Domain Renewal Notices – Scam!

Posted by BetterWebSpace

If we manage your domain name for you, you will only ever get domain renewal notices from us via email. We do not issue paper invoices.

Several customers have noew reports receiving letter from:

  • The domain Registry of America
  • Domain Renewal Group
  • Domain Registry of Europe
  • EU Registry Services.

These companies are in no way connected to BetterWebSpace or any of it’s partners.

Here is an example of one:

Domain Renewal Notice

The letters appear to be renewal notices, but looking more closely you’ll find that they are offers to transfer your domain to them. You are of course entitled to do this, but you will be tied into their fee structure and not ours and may lose access to some of the services we provide you with.

We urge you not to take up the offers in these letters.

suPHP and OSCommerce

Posted by BetterWebSpace

Most customers have got to grips with suPHP and the necessary changes this well. However one thing we didn’t reference in our earlier post about suPHP, was a permissions error in OSCommerce.

OSCommerce issues a warning if the user that PHP is running under is able to edit the configuration files. Obviously now we have suPHP the PHP user is your own username, and you probably need to be able to edit that file!

In your OSCommerce installation open up:
includes/application_top.php

Near the bottom you will find the following code, change the line in red from true to false to hide the warning:

define('WARN_INSTALL_EXISTENCE', 'true');
define('WARN_CONFIG_WRITEABLE', 'true');
define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true');
define('WARN_SESSION_AUTO_START', 'true');
define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true');

Installation of suPHP

Posted by BetterWebSpace

Hi,

Many of you will have seen the recent blog post (hopefully) about changes required for suPHP to prevent Internal Server errors (500).

As I’m sure you understand we haven’t just posted this for no particular reason, we will be rolling out suPHP on all servers in the coming week as part of our new security measures.

What new security measures?

On June 23rd a malicious user gain access to the server Hufflepuff and caused some considerable damage to users sites in a very short space of time. A complete server wide wipe was required to get the server up and running again, we then reloaded any backups we had and asked that customers upload their most recent backups over the top.

Fortunately only files were touched, and not databases – however you should be following our guide to backing up your databases to make sure you have a local copy!

Whilst we’re still clearing up these problems we feel it necessary to ramp up the security on all of our servers ASAP.

  1. We’ve upgraded our firewalls and increased general security around them.
  2. One of our biggest vulnerabilities is insecure PHP scripts.
    For several months PHP5 users on Dumbledore have been using suPHP and we are going to roll this out across all versions of PHP on all of our servers at the earliest possible convenience.
  3. We will also take this opportunity to upgrade both PHP4 and PHP5 to the latest revision in that release.

Schedule

Our engineers require an 8 hour window to work in, but do not anticipate any downtime providing no problems are encountered. If you encounter Internal Server errors after the upgrade please be sure to read the post on how to fix these!

These are scheduled below

Dumbledore: Wednesday 1st July 0000 – 0800 BST
Hermione: Thursday 2nd July 0000 – 0800 BST
Hagrid: Friday 3rd July 0000 – 0800 BST
Harry: Saturday 4th July 0000 – 0800 BST
Hufflepuff:    Saturday 4th July 0000 – 0800 BST