EURID maintenance
The EPP server, Registrar Extranet, DAS and WHOIS services (registrar and public) of EURID (the .eu domain registry) will be unavailable for approximately 45 minutes between 05:00 CET and 06:00 CET MARCH 10th 2010 (tomorrow). Normal operations will resume by 07:00 CET, after testing.
We apologise for any inconvenience these necessary maintenance procedures may cause.
VPS reboot
All Windows & Linux Virtual Private Servers will be rebooted within the next minutes to install a security-patch, there will be a short downtime.
Tutte i server virtuali Linux e Windows verranno riavviati nei prossimi minuti per installare una importante patch di sicurezza, questo comporta un breve downtime durante il riavvio dei sistemi.
UPDATE: All virtual private servers up&running again, downtime was 3 to 6 minutes per VPS during reboot procedure.
Gigabit-Flatrate Promo FEB 2010
[ENGLISH]
Dear Customers,
we currently have a promotion for Gigabit-Flatrates running till the end of February 2010 (12 month term). Please contact your sales rep for further informations, pricing is at just at 1/6th of the normal price: Contact Sales here.
Thomas Moroder
server24.eu
[ITALIANO]
Gentili Clienti,
approfittate della promozione mensile sulle flatrates Gigabit per server dedicati e managed. Per tutte le ordinazioni pervenute entro la fine di febbraio 2010, il costo mensile e’ ridotto del 85% (durata minima: 12 mesi). Contatteci per avere ulteriori informazioni a riguardo.
Thomas Moroder
server24
[DEUTSCH]
Sehr geehrte Kunden,
als Sonderangebot im Februar 2010 bieten wir Gigabit-Flatrates für dedizierte Server (“Root-Server”) und Managed-Server zu einem Sonderpreis an. Sparen Sie 85% im Vergleich zum Normalpreis (Mindestvertragsdauer: 12 Monate). Bitte kontaktieren Sie unsere Vertrieb für weitere Informationen hier.
Thomas Moroder
server24
10 ports down @DC1
We currently have 10 switchports done @DC1, investigating ETA: 1 hour
10 switchports down nel datacenter #1, stiamo analizzando il problema, stima tempistiche: 1 ora
UPDATE:
Switchports restored, but currently experiencing problem with PDU in datacenter. Level3 (operator of the datacenter) field OPs are there to solve the issue.
UPDATE2:
Ackermann conductor rail defect, currently replacing.
UPDATE3:
All services and servers up & running again.
18 ports down datacenter #2
Currently 18 uplink ports are down in the datacenter #2, we are currently investigating.
UPDATE:
All services and servers up & running again.
Core Router DC#2
Today at 16:28 CET a defect linecard in the core router of the second datacenter (DC#2) first caused latency (high ping-times) and after complete failure a downtime of connectivity for some servers and services. We replaced the linecard and all services, incl. BGP-peerings, were up again working at 17:31 CET. We apologize for any inconvenience caused.
Questo pomeriggio alle ore 16:28 una linecard difettosa del core-router nel secondo datacenter (DC#2) ha causato latenza (pings alti) e di seguito un downtime della connettivita’ per alcuni server e servizi. Abbiamo provveduto a rimpiazzare la linecard difettosa e tutti i servizi, incluse le sessioni BGP coinvolte, erano di nuovo attivi a partire dalle ore 17:31. Ci scusiamo per gli eventuali disagi.
Heute ab 16:28 Uhr gab es Probleme aufgrund einer defekten Linecard im Core-Router des zweiten Rechenzentrums (DC#2), die zuerst zu Latenzen (hohe Ping-Zeiten) und anschließend zu einem Ausfall der Internet-Anbindung für einige Server und Dienstleistungen führte. Wir haben die defekte Linecard ausgetauscht und alle Dienste, inkl. die BGP-Anbindung, funktioniert ab 17:31 Uhr wieder einwandfrei. Wir bitten vielmals um Entschuldigung für die evt. Unannehmlichkeiten.
Problemi con singoli server nel datacenter 2
Al momento stiamo rilevando problemi con singoli servers nel datacenter 2, i tecnici sono gia’ in loco per verificare.
UPDATE: Il problema e’ stato risolto, si trattava di un sovraccarico PDU causato da un alimentatore difettoso.
Scheduled VPS maintenance
We will be performing scheduled maintenance for both Windows and Unix/Linux Virtual Private Servers (VPS) during the night (starting 23:00 CET). There will be a short downtime.
Nell’ottica del continuo miglioramento della nostra infrastruttura tecnica desideriamo comunicarti circa l’intervento di manutenzione per il potenziamento dei server virtuali (VPS) durante la notte (a partire dalle ore 23). Durante i lavori di manutenzione il/i Suoi server virtuali (VPS) potrebbero non essere visibili a causa di un ravvio di sistema.
osCommerce 2.2 RC2a bug
[ENGLISH]
Dear Customers,
we have noticed that osCommerce version 2.2 RC2a has bug, abused by spammers to send out spam using http:// site name .com / admin/mail.php/login.php?action=send_email_to_user. To fix this problem, please patch the file admin/includes/application_top.php using this schema:
| 34 | 34 | require(DIR_WS_FUNCTIONS . ‘compatibility.php’); | |
|---|---|---|---|
| 35 | 35 | ||
| 36 | 36 | // set php_self in the local scope | |
| 37 | - | $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']); | |
| 37 | + | $PHP_SELF = $_SERVER['PHP_SELF']; | |
| 38 | 38 | ||
| 39 | 39 | // Used in the “Backup Manager” to compress backups | |
| 40 | 40 | define(‘LOCAL_EXE_GZIP’, ‘/usr/bin/gzip’); | |
| … | |||
| 134 | 134 | ||
| 135 | 135 | // include the language translations | |
| 136 | 136 | require(DIR_WS_LANGUAGES . $language . ‘.php’); | |
| 137 | - | $current_page = basename($PHP_SELF); | |
| 137 | + | $current_page = basename($_SERVER['SCRIPT_FILENAME']); | |
| 138 | 138 | if (file_exists(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page)) { | |
| 139 | 139 | include(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page); | |
| 140 | 140 | } | |
| … | |||
| 213 | 213 | } | |
| 214 | 214 | ||
| 215 | 215 | // BOF: MOD – Admin w/access levels | |
| 216 | - | if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) { | |
| 216 | + | if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_LOGIN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_PASSWORD_FORGOTTEN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_FORBIDDEN) { | |
| 217 | 217 | tep_admin_check_login(); | |
| 218 | 218 | } | |
| 219 | 219 | // EOF: MOD – Admin w/access levels |
Source of patch:
http://code.google.com/p/oscmax2/source/detail?r=169
For further informations & security updates regarding osCommerce:
http://www.oscmax.com/forums/oscmax-v1-7-discussion/20994-spam-through-admin-mail-php-login-php-action-send_email_to_user.html
As a general workaround we suggest password-protecting the admin-folder using either .htaccess+.htpasswd, your control-panel (Plesk, Confixx etc.) or some equivalent solution. The alternative is to rename the admin-folder into something difficult to guess (e.g. “n3WaDm1N”) so that no automatic scanning of the vulnerability is possible.
[ITALIANO]
Gentili Clienti,
da una segnalazione risulta un problema di sicurezza nella versione 2.2 RC2a di osCommerce che viene gia’ abusato da spammers per inviare spam utilizzando l’URL http:// nome sito .it / admin/mail.php/login.php?action=send_email_to_user. Per ovviare al problema, modificare il file admin/includes/application_top.php utilizzando la seguente tabella:
| 34 | 34 | require(DIR_WS_FUNCTIONS . ‘compatibility.php’); | |
|---|---|---|---|
| 35 | 35 | ||
| 36 | 36 | // set php_self in the local scope | |
| 37 | - | $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']); | |
| 37 | + | $PHP_SELF = $_SERVER['PHP_SELF']; | |
| 38 | 38 | ||
| 39 | 39 | // Used in the “Backup Manager” to compress backups | |
| 40 | 40 | define(‘LOCAL_EXE_GZIP’, ‘/usr/bin/gzip’); | |
| … | |||
| 134 | 134 | ||
| 135 | 135 | // include the language translations | |
| 136 | 136 | require(DIR_WS_LANGUAGES . $language . ‘.php’); | |
| 137 | - | $current_page = basename($PHP_SELF); | |
| 137 | + | $current_page = basename($_SERVER['SCRIPT_FILENAME']); | |
| 138 | 138 | if (file_exists(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page)) { | |
| 139 | 139 | include(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page); | |
| 140 | 140 | } | |
| … | |||
| 213 | 213 | } | |
| 214 | 214 | ||
| 215 | 215 | // BOF: MOD – Admin w/access levels | |
| 216 | - | if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) { | |
| 216 | + | if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_LOGIN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_PASSWORD_FORGOTTEN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_FORBIDDEN) { | |
| 217 | 217 | tep_admin_check_login(); | |
| 218 | 218 | } | |
| 219 | 219 | // EOF: MOD – Admin w/access levels |
Riferimento patch:
http://code.google.com/p/oscmax2/source/detail?r=169
Per ulteriori informazioni riguardanti informazioni di sicurezza per osCommerce consigliamo:
http://www.oscmax.com/forums/oscmax-v1-7-discussion/20994-spam-through-admin-mail-php-login-php-action-send_email_to_user.html
Come workaround generale suggeriamo di proteggere la cartella admin tramite una password utilizzando .htpaccess+.htpasswd, un pannello di controllo (Plesk, Confixx etc.) oppure qualche altro metodo equivalente. In alternativa si puo’ ridenominare la cartella “admin”, preferibilmente utilizzando un nome difficile da indovinare (p.e. “n3WaDm1N”) in modo da evitare scansioni automatizzate da parte di hacker.
MOBI Domain Name Registration
Dear Customers,
we are currently offering .MOBI Domain Registrations incl. Instant Mobilizer and dotMOBI SiteBuilder on SALE:
http://www.webhosting24.com/register-dot-mobi-domains/
With InstantMobilizer you can turn Your existing Web Site into a Mobile Web Site, with the SiteBuilder you can create your own Mobile Web Site in minute, no technical knowledge required.