The Second Superpower of Web Hosting

We are HostWerks. A different approach to the web hosting business.


If you have a received this email or something similar, it was not sent by Hostwerks. Please treat this or any other email with a proper amount of caution.

Dear user of  "" mailing system,

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and  e-mail account safe,
please, follow the instructions.

Pay attention on attached file.

   The  team 
One of ths issues with this is the grammar. While not a Rhodes scholar, I generally am able to write well enough that this would not pass for my writing. And I don't use 'Cheers' in my signature line.
Important update on Domain Registry of America scam

In the past, Hostwerks has warned you about various companies running domain name scams. Usually these scams involve trying to get the owner of a domain to transfer to another provider with much higher rates by tricking them into thinking they need to "renew." The letters these scammers send out are very professional looking, and unfortunately many people have unwittingly transferred their domains to these more costly providers.

Domain Registry of America (DROA), whose fake renewal letters are actually transfer authorizations, is probably the most well-known of these companies. Thankfully, a federal district court has now barred DROA from misleading consumers in the marketing of their domain name services. The court ordered that DROA, based in Ontario, Canada, may be required to provide redress to up to 50,000 consumers, is prohibited from engaging in similar conduct in the future, and is subject to stringent monitoring by the Federal Trade Commission to ensure its compliance with the court order. To read an article about these developments, please click here.

Please remember that Hostwerks only sends customer communications via e-mail. If you receive a domain renewal/expiration notice in the mail, it is NOT from Hostwerks. If you follow the instructions in these letters, you will be renewing your domains at significantly higher prices than you currently pay at Hostwerks.

If you have any questions or concerns about these deceptive letters, please contact us at Thank you for your vigilance
6 July 2003
Uptime Milestone Unblemished by Weather

On Saturday July 5, at 4:20 AM CDT, a major storm system moved though the northern Illinois. Although a lot of damage was done to much of the city, Hostwerks' servers remained online and available throughout the ordeal.

30 June 2003
Uptime Milestone Approaching

On Friday July 4, at 9:12 AM CDT, this Hostwerks server will surpass the 200 day uptime point. While it may not seem to be such a big deal, most Windows-based servers are rebooted on a regular basis just to keep them in their semi-stable state.

12 May 2003
AWStats Online for All Domains

All domains now have the option of using either Webalizer or AWstats for their statistics. Log in using You will be prompted for the site admin user name and password.

1 April 2003
Root DNS server update 2.0.1

The IP address of one of the root DNS servers (J.ROOT-SERVERS.NET) has been changed. This patch updates the list of root DNS servers on your appliance.

Reboot Required: No
1 April 2003
Tar & Unzip Security update 2.0.1

The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction.

Reboot Required: No
18 March 2003
Eudora/Qualcom Qpopper-4.0.5 (Security upgrade)

A vulnerability was discovered in Qpopper-4.0.4 which could lead to a potential exploit.

Qpopper is the POP2/POP3 service installed on the RaQs. On an up-to-date patched RaQ Qpopper-3.0.2 is installed. The newer Qpopper-4.0.5 is much faster and (opposed to Qpopper-3.0.2) supports APOP properly. Works fine with POP-before-SMTP, too.

Reboot Required: No
11 March 2003
Cgiwrap Update 2.0.1

This package addresses a cross-site scripting vulnerablity with cgiwrap when used with browsers that ignore input before the HTML and BODY tags.

Reboot Required: No
3 March 2003
Sendmail Vulnerability Addressed

This PKG for the RaQ4 only. It fixes a "Remote Header Processing Vulnerability" in Sendmail-8.10.2 which is installed on the RaQ4. Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. The full details of this vulnerability are outlined in ISS X-Force's Advisory.

RaQ4-Sendmail-8.10.2-C1sol1.pkg fixes this vulnerability as it was built with a patch that the Sendmail consortium released to address this issue.

Reboot Required: No
24 February 2003
Open WebMail 1.81

  • Every site can access OpenWebMail through http://sitename/openwebmail.
  • Compatible with pine and imap folders
    Changes from Neomail:
  • HTML e-mail support
  • Mail filters
  • Spell checker
  • Auto-reply/forwarding/password configurable by user
  • Calendar
  • Search functions
  • Uses Open Webmail 1.81 release from December 3, 2002
  • 22 February 2003
    Web-based File Editor Now Online

    FileMan is now available to any user that has site administrator privileges on their account. FileMan will allow the user to securely log in, and perform routine file maintenance as well as handle most site updates. All from their favorite browser.

    This update is being written via FileMan through Apple's superb Safari browser, so I can vouch that it works fine. It also seems to work OK with Internet Explorer. Please let us know if you find a browser that FileMan does not work properly with.

    Try it out by going to http://domain/fileman/fileman.cgi and logging in. I'll work on some rudimentary documentation for this feature as the author has provided none. As always, questions can be directed to
    22 February 2003
    DoS Attack Slows Network

    A massive DoS from a customer's server caused this problem in our Washington, DC facility (note that our other network was not affected at all, so only the clients at DC were affected). It has been now resolved and the offending server disconnected permanently. DNS will take an hour or so to recover but is improving already.
    18 February 2003
    UNIX Help Pages Added

    Just added, the UNIX help pages. These are particularly helpful if you are administering a dedicated server.
    17 February 2003
    Proftpd Security Update 2.0.1

    This patch fixes an upload file permission issue in proftpd. It also adds an extra security measure by preventing some default system accounts from logging in via ftp.
    15 February 2003
    Util-linux Update 2.0.1

    The chfn binary from the util-linux package could be used to gain unauthorized access. This vulnerability has been addressed.
    11 February 2003
    Acceptable Use Policy Updated

    Hostwerks' Acceptable Use Policy has been updated to better reflect current standards.
    3 February 2003
    FAQ Page Updated

    See the new and improved FAQs.
    25 January 2003
    Cross-Site Tracing issues

    Earlier this week a paper was published, "Cross-Site Tracing" which gave details of how the TRACE HTTP request could be used in Cross-Site Scripting attacks. Unfortunately this issue has not been very well understood by the media and has received a unwarranted amount of attention.

    When an HTTP TRACE request is sent to a web server that supports it, that server will respond echoing the data that is passed to it, including any HTTP headers. The paper explains that some browsers can be scripted to perform a TRACE request. A browser with this functionality could be made to issue a TRACE request against an arbitrary site and pass the results on elsewhere. Since browsers will only send authentication details and cookies to the sites that issue them this means a user having a browser with this functionality could be tricked into sending their cookies or authentication details for arbitrary sites to an attacker.

    For example, if you visited a page that an attacker has carefully crafted, the page could cause your browser to bounce a TRACE request against some site for which you have authentication cookies. The result of the TRACE will be a copy of what was sent to the site, which will therefore include those cookies or authentication data. The carefully crafted page can then pass that information on to the attacker.

    TRACE requests can be disabled by making a change to the Apache server configuration. Unfortunately it is not possible to do this using the Limit directive since the processing for the TRACE request skips this authorisation checking. Instead the following lines can be added which make use of the mod_rewrite module.

    	RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

    Although the particular attack highlighted made use of the TRACE functionality to grab authentication details, this isn't a vulnerability in TRACE, or in the Apache web server. The same browser functionality that permits the published attack can be used for different attacks even if TRACE is disabled on the remote web server. For example an attacker could create a carefully crafted page that when visited submits a hidden request to some arbitrary site through your browser, grabs the result and passes it to the attacker.

    This modification has been made to all Hostwerks servers.
    phpMyAdmin Now Available
    SQL admins can now utilize phpMyAdmin to maintain their MySQL databases by typing in and logging in using their assigned MySQL login. Documentation is now available for phpMyAdmin.
    Server Updates 15 December 2002
    Mutt mail client available
    Hostwerks now offers the Mutt command-line email client. If you have command line access and wish to try out this alternative mail user agent, type mutt at the command line. Documentation is available here.

    Kernel Update 2.0.1 C33
    Kernel C33 fixes the "do_try_to_free_pages failed" VM problem under heavy load and also adds support for raw I/O. This update required a server reboot
    The Webalizer statistics package deployed
    If you have not looked at the new statistics package Hostwerks offers, it's excellent. And it's included at no additional charge with each domain hosted. Take a look at your stats at You must sign in using the admin username and password.

    The package we use to produce the stats is called the Webalizer. It's a free package under the GPL and far outshines the other package we were using.

    Since it is free, we felt it was appropriate to not charge for the stats service. Imagine that, a company adding services but not charging more money for them. The stats package is valued at $60 per year. By not charging for this service, the typical Hostwerks customer will realize up to a 20% savings.
    December 7, 2002

    An Open Letter to Customers and Clients of has nearly completed it's third year of providing web hosting services. During this period we have seen numerous hosting companies come and go. Some have entered the industry with great fanfare and promises of fortunes, others with promises of free services and untold worth. During this time continued to grow slowly and steadily. Some internet companies have even closed their doors. Our door is still open.

    We have never promised we could provide services for free or at deep discounts. Successful businesses don't give away services to survive. We depend on you, our customers and clients, to realize our value to you and to recommend us to others who may need our services. When a potential client calls to discuss how we can help them, we speak candidly and promise only what we can deliver. We offer knowledge and technology to provide them with a quality product and dependable service.

    We all know that internet technology is not bullet-proof. There are times when the system breaks down and we need to step in and make some repairs. Please, and this cannot be emphasized enough, contact us immediately whenever you feel there is a problem with your website. We can usually detect problems and fix them pretty quickly. If there is a problem with the internet connections across the country then we can let you know where the problem exists and what you can expect. We don't promise miracles, we do promise our commitment.

    We don't want anyone to think we take this business light-heartedly. Quite the opposite. We want to know when you are dissatisfied and why. We want to continue to grow this business and we also want to please you. It isn't just the bottom line that we care about, it's also the people we work with.

    We look forward to many more years of growth and we wish the same to you and your business.


    Dave Emmons
    Kevin Swan
    We use Open Source technologies such as:
  • Apache web server
  • Qpopper mail server
  • Majordomo mail list manager
  • MySQL
  • BIND
  • PHP
  • PHPMyAdmin
  • Perl
  • Neomail
  • Webalizer

  • Updates to Servers Performed, 11-17-02

    Bind-8.3.4 (Security upgrade)
    Posted: Nov 17, 2002 Size: 5,346,348 bytes
    If you have our Bind-8.3.3.pkg installed, then upgrade ASAP.
    This PKG for the RaQ3 and RaQ4 upgrades the DNS server to BIND-8.3.4 by replacing the standard BIND-8.2.3 present on the RaQs. It will not affect your DNS records present on the server. This Bind-8.3.4 is supposed to fix multiple vulnerabilities. One of them has the potential of arbitrary code execution via a buffer overflow.

    Please note:

  • This PKG upgrades Bind to a newer version than the one which is usually found on a RaQ3 or RaQ4. Therefore you will have to skip future Sun Cobalt patches which target Bind - or there might be conflicts.
  • If you have our Bind-8.3.3-2.pkg (from Nov 14th) installed, then you are already protected and don't need to upgrade again.
  • If you have the older Bind-8.3.3.pkg (from 3rd July) installed, then you should upgrade.
  • If the new PKG refuses to be installed through the GUI, then remove the file /var/lib/cobalt/ and try again.

    OpenSSH-3.5p1-1 (Privilege Separation enabled - statically compiled against OpenSSL-0.9.6g and Zlib-1.1.4)
    Posted: Nov 06, 2002 Size: 1,807,977 bytes
    OpenSSH enables you to connect securely (encrypted) to your Sun Cobalt appliance. This Package Contains both client and Server software.
    None of our versions are/were affected by the recently discovered trojan in OpenSSH.
    This package is statically compiled against openssl-0.9.6g and zlib-1.1.4.

    Eudora/Qualcom Qpopper-4.0.4 (Performance and feature upgrade)
    Posted: April 28, 2002 Size: 104,200 bytes
    Qpopper is the POP2/POP3 service installed on the RaQs. On an up to date patched RaQ Qpopper-3.0.2 is installed. The newer Qpopper-4.0.4 is much faster and (finally!) supports APOP properly. Works fine with POP-before-SMTP, too.
    Please note: Once you have this PKG file installed and plan to use APOP for an account, then you need to change/update the password for this account through the Admin Interface. Afterwards APOP will work just fine for that account.

    University of Washington IMAP-2001a
    Posted: April 28, 2002 Size: 2,166,351 bytes
    The RaQ3 and RaQ4 usually use the University of Washington IMAP version 4rev1 v12.264.
    A vulnerability exists in version 12.264 of the University of Washington IMAPd server (UM-IMAP), implementing IMAP4rev1. This weakness could allow a logged in user to execute arbitrary code. As far as is known this does not allow the user to get root access, instead the code or shell is executed with the user's privileges.
    This PKG installs IMAP-2001a (2001.315) which has this vulnerability fixed and comes with many enhancements. Works fine with POP-before-SMTP, too.

    Posted: April 25, 2002 Size: 390,605 bytes
    This PKG installs phpMyAdmin-2.2.6 and enables it for all virtual websites.
    Each of your virtual sites will have a browser based admin interface for MySQL at http://[sitename]/phpmyadmin/
    The URLs are password protected and login is only granted to those who login with a valid MySQL username and password.
    Requirements: PHP and MySQL.

    Midnight Commander 4.5.42 Posted: April 25, 2002 Size: 1,392,741 bytes
    If you work a lot on the shell through SSH and know the old Norton Commander for DOS, then you'll love Midnight Commander. All file operations are just a few keystrokes away. The included editor, ftp client and the search and replace functions make it an extremely useful addition for anyone who has to spend more than a few minutes on the shell.
    Once this PKG is installed anyone with shell access can type "mc" in their console and Midnight Commander will open up.
    Please note: Some of the most useful functions of Midnight Commander are only available through the F2 to F10 keys. Not all types of terminal and not all SSH or Telnet clients support the use of these function keys. In that case use the ESC key and then press the corresponding number to simulate the F-key. Example: For F10 press ESC 0, for F4 press ESC 4

  • Updates to Servers Performed, 11-4-02

    OpenSSH 3.4p1-PM4

  • OpenSSH enables you to connect securel to the server
  • Contains both Client and Server software
  • Statically compiled against zlib 1.1.4 and openssl 0.9.6e
  • PrivSep enabled for better security
  • Compression enabled for better performance
  • None of our pkgs are/were affected by the recently discovered trojan in OpenSSH

    Webalizer 2.01.10

  • Generates site statistics daily and is accessed from http://sitename/stats
  • Improved compatibility with Frontpage-enabled sites
  • Improved for sites with multiple log rotations per month
  • Included Oct 4th epoch patch
  • Fixes problems executing webalizer.cron

    PHP 4.1.2-3

  • Includes command line php executable (/usr/bin/php)
  • cURL module now included
  • libpdf module now included to support on-the-fly PDF generation
  • mbstring / mbstr-enc-trans support
  • wddx support
  • ftp support
  • GD support for gif/png/jpg/wbmp/ttf formats
  • Fixes several vulnerabilities in PHP's fileupload code allow remote compromise

    Neomail 1.25-5

  • Neomail adds webmail functionality to Sun's Cobalt RaQ
  • Every site has its own webmail interface, accessible through http:/webmail
  • Compatible with pine and imap folders
  • Permissions of mail directories are set correctly

    MySQL 3.23.37

  • Includes the server, client, shared files as well as the Perl DBI MySQL modules.

    SNMP Update

  • Updated SNMP package that shows both incoming and outgoing statistics

    Over the last several weeks, it has been brought to our attention that several companies, incuding Network Solutions/VeriSign, are sending deceptive and predatory domain expiration notices and domain dispute notices to customers of other registrars. We are writing to warn you about these mailings and to remind you that any legitimate information regarding the domains you register at Hostwerks will come only from Inc. and will be clearly identified as such.

    Deceptive Domain Expiration Notices: VeriSign Inc. (formerly Network Solutions) has been sending via postal mail false domain expiration notices. The purpose of these notices is to get the customer to unwittingly transfer and renew their domain names with VeriSign.

    Unfortunately, the notices are designed so that it is not clear who they are from. Please take note that only sends renewal notices via e-mail. If you receive a domain expiration notice in the mail, it IS NOT from If you follow the instructions in the letter, you will be renewing your domains at significantly higher prices than you currently pay at

    Domain Dispute Notifications: Many domain name registrants are receiving "Domain Dispute Notification" mailings from an entity identifying itself as XChange Dispute Resolution. The mailings falsely state that XChange is an ICANN authorized arbitrator and that the registrant must mail in a security deposit fee to defend ownership of the domain name.

    The sender of these notices has not been approved by ICANN as a provider of dispute-resolution services under ICANN's Uniform Domain Name Dispute-Resolution Policy (UDRP). Registrants should not send money as requested by this notice. Registrants who receive the notice should contact an appropriate governmental law enforcement/consumer protection agency to report the incident. Recipients can also fax the notice to ICANN at 310-823-8649.

    If you have any questions or concerns about these deceptive e-mails, please contact us at
  • Google
    Search Hostwerks Search the Web

    Home | About | Order | Pricing | Privacy | Support | Terms