RSS Feed
Latest Updates
May
24
eu10 went down
Posted by Chris -'- Support Team on 24 May 2016 03:32 PM

Hello,

eu10 went down and our technicians are working on it.
It will be back soon.
Sorry for inconvience caused to you.

=====

Server is back online 45 min ago.

 


Read more »



May
23
cPanel/WHM and WHM Plugin IP Manager version update
Posted by Chris -'- Support Team on 23 May 2016 12:48 PM

Dear Valued Clients,

We will perform cPanel/WHM version update on our USA and EU shared servers to latest release version 56.0 (build 18)
WHM Plug-in IP Manager will be updated from v2.1 to v2.2 with cPanel/WHM update.

Schedule update task : May 24, 2016 at 04h00 a.m. (EST)
There will be NO service interruption during updates.

 


Read more »



Feb
21
Important - Disabling php mail() function - need to use SMTP auth.
Posted by Chris -'- Support Team on 21 February 2016 04:10 PM

Hello ,

PHP mail function is one of the way to send out anonymously/spoofed emails. In our case we commonly use this on our contact us web forms. This mail form act as a smtp proxy, this function takes ([RECIPIENT],[SUBJECT],[MESSAGE],[EXTRAHEADERS], [EXTRAPARAMS]) as parameters. There are numerous additional fields that can be specified in the mail headers, For example 'Cc' (Carbon Copy), which sends a copy of the message to the email addresses given as arguments, 'Bcc' (Blind Carbon Copy) which sends a carbon copy of the message just like with the 'Cc' header.

How this function gets exploited ;

By entering hexadecimal characters in the form field they are able to add carriage returns and spaces. So the following string entered in a form field such as "Your Email" will result in a carbon copy of the email being sent to recipient@someothersite.xxx and a blind carbon copy being sent to victim2@victimsdomain.xxx and victim3@victimsdomain.xxx

"sender@somesite.www Cc:victim@victimsdomain.xxx Bcc:victim2@victimsdomain.xxx,victim3@victimsdomain.xxx"

Many sites provide the possibility to "email this page to a friend" "contact us" through a web form, the resulting email softly suggests to "visit our website" on behalf of the user that filled in the form with his personal email address. Even though the subject and the message are hardcoded, there is still a way to inject headers.

To overcome this we need to use PHPMailer libraries to send out emails and this function support SMTP authentication.

Here is an example script which uses phpmailer and smtp auth to send out emails.


<?php
require("class.phpmailer.php");

$mail = new PHPMailer();

$mail->IsSMTP();                                      // set mailer to use SMTP
$mail->Host = "mail.yourdomain.com";  // specify main and backup server
$mail->SMTPAuth = true;     // turn on SMTP authentication
$mail->Username = "youremailid@domain.com";  // SMTP username
$mail->Password = "yourpassword"; // SMTP password

$mail->From = "youremailid@domain.com";
$mail->FromName = "Mailer";
$mail->AddAddress("myname@myname.com", "My Name");        // name is optional
$mail->AddReplyTo("info@example.com", "Information");

$mail->WordWrap = 50;                                 // set word wrap to 50 characters
$mail->IsHTML(true);                                  // set email format to HTML
https://billing.aseohosting.com/BajCIQC0cMHKEs9zuBQzWDOKV12TS/clientsdomainlist.php
$mail->Subject = "Here is the subject";
$mail->Body    = "This is the HTML message body <b>in bold!</b>";
$mail->AltBody = "This is the body in plain text for non-HTML mail clients";

if(!$mail->Send())
{
   echo "Message could not be sent. <p>";
   echo "Mailer Error: " . $mail->ErrorInfo;
   exit;
}

echo "Message has been sent";
?>

To enhance the security and to eliminate the possibility of users being exploited by hackers and intruders. One of the common abuse we find is spamming. In most of the cases the users are unaware of what is happening. For preventing this, we will be disabling mail() function. The above script is just a sample, you need to modify the script/code to adopt mail sending with smtp authentication.

Please feel free to submit a ticket if you need help.

We will disable it on Sunday 04h00 (EST) 28th of February, 2016



Read more »



Feb
18

Hello,

This is a courtesy notice to let you know about the (Linux Glibc Getaddrinfo Stack-based Buffer Overflow Zero Day Vulnerability).

A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This package contains the standard C library against which all GNU/Linux programs are linked.

Fix the Glibc Getaddrinfo vulnerability on a RHEL/CentOS Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Type the following yum command:

$ sudo yum clean all
$ sudo yum update


After the update is applied you need to reboot the system or restart all affected services:

Because this vulnerability affects a large amount of applications on the system, the safest and recommended way to assure every application uses the updated glibc packages is to restart the system.

In case you are unable to restart the entire system after applying the update, execute the following command to list all running processes (not restricted to services) still using the old [in-memory] version of glibc on your system.


lsof +c0 -d DEL | awk 'NR==1 || /libc-/ {print $2,$1,$4,$NF}' | column -t

From the resulting list, identify the public-facing services and restart them.

You can find more details from the links below.

https://access.redhat.com/security/cve/cve-2015-7547
https://access.redhat.com/articles/2161461

If you are not running any systems on CentOS 6 or 7:
Your services are unaffected by this vulnerability.

If you have any questions, please do not hesitate to open a ticket with our helpdesk.


Read more »



Jan
28
SOLVED ** IP Manager problem with latest cPanel/WHM version
Posted by Chris -'- Support Team on 28 January 2016 03:26 PM

Dear Valued Clients,

Thanks for your patience.
IP Manager issue has been resolved.

Thanks for your cooperation.

 

++++++++

 

Dear Valued Clients,

Some servers got auto update to latest cPanel/WHM version which is causing problem with IP Manager Plug-in.
Please feel free to submit a ticket when you need to change the ip address of your domain(s) via billing portal. Our techs will do the needful.

 


Read more »