incubatec system status

EURID maintenance

support — Tue, 09 Mar 2010 13:36:39 +0000

The EPP server, Registrar Extranet, DAS and WHOIS services (registrar and public) of EURID (the .eu domain registry) will be unavailable for approximately 45 minutes between 05:00 CET and 06:00 CET MARCH 10th 2010 (tomorrow). Normal operations will resume by 07:00 CET, after testing.

We apologise for any inconvenience these necessary maintenance procedures may cause.

VPS reboot

support — Thu, 25 Feb 2010 19:09:31 +0000

All Windows & Linux Virtual Private Servers will be rebooted within the next minutes to install a security-patch, there will be a short downtime.

Tutte i server virtuali Linux e Windows verranno riavviati nei prossimi minuti per installare una importante patch di sicurezza, questo comporta un breve downtime durante il riavvio dei sistemi.

UPDATE: All virtual private servers up&running again, downtime was 3 to 6 minutes per VPS during reboot procedure.

Gigabit-Flatrate Promo FEB 2010

support — Fri, 05 Feb 2010 14:06:28 +0000

[ENGLISH]
Dear Customers,

we currently have a promotion for Gigabit-Flatrates running till the end of February 2010 (12 month term). Please contact your sales rep for further informations, pricing is at just at 1/6th of the normal price: Contact Sales here.

Thomas Moroder
server24.eu

[ITALIANO]
Gentili Clienti,

approfittate della promozione mensile sulle flatrates Gigabit per server dedicati e managed. Per tutte le ordinazioni pervenute entro la fine di febbraio 2010, il costo mensile e’ ridotto del 85% (durata minima: 12 mesi). Contatteci per avere ulteriori informazioni a riguardo.

Thomas Moroder
server24

[DEUTSCH]
Sehr geehrte Kunden,

als Sonderangebot im Februar 2010 bieten wir Gigabit-Flatrates für dedizierte Server (“Root-Server”) und Managed-Server zu einem Sonderpreis an. Sparen Sie 85% im Vergleich zum Normalpreis (Mindestvertragsdauer: 12 Monate). Bitte kontaktieren Sie unsere Vertrieb für weitere Informationen hier.

Thomas Moroder
server24

10 ports down @DC1

support — Wed, 27 Jan 2010 20:35:08 +0000

We currently have 10 switchports done @DC1, investigating ETA: 1 hour

10 switchports down nel datacenter #1, stiamo analizzando il problema, stima tempistiche: 1 ora

UPDATE:
Switchports restored, but currently experiencing problem with PDU in datacenter. Level3 (operator of the datacenter) field OPs are there to solve the issue.

UPDATE2:
Ackermann conductor rail defect, currently replacing.

UPDATE3:
All services and servers up & running again.

18 ports down datacenter #2

support — Sun, 24 Jan 2010 16:40:46 +0000

Currently 18 uplink ports are down in the datacenter #2, we are currently investigating.

UPDATE:
All services and servers up & running again.

Core Router DC#2

support — Thu, 21 Jan 2010 21:36:00 +0000

Today at 16:28 CET a defect linecard in the core router of the second datacenter (DC#2) first caused latency (high ping-times) and after complete failure a downtime of connectivity for some servers and services. We replaced the linecard and all services, incl. BGP-peerings, were up again working at 17:31 CET. We apologize for any inconvenience caused.

Questo pomeriggio alle ore 16:28 una linecard difettosa del core-router nel secondo datacenter (DC#2) ha causato latenza (pings alti) e di seguito un downtime della connettivita’ per alcuni server e servizi. Abbiamo provveduto a rimpiazzare la linecard difettosa e tutti i servizi, incluse le sessioni BGP coinvolte, erano di nuovo attivi a partire dalle ore 17:31. Ci scusiamo per gli eventuali disagi.

Heute ab 16:28 Uhr gab es Probleme aufgrund einer defekten Linecard im Core-Router des zweiten Rechenzentrums (DC#2), die zuerst zu Latenzen (hohe Ping-Zeiten) und anschließend zu einem Ausfall der Internet-Anbindung für einige Server und Dienstleistungen führte. Wir haben die defekte Linecard ausgetauscht und alle Dienste, inkl. die BGP-Anbindung, funktioniert ab 17:31 Uhr wieder einwandfrei. Wir bitten vielmals um Entschuldigung für die evt. Unannehmlichkeiten.

Problemi con singoli server nel datacenter 2

support — Fri, 04 Dec 2009 08:18:47 +0000

Al momento stiamo rilevando problemi con singoli servers nel datacenter 2, i tecnici sono gia’ in loco per verificare.

UPDATE: Il problema e’ stato risolto, si trattava di un sovraccarico PDU causato da un alimentatore difettoso.

Scheduled VPS maintenance

support — Wed, 02 Dec 2009 14:21:57 +0000

We will be performing scheduled maintenance for both Windows and Unix/Linux Virtual Private Servers (VPS) during the night (starting 23:00 CET). There will be a short downtime.

Nell’ottica del continuo miglioramento della nostra infrastruttura tecnica desideriamo comunicarti circa l’intervento di manutenzione per il potenziamento dei server virtuali (VPS) durante la notte (a partire dalle ore 23). Durante i lavori di manutenzione il/i Suoi server virtuali (VPS) potrebbero non essere visibili a causa di un ravvio di sistema.

osCommerce 2.2 RC2a bug

support — Fri, 27 Nov 2009 13:27:01 +0000

[ENGLISH]

Dear Customers,

we have noticed that osCommerce version 2.2 RC2a has bug, abused by spammers to send out spam using http:// site name .com / admin/mail.php/login.php?action=send_email_to_user. To fix this problem, please patch the file admin/includes/application_top.php using this schema:

34	34		require(DIR_WS_FUNCTIONS . ‘compatibility.php’);
35	35
36	36		// set php_self in the local scope
37		-	$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);
	37	+	$PHP_SELF = $_SERVER['PHP_SELF'];
38	38
39	39		// Used in the “Backup Manager” to compress backups
40	40		define(‘LOCAL_EXE_GZIP’, ‘/usr/bin/gzip’);
…
134	134
135	135		// include the language translations
136	136		require(DIR_WS_LANGUAGES . $language . ‘.php’);
137		-	$current_page = basename($PHP_SELF);
	137	+	$current_page = basename($_SERVER['SCRIPT_FILENAME']);
138	138		if (file_exists(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page)) {
139	139		include(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page);
140	140		}
…
213	213		}
214	214
215	215		// BOF: MOD – Admin w/access levels
216		-	if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {
	216	+	if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_LOGIN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_PASSWORD_FORGOTTEN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_FORBIDDEN) {
217	217		tep_admin_check_login();
218	218		}
219	219		// EOF: MOD – Admin w/access levels

Source of patch:
http://code.google.com/p/oscmax2/source/detail?r=169

For further informations & security updates regarding osCommerce:
http://www.oscmax.com/forums/oscmax-v1-7-discussion/20994-spam-through-admin-mail-php-login-php-action-send_email_to_user.html

As a general workaround we suggest password-protecting the admin-folder using either .htaccess+.htpasswd, your control-panel (Plesk, Confixx etc.) or some equivalent solution. The alternative is to rename the admin-folder into something difficult to guess (e.g. “n3WaDm1N”) so that no automatic scanning of the vulnerability is possible.

[ITALIANO]

Gentili Clienti,

da una segnalazione risulta un problema di sicurezza nella versione 2.2 RC2a di osCommerce che viene gia’ abusato da spammers per inviare spam utilizzando l’URL http:// nome sito .it / admin/mail.php/login.php?action=send_email_to_user. Per ovviare al problema, modificare il file admin/includes/application_top.php utilizzando la seguente tabella:

34	34		require(DIR_WS_FUNCTIONS . ‘compatibility.php’);
35	35
36	36		// set php_self in the local scope
37		-	$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);
	37	+	$PHP_SELF = $_SERVER['PHP_SELF'];
38	38
39	39		// Used in the “Backup Manager” to compress backups
40	40		define(‘LOCAL_EXE_GZIP’, ‘/usr/bin/gzip’);
…
134	134
135	135		// include the language translations
136	136		require(DIR_WS_LANGUAGES . $language . ‘.php’);
137		-	$current_page = basename($PHP_SELF);
	137	+	$current_page = basename($_SERVER['SCRIPT_FILENAME']);
138	138		if (file_exists(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page)) {
139	139		include(DIR_WS_LANGUAGES . $language . ‘/’ . $current_page);
140	140		}
…
213	213		}
214	214
215	215		// BOF: MOD – Admin w/access levels
216		-	if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {
	216	+	if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_LOGIN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_PASSWORD_FORGOTTEN && basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_FORBIDDEN) {
217	217		tep_admin_check_login();
218	218		}
219	219		// EOF: MOD – Admin w/access levels

Riferimento patch:
http://code.google.com/p/oscmax2/source/detail?r=169

Per ulteriori informazioni riguardanti informazioni di sicurezza per osCommerce consigliamo:
http://www.oscmax.com/forums/oscmax-v1-7-discussion/20994-spam-through-admin-mail-php-login-php-action-send_email_to_user.html

Come workaround generale suggeriamo di proteggere la cartella admin tramite una password utilizzando .htpaccess+.htpasswd, un pannello di controllo (Plesk, Confixx etc.) oppure qualche altro metodo equivalente. In alternativa si puo’ ridenominare la cartella “admin”, preferibilmente utilizzando un nome difficile da indovinare (p.e. “n3WaDm1N”) in modo da evitare scansioni automatizzate da parte di hacker.

MOBI Domain Name Registration

support — Thu, 19 Nov 2009 18:25:42 +0000

Dear Customers,

we are currently offering .MOBI Domain Registrations incl. Instant Mobilizer and dotMOBI SiteBuilder on SALE:

http://www.webhosting24.com/register-dot-mobi-domains/

With InstantMobilizer you can turn Your existing Web Site into a Mobile Web Site, with the SiteBuilder you can create your own Mobile Web Site in minute, no technical knowledge required.