There is a known malware infection caused by a serious vulnerability in the MailPoet WordPress plugin. This malicious attack attempts to slyly inject Spam into the hacked site, which is causing websites to break, and focuses predominantly on WordPress sites with outdated plugins or weak admin passwords.
What It Looks Like
The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content:
Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91
After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like:
< ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…
If you are running MailPoet, we recommend upgrading it to the latest version. If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.
If you aren’t able to fix the issue on your end, please don’t hesitate to contact Support. We’re happy to help.
We are currently experiencing a DDoS attack on our Detroit facility.
This attack is part of a larger-scale attack that is affecting multiple internet routing points. More details can be seen here:
http://www.akamai.com/html/technology/dataviz1.html (click on ‘Attacks’)
We are continuing to work hard to remedy the situation with our Network and System Administrators.
Please stand by for additional information.
We’ll update you as we know more!
We are excited to announce that starting June 10th 2014 you can register .uk domains for just $15 a year!
Here’s what you need to know about the registration process:
- If you have a unique .co.uk, .org.uk, or other similar domain, the equivalent .uk domain will be automatically reserved for you until June 10, 2019, as long as the domain remains registered.
- You can check a registrant’s rights with this handy lookup tool: http://www.dotuklaunch.co.uk/rights-lookup-tool.
- If you want to register a 2nd level .uk domain, such as ‘example.uk’, then the contact info for that domain must be an exact match to the existing equivalent third level .uk domain, like ‘example.co.uk’ or ‘example.org.uk’. If the information is not the same the registration will fail.
- If there is no equivalent domain with rights already existing within the .uk domain family, by registering the .co.uk you will automatically have the right to register the new .uk domain.
Note: if your third level .uk domain name resides at a registrar other than OpenSRS, Nominet will email the registrant to confirm the registration.
We think this new easier-to-use domain extension is a great addition to our current offerings and we’re pleased to be able to offer it to you! Please contact our Billing department for assistance with registering a new domain name, or if you have any questions regarding the registration process.
This morning we deployed an update to the OpenSSL software packages on our shared and customer servers to address a critical vulnerability. The vulnerability, dubbed “heartbleed”, is the result of improper data validation (bounds check) within a “heartbeat” feature of the OpenSSL TLS implementation.
Because of this vulnerability, it is possible that a portion of active memory can be disclosed to connecting clients, which can leak sensitive information. Ultimately, this may lead to the disclosure of transaction or customer-identifiable information, which undermines the very purpose of SSL implementations for our customers and the Internet community at large.
Although we make every effort to schedule updates and maintenance, the critical nature of this vulnerability prompted immediate action. We’re working hard to protect our customers and want to thank you for your understanding.
What is the status of my SSL certificates?
Our position is that regenerating/reissuing SSL certificates is not explicitly required and doing so would be out of an abundance of caution. Although the heartbleed vulnerability had the very real possibility to disclose the server-side private key for an SSL certificate, the ability to capture an entire SSL private key required more than just a passing interest in a specific web site. An attacker would need to conduct a targeted effort to dump thousands of memory captures using the vulnerability and piece together an SSL private certificate, a non-trivial task.
Further, we have no indications at this time of any large scale attempts to compromise SSL private keys on our customer web sites, servers or network at large. We will continue to monitor our servers and networks with vigilance and if at any time we have indications that this position needs to change, we will update our customers accordingly.
If you have any questions or concerns regarding this or other issues, please get in touch and we’ll get back to you as soon as possible.
For customers that are currently running cPanel/WHM, the OpenSSL update will apply within the next 24h through daily automatic updates. To verify that the update has applied or to proactively apply it, please find details below. It is important to note, that once the OpenSSL update has been applied, Apache and/or Nginx must be restarted to ensure that the vulnerability is properly closed.
Check the current OpenSSL Version:
# rpm -q openssl
The patched version of OpenSSL for CentOS 6 is openssl-1.0.1e-16.el6_5.7.x86_64.
The version of OpenSSL provided in CentOS 5.10 (openssl-0.9.8e-27.el5_10.1) is NOT vulnerable.
The version of OpenSSL provided in CentOS 6.5 (openssl-1.0.1e-16.el6_5.4) WAS vulnerable.
If you find that you are running any version other than ‘openssl-0.9.8e-27.el5_10.1′ or ‘openssl-1.0.1e-16.el6_5.7.x86_64′ then you should immediately update the OpenSSL packages:
# yum update -y openssl
# /etc/init.d/httpd stop
# /etc/init.d/httpd start
Although we have made every effort to access and update customer systems, this may not always be possible in cases where customers may have restricted access to systems and/or are using operating systems other than RHEL/CentOS. As such, we encourage all Cloud VPS, Hybrid and Dedicated customers to verify that this vulnerability is patched with an updated OpenSSL package.
Additional update information:
Debian Wheezy, Jessie, Sid
# apt-get upgrade openssl
Ubuntu 12.04, 12.10, 13.10
# apt-get upgrade openssl
# yum update openssl
CentOS 5.10, OpenSSL 0.9.8 is NOT vulnerable
Proof of Concept Test:
Attention SEOHosting Customers:
Please read this important announcement carefully! The following post details new regulations and procedures for ICANN’s Registrar Accreditation Agreement:
VALIDATING REGISTRANT E-MAIL ADDRESSES
Starting in January, the registrant contact will need to be validated upon the purchase or transfer of a domain name or if the registrant’s first name or last name has been modified.
Should any of these occur, OpenSRS , our registrar, will send an email requiring an affirmative response from the registrant. Failing to receive an affirmative response from the registrant within 15 days will result in the suspension of the name. This means that the domain (and any related services) will be offline.
If a registrant has already validated their contact information, this process will not be initiated.
The same validation process will take place if a WHOIS Data Reminder Policy (WDRP) notice, 30 day expiration notice or 5 day expiration notice bounces. It is extremely important to ensure the WHOIS data that you provide for your domain is correct.
ICANN WEBSITE REQUIREMENTS
ICANN now requires that we list the following new pieces of information on your website:
We hope that these changes in ICANN policy will have little effect on the ease in which you are able to order domain registrations or transfers. Please contact our billing department with any questions or concerns.