[Resellers-list] News from Hosting Matters, November 2006

Hosting Matters Resellers Mailing List resellers-list at hostmatters.com
Sat Nov 4 20:17:06 EST 2006 

Greetings, everyone!

What follow are some items of interest:

1. This particular item is urgent: the cgiemail script available within
cpanel is susceptible to abuse using particularly crafted requests. Two
accounts on different servers using this script as a form to mail script
have been abused to relay spam. This sort of abuse is, of course, entirely
unacceptable. Use of this script within the network is no longer permitted,
and we will be setting filters to intercept and deny requests to the script
on all servers within the network, whether shared or dedicated.

If you utilize this script, you will be required to use another instead. A
walkthrough on the use of a script that is not subject to abuse is located
here: http://forums.hostmatters.com/showthread.php?threadid=10489

If you prefer to use a script other than the one listed in the link above,
you can do so; however, note that unsecured form to mail scripts will always
be disabled without prior notice when found.

If you require assistance installing a form to mail script to replace the
cgiemail script if you have it in use, please contact support.


2. Traffic warning: as most of you are aware, Tuesday, November 7 is
election day in the US. We are expecting higher than average traffic to the
network throughout the day on Tuesday. We host a variety of municipal sites
that will be busy as well as a number of news and blog sites that we believe
will be carrying commentary and updates. As always when an event like this
occurs, we will be monitoring the network and all servers more closely than
our normal close monitoring.


3. Application notice: as some of you are no doubt aware, Microsoft
announced end of life for FrontPage. This means that they will no longer be
supporting FrontPage or providing updates for it, and that they will no
longer be providing FrontPage extensions or security updates for the
extensions. This is not a reason for panic: the extensions will not be
removed immediately from any server in the network. However, if a security
issue is announced for the extensions and no fix is available, it is likely
that the extensions could be removed very quickly and certain types of
FrontPage specific components will no longer be available. The replacement
application Microsoft has announced is called Expression Web, is currently
in beta, and is partially based on the FrontPage extension technologies. You
can read about Expression Web at
http://www.microsoft.com/products/expression/en/web_designer/fpupgrade/defau
lt.mspx


4. We have targeted a handful of shared servers for retirement based on age
and based on certain incompatibilities between cPanel and the operating
system installed. Clients on these servers will be migrated to other, newer
servers in the network, as clients from the bia server were migrated today.
Notices are going out to affected clients as we work through each server.
Things to know about migrations:

A. Because of the incompatibilities noted above, some servers were never
converted to the new mail system. While most people will notice no
difference after the move, clietns should note that viewing all mailbox
folders from the topmost user login is no longer possible. In addition,
Neomail will no longer be available as a webmail option. See
http://forums.hostmatters.com/showthread.php?t=13901 for the original
announcement related to the mail system conversion.

B. Certain php-based applications may require a setting called
register_globals be enabled. By default, all newer servers have this setting
disabled for security reasons. If your application requires it,
register_globals can be enabled by placing the following line in a .htaccess
file under your public_html:

php_value register_globals 1

See
http://www.hmhelpdesk.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticl
eid=145 for the knowledgebase article. If your site is among those migrated
and you require assistance in enabling this setting, please contact support.

C. If you manage your own DNS settings, you must modify those settings to
reflect the new location of your site(s). If you do not manage your own DNS,
no action is required on your part, as we will update all DNS zones to point
sites to the new server once they are moved. Those clients managing their
own DNS should contact support after receiving the migration notice to
obtain the new settings that will be appropriate for their site(s).

D. If you use the serverwide secure certificate and are notified of a
migration, you will need to change any references from the old server name
to the new. The new server name will be included in the migration notice,
and of course you can always contact support if you need assistance with
this.

As always, if you have any questions about or require assistance with these
items or any other, please contact support and we'll be happy to help you.

Regards,

Annette
Hosting Matters, Inc.
http://www.hostingmatters.com

More information about the Resellers-list mailing list