Updated 21st November 2008

Accounts with login at; http://cp.domainsrush.org

We have cleared out the queue and your emails should now be working. We may be requesting transfer of domains that are receiving large amounts of spam to our other server.

We have had a major attack of spam emails routed through our server which has caused a queue of nearly 150,000 emails. Please bear with us while we clear the backlog and get the mailserver running smoothly again. We estimate that it will take up to 24 hours to clear the backlog. Please note we will do our utmost to ensure that any emails not flagged as spam will be saved and forwarded on once we resolve this issue.
Sorry for the inconvenience.

________________

Accounts with login at; http://controlpanel.cc

We have been running the PHP 4 and PHP 5 languages concurrently on our servers for a while now, with PHP 4 running as the default version for all .php files. You may or may not be aware that PHP 4 has now reached its end-of-life, meaning it is no longer being developed or supported.

With more scripts now requiring it, we have made the decision to switch to PHP 5 as the main version. We will still run PHP 4 in the background, just like we do with PHP 5 at the moment.

After the upgrade, both languages will have Zend Optimizer and Ioncube extensions installed as standard. If you have any custom PHP variables in htaccess files, these will still work correctly with the new version.

We will be making the PHP upgrade on Thursday 13/11/2008 at 23:30 on the FTP3 (Fusion) server first.

_________

PHP. We have switched off the PHP setting "register_globals" as this now represents a security weakness.

All Accounts

This update is to make you aware of a security issue that we have found
some of our users are experiencing recently.

We have found that many users use the same password for accounts and
databases. If there is an out of date script or program on the account, a
hacker can potentially gain access to the database password stored in the
scripts configuration files.

Recently we have found that if a database password is found, the hacker then
tries to login via FTP to the account. If successful, they gain complete
access to that account.

If you run scripts or programs such as phpBB2 or OSCommerce, please ensure
they are always up to date. New security vulnerabilities come out regularly
and they must be patched to ensure the integrity of your account.

If you no longer are using a script, please remove it from your account to
prevent it from being abused.

Lastly, if your database password is the same as your account password,
please change this ASAP. You can change your account password on the
"Account Details" page on your control panel. Database passwords can be
changed in the MySQL Manager on the "Web Tools" page.

All Accounts

*****KEEPING SOFTWARE UP TO DATE*****

A point we would like to bring to users attention is keeping
software up to date. For example form mail scripts, forums and content
management systems with the last version of the code available. This is
important as old code can contain vulnerabilities that allow hackers to
abuse your web sites and possibly attack us. You do not have to worry
about server side software like PHP, MySQL and Apache as we will keep
this up to date for you.

This is regarding the popular OSCommerce shopping cart and
PHPBB2 forum software that you may use. There are some vulnerabilities
for these software packages that require URGENT attention. If you use
any of these packages please read this. If any of your users or
developers use these software packages, please forward this E-mail on to
them.

OSCOMMERCE
----------
There is a vulnerability in OSCommerce that allows spammers to send out
multiple E-mails using contact_us.php. There are two options to resolve
this problem:

1. If you do not use the contact us feature in OSCommerce, simply delete
the contact_us.php file. This can be found in the root of your
OSCommerce installation.

2. Follow the instructions from the link below to update a PHP file. We
recommend you back up the original file before you attempt to modify it:

http://www.bpweb.net/oscommerce-fix.htm

If you are unsure about how to do this, please contact us and we will be
happy help.

PHPBB2
------
There have been several vulnerabilities recently that can result in an
attacker taking over or corrupting your forum.

Please upgrade all of your PHPBB installations to the latest version by
downloading the upgrade file from the link below. Once downloaded, unzip
it, upload the files to your PHPBB2 installation and follow the upgrade
instructions in the install directory.

Download for upgrading PHPBB2 is the "Changed Files Only" file and NOT the "Patch File Only" file.

1. Download this file from http://www.phpbb.com/downloads.php and unzip
it
2. Make a backup of your current PHPBB2 installation
3. Follow the upgrade instructions in the docs/INSTALL.html directory

If you have any queries or problems, please don't hesitate to contact
us.

If you have any questions or queries about this change, please don't
hesitate to contact us.


Domainsrush