentication cookies. The result of the TRACE will be a copy of what was sent to the site, which will therefore include those cookies or authentication data. The carefully crafted page can then pass that information on to the attacker. TRACE requests can be disabled by making a change to the Apache server configuration. Unfortunately it is not possible to do this using the Limit directive since the processing for the TRACE request skips this authorisation checking. Instead the following lines can be added which make use of the mod_rewrite module. RewriteEngine On Although the particular attack highlighted made use of the TRACE functionality to grab authentication details, this isn't a vulnerability in TRACE, or in the Apache web server. The same browser functionality that permits the published attack can be used for different attacks even if TRACE is disabled on the remote web server. For example an attacker could create a carefully crafted page that when visited submits a hidden request to some arbitrary site through your browser, grabs the result and passes it to the attacker. This modification has been made to all Hostwerks servers. |
|||
phpMyAdmin Now Available SQL admins can now utilize phpMyAdmin to maintain their MySQL databases by typing in sitename.com/phpmyadmin and logging in using their assigned MySQL login. Documentation is now available for phpMyAdmin. |
|||
Server Updates 15 December 2002 Mutt mail client available
Hostwerks now offers the Mutt command-line email client. If you have command line access and wish to try out this alternative mail user agent, type mutt at the command line. Documentation is available here.
Kernel Update 2.0.1 C33 Kernel C33 fixes the "do_try_to_free_pages failed" VM problem under heavy load and also adds support for raw I/O. This update required a server reboot |
|||
The Webalizer statistics package deployed
If you have not looked at the new statistics package Hostwerks offers, it's excellent. And it's included at no additional charge with each domain hosted. Take a look at your stats at http://www.yourdomain.com/stats/. You must sign in using the admin username and password. The package we use to produce the stats is called the Webalizer. It's a free package under the GPL and far outshines the other package we were using. Since it is free, we felt it was appropriate to not charge for the stats service. Imagine that, a company adding services but not charging more money for them. The stats package is valued at $60 per year. By not charging for this service, the typical Hostwerks customer will realize up to a 20% savings. |
|||
December 7, 2002 An Open Letter to Customers and Clients of Hostwerks.com Hostwerks.com has nearly completed it's third year of providing web hosting services. During this period we have seen numerous hosting companies come and go. Some have entered the industry with great fanfare and promises of fortunes, others with promises of free services and untold worth. During this time Hostwerks.com continued to grow slowly and steadily. Some internet companies have even closed their doors. Our door is still open. We have never promised we could provide services for free or at deep discounts. Successful businesses don't give away services to survive. We depend on you, our customers and clients, to realize our value to you and to recommend us to others who may need our services. When a potential client calls to discuss how we can help them, we speak candidly and promise only what we can deliver. We offer knowledge and technology to provide them with a quality product and dependable service. We all know that internet technology is not bullet-proof. There are times when the system breaks down and we need to step in and make some repairs. Please, and this cannot be emphasized enough, contact us immediately whenever you feel there is a problem with your website. We can usually detect problems and fix them pretty quickly. If there is a problem with the internet connections across the country then we can let you know where the problem exists and what you can expect. We don't promise miracles, we do promise our commitment. We don't want anyone to think we take this business light-heartedly. Quite the opposite. We want to know when you are dissatisfied and why. We want to continue to grow this business and we also want to please you. It isn't just the bottom line that we care about, it's also the people we work with. We look forward to many more years of growth and we wish the same to you and your business. Sincerely, Dave Emmons Kevin Swan Principals, Hostwerks.com |
|||
We use Open Source technologies such as:
Updates to Servers Performed, 11-17-02
Bind-8.3.4 (Security upgrade) Please note: OpenSSH-3.5p1-1 (Privilege Separation enabled - statically compiled against OpenSSL-0.9.6g and Zlib-1.1.4) Eudora/Qualcom Qpopper-4.0.4 (Performance and feature upgrade) phpMyAdmin-2.2.6 Midnight Commander 4.5.42
Posted: April 25, 2002 Size: 1,392,741 bytes Updates to Servers Performed, 11-4-02 OpenSSH 3.4p1-PM4 Webalizer 2.01.10 PHP 4.1.2-3 Neomail 1.25-5 MySQL 3.23.37 SNMP Update
Over the last several weeks, it has been brought to our attention that several companies, incuding Network Solutions/VeriSign, are sending deceptive and predatory domain expiration notices and domain dispute notices to customers of other registrars. We are writing to warn you about these mailings and to remind you that any legitimate information regarding the domains you register at Hostwerks will come only from Hostwerks.com Inc. and will be clearly identified as such.
Deceptive Domain Expiration Notices: VeriSign Inc. (formerly Network Solutions) has been sending via postal mail false domain expiration notices. The purpose of these notices is to get the customer to unwittingly transfer and renew their domain names with VeriSign. Unfortunately, the notices are designed so that it is not clear who they are from. Please take note that Hostwerks.com only sends renewal notices via e-mail. If you receive a domain expiration notice in the mail, it IS NOT from Hostwerks.com. If you follow the instructions in the letter, you will be renewing your domains at significantly higher prices than you currently pay at Hostwerks.com. Domain Dispute Notifications: Many domain name registrants are receiving "Domain Dispute Notification" mailings from an entity identifying itself as XChange Dispute Resolution. The mailings falsely state that XChange is an ICANN authorized arbitrator and that the registrant must mail in a security deposit fee to defend ownership of the domain name. The sender of these notices has not been approved by ICANN as a provider of dispute-resolution services under ICANN's Uniform Domain Name Dispute-Resolution Policy (UDRP). Registrants should not send money as requested by this notice. Registrants who receive the notice should contact an appropriate governmental law enforcement/consumer protection agency to report the incident. Recipients can also fax the notice to ICANN at 310-823-8649. If you have any questions or concerns about these deceptive e-mails, please contact us at support@hostwerks.com.
|
|