Centurylink had a network outage that affected our Sterling, VA data center for approximately 15 minutes starting at 7:03 AM EST 2/9/2016 until 7:18 AM EST.
The problem has been resolved.
Warning: Phishing attacks against domain owners – fradulent suspension notices
Domain registrar OpenSRS warns that there is an ongoing phishing attack against domain owners. The object is to trick you into providing credentials that will let the bad guys hijack your domain.
If you get email claiming that your domain has been suspended, do not click any of the links or reply to the email even if the message looks legitimate. If you’re an HIS customer, report the email to support@his.com and we’ll help determine your domain’s actual status.
You may have heard that many high-profile domain registrars are being targeted by a massive phishing attack against domain owners.
We have received reports that some of those attacks are using Tucows branded emails to target some of our resellers and possibly end users all over the world. The fraudulent emails claim that a particular domain name has been suspended and ask users to click a link. domainabuse@tucows.com.org is being used as “From” and “Reply-to” addresses.
We are asking all OpenSRS resellers to be extra vigilant of these fraudulent suspension notices. In case you or your end users receive an email from tucows.com.org:
- Do not click any links
- Do not reply to the email
- Do not call any phone numbers listed within the email
We strongly encourage all resellers to communicate this information to their end users.
The OpenSRS team
10/17/2015 – 11:00 AM – mail.his.com down – resolved
mail.his.com is temporarily down because of a hardware problem. Check back for updates.
11:55 AM EDT – mail.his.com disk volumes are being checked for corruption. Repair in progress.
12:10 PM EDT – disk check / repair continues …
12:27 PM EDT – repairs complete, mail.his.com back online
12:38 PM EDT – No mail was lost – undelivered mail queued on relay servers while mail.his.com was offline, and all queued mail has now been delivered.
WordPress 4.3.1 Security Release
WordPress 4.3.1 is now available. This is a an important security notice affecting all previous versions of WordPress and we strongly encourage you to update your sites immediately.
Being proactive in the protection of your site is of one of the most important aspects of having a solid web site security policy.
This release includes three vulnerabilities:
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
- Cross-site Scripting Vulnerability was found in the user list table.
- Users without proper permissions could publish private posts and make them sticky (CVE-2015-5715)
More details on this security release can be found here:
WordPress 4.3.1 Security and Maintenance Release
WordPress 4.3.1 Security and Maintenance Release
If your web site is powered by WordPress, please upgrade it ASAP, here is the procedure we recommend:
1- Backup your Hosting account using your account’s Plesk Panel Backup Manager
2- Upgrade WordPress. There are 2 ways of doing that:
- If you installed WordPress from the Plesk Panel Applications tab, you can upgrade it from the Panel
- If you installed WordPress yourself, login to your WordPress Admin Dashboard and upgrade it from there
3- Check that everything is working.
4- Backup your upgraded installation as a precaution.
WordPress 4.2.1 Critical Security Release
WordPress 4.2.1 Security Release
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. April 27, 2015 the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.
If your web site is powered by WordPress, please upgrade it ASAP, here is the procedure we recommend:
1- Backup your Hosting account using your account’s Plesk Panel Backup Manager
2- Upgrade WordPress. There are 2 ways of doing that:
- If you installed WordPress from the Plesk Panel Applications tab, you can upgrade it from the Panel
- If you installed WordPress yourself, login to your WordPress Admin Dashboard and upgrade it from there
3- Check that everything is working.
4- Backup your upgraded installation as a precaution.
ISIL Defacements Exploiting WordPress Vulnerablities – update now
The FBI has warned that ISIL is exploiting vulnerabilities in WordPress sites running out-of-date versions of WordPress or old versions of certain plugins or themes to deface the sites.
The FBI’s statement: http://www.ic3.gov/media/2015/150407-1.aspx
Sucuri’s writeup with mention of specific plugins to check: http://blog.sucuri.net/2015/04/fbi-public-service-annoucement-defacements-exploiting-wordpress-vulnerabilities.html
The current version of WordPress (as of 4/8/2015) is 4.1.1. If you are running any earlier version, you are vulnerable. If you need to upgrade, you can do so from your WordPress admin login or by downloading the latest version of WordPress from https://wordpress.org/ Don’t forget to update any out-of-date plugins or themes as well.
If you need help updating your HIS-hosted WordPress site, open a support request ticket at http://info.his.com/support/support.his.com.html
1/28/2015: reboots to patch for GHOST vulnerability
We are patching and rebooting all linux servers for the ‘GHOST‘ security vulnerability.
Reboots aren’t needed often with linux, but because this patch replaces a library (glibc) that is used by many programs on each server, a reboot is required.
Don’t let your email account get hijacked – tips
Email accounts are prime targets for spammers, who can no longer send spam directly from malware-infected computers because of improved spam filtering and steps that major providers like Verizon/Comcast/Cox have taken. If a spammer can hijack an email account, he’ll be able to send spam at high speed from a legitimate account until he gets caught. We’re good at detecting this, but when it happens it’s inconvenient for the legitimate account holder, since we have to change the password and the account owner will be locked out until they set the password again and update the password on their computer/phone/etc.
The most common ways that bad guys obtain login info are:
- phishing email – the kind that takes you to a supposedly legitimate web link where you’re tricked into entering your email username and password.
- Some of these messages are very real-looking. Best practice: never enter login info on a web page that you got to by clicking a link in email.
- Hotel wi-fi or a public wi-fi hotspot and bad guys were sniffing the network.
- We’ve seen quite a few of these cases. Hotel wi-fi is particularly dangerous. You’re better off using your phone’s wireless connection at hotels and coffee shops.
- You’ve used the same username and password somewhere else (adobe.com, ebay.com, etc.) and that site got hacked.
- This is probably the #1 way people get hacked. Never use the same username and password on multiple sites. You will get bitten if you do.
- malware on your computer that’s sending your keystrokes & other info the the bad guys’ mother ship.
- When this is what’s happening, your account will usually get hacked again quickly after you’ve changed your password. Set your PC to scan for malware daily, and run a full scan every now and then so the anti-virus scanner will check everything (default scans usually scan only the most likely locations for malware). Make sure your PC is set to receive automatic updates to virus definitions – there is a new virus every few minutes, so you need to update your definitions at least daily.
- Your password is easy to guess. Our systems lock out password-guessers quickly, but they get a few tries before they’re locked out and if your password is super simple (12345 / ILoveAndy / etc.) they might get lucky.
There are a lot of bad guys and they’re highly motivated, but if you’re careful, odds are your account won’t get hijacked.
eBay passwords compromised
According to Ars Technica, encrypted eBay passwords and other information have been stolen by cyberattackers. If you have an eBay account, change your password ASAP. If your eBay password is one you’ve used on other services, including your accounts with HIS, change those passwords too, and don’t use the same password on more than one service.
When password lists are leaked this way, even in encrypted form, the bad guys have very powerful tools for cracking the passwords, and the cracked passwords go into their database of passwords that are used somewhere and thus are probably also used somewhere else, increasing your likelihood of being hacked on another system if you’re using the same password there.
We know that it’s a pain to change passwords, especially email passwords where you might have several devices checking your account (a phone, a tablet, multiple computers), but it’s a bigger pain to get hacked. When we detect a hacked account, we change the password immediately and there’s a period of time between then and when we can reach you when you’re without access to your account. If you use strong passwords (mixed upper/lower case, numbers, punctuation) and you don’t use a password on more than one account, your odds of having your account hijacked are greatly reduced.
Resolved: spam.his.com backlog 5/19/2014
Starting at 6:30 AM on Monday, 5/19/2014, multiple servers were hit with a high-volume spam flood from a Russian botnet that had hijacked user email accounts. The volume was so high that spam.his.com, which filters both incoming and outgoing mail, became backlogged and mail delivery became very slow. We identified the problem shortly after 7 AM and blocked the botnet, but it took several hours to clear the unprocessed queue of this spam because we wanted to avoid accidentally deleting any legitimate mail. This problem has been resolved and mail delivery was normal (about 3 seconds after receipt) by 11 AM.
Our early-warning system caught this quickly, but the volume of spam from this large botnet was extraordinarily high, causing the backlog. We’re looking at ways to detect hijacked email accounts more quickly.
Our servers do a good job of blocking the thousands of bots attempting to guess user passwords on each server every day, but if your password is a simple one, or is one that you’re using on some other system that has been compromised (Adobe, Twitter, Evernote, Dropbox, etc.), the bad guys can test and confirm your password on the first try and we won’t detect that as an attack. If you’re using your password on any other system, consider changing it ASAP, and choose a strong password (mixture of upper/lower case letters, some numbers, some punctuation).