Some of you may have noticed you haven’t heard from me in a while, and quite a few of you are unlikely to have seen these newsletters before, you can review the back issues here. Newsletters at one time were very regular – but it became clear that many users only preferred to hear from us when important changes were coming – personally I’d like to see combination of the two, so expect to see this new newsletter “semi-regularly”!
BetterWebSpace has continued to grow, with this week marking BetterWebSpace’s 5th Birthday! We’ve slowly built a strong subscriber base of very loyal customers, this continued growth has slowed some of the changes to the business that I anticipated making by now (don’t get me wrong I’m not compaining at all!). The promised new support system has been put on a back burner until it’s compatible with some of our other systems.
Reminders & Notices
Firstly, I’d like to remind users that the changes we put in place for PHP Nobody Email, and PHPSuExec are both still in place and will continue to be so, we will be auditing the server for those sending from nobody again soon and contacting those that need to upgrade their settings/code.
Secondly, over the next couple of weeks and months an awful lot is going on, so please read this newsletter (and notices in the near future) cover to cover!
It has come to our attention that a lot of users are either running insecure/vulnerable scripts or have incorrect permissions for their directory structure allowing non-customers to upload files to their webspace, which are capable of generating several thousand spam messages an hour.
This is a friendly reminder that spam will not be tolerated on the BetterWebSpace network (that includes customers of our resellers as well!), and that we reserve the right to suspend or withdraw services to customers who’s accounts have been allowed to send out spam and that we may charge a fine to cover the cost of the cleanup operation after such an attack has occured.
Things to check:
- Your password is secure and not easily guessed.
- Your installed scripts are current and are not open to any security vulnerabilities (regularly check your script vendors website to be sure).
- Your directory structure has the correct permissions to prevent such files being uploaded or run
We do everything we can to minimise the spam you actually receive, but we can’t do it without your help!
If you don’t use the email addresses on your domain, set your default address to :fail: No such user here to prevent mail building up on the queue and allow us to identify dictionary attack users.
Server Upgrades & Maintenance
Major Email Upgrade
cPanel are trying to improve some of the file locking and CPU issues we’ve seen in recent releases of cPanel, one part of this will involve changing the format in which your email is stored on our servers. This in itself is a big job and should be a one-off upgrade, but should allow us to get better email performance on our servers. The old format will no longer work when cPanel 12 is released.
What do you need to Know?
- Neomail webmail client will no longer work, it is incompatible and the writers of Neomail are not converting it to the new format. Your Neomail address book will also no longer work (it may be found in your home directory under (/home/<username>/.neomail/user/addressbook), a conversion script may convert this – but you should make a note of all of your addresses.
- Root mailboxes, users who are used to logging into their webmail with their cPanel username and being able to view email for all of their email accounts will find this may not work, it was a security bug before and has been closed up. However the webmail client Horde are adding it into later releases of their software so this “feature” should be back soon.
When Will This Happen?
This needs to happen as soon as possible, as such we are giving less than one weeks notice that upgrades will being in the week commencing Monday 1st October. From 20:00 BST daily – MAKE YOUR BACKUPS BEFORE THIS TIME
Please note users on harry.securesitex3.com (188.8.131.52) are already upgraded and using this system.
Several of you have asked recently about MySQL being upgrade from 4.0 to 4.1 on the cPanel servers, for a long while this was considered unstable, this was largely due to customers installed scripts (coded by customers themselves, installed from fantastico or purchased/downloaded from another source) being incompatible with the new security systems in MySQL 4.1. We now consider there have been enough time for the vast majority of scripts to have been upgraded to support the new systems, and will be announcing maintenance windows for this upgrade shortly.
It is your responsibility to make sure you are running the most current (and hopefully more secure) version of scripts which you install in your account (where fixes/upgrades are available you should apply these ASAP), this includes making sure that any PHP scripts you have coded yourself are secure, remember if your account is compromised in any way, you are accountable.
If you are unsure about doing your upgrades, contact us. Often we are happy to quote you for a custom job for these.
This is another common question! PHP5 is coming, so watch this space!
Until next time!