RSS Feed
Latest Updates
Nov
23
Spamhaus blacklists due to CryptoPHP infected websites used by Blackhat SEO
Posted by WestNIC Support on 23 November 2014 05:47 PM

UPDATE #2: we're performing malware scans across other shared servers to prevent future blacklists associated with CryptoPHP malware. Accounts with malware and viruses are being suspended. If your account has been suspended, there are three options: 1. remove public_html folder with all contents then reset password and activate account (free of charge). Data bases and email users are not affected by public_html folder removal; 2. find offsite backup then run restore for $10. 3. In some cases it would be possible to run manual site cleanup to preserve current files (most of current data and data bases). This service cost $20. How to activate suspended account: https://my.westnic.net/howtos/account-has-been-suspended.html

UPDATE #1: most servers are excluded from blacklist. We're still running extensive malware and vulnerabilities scan across other (not listed at Spamhaus) servers. If you use outdated php script or plugin (wordpress, joomla, whmcs, clientexec, drupal and others), please update it ASAP (including themes and plugins). If you don't use plugins or themes, please remove it via FTP. Severely outdated software is being removed without prior warning. Compromised accounts are being suspended. 

We thank you for cooperation and understanding.

=================

Dear customers, 

More and more servers are getting on Spamhaus blacklist due to new malware (CryptoPHP) accidentally installed by webmasters/end-users with nulled theme, plugin etc or by bots via outdated/insecure php scripts. What is CryptoPHP? 

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

After being installed on a webserver the backdoor has several options of being controlled which include command and control server communication, mail communication as well as manual control.

More to read: http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/

How to resolve this issue:

At this moment we have 11 shared cPanel servers blacklisted on Spamhaus network. Obviously more will be on that blacklist in the couple of days since most servers are being shared. Cleanup process is very slow. First of all, we have to install exploit scanner then perform manual scans on entire /home directory. Normally scan completes in about 6 hours. Results are dramatic: more than 40% of installed php scripts are outdated, ~5% installed with default configs (with no password set) and ~5% already hacked. Installations with default configs are being removed without warning. Compromised websites are either being suspended or terminated - it depends on how it was compromised and number of viruses/dos/malware tools installed. 

If your website shows "suspended" page, please drop a ticket to https://support.westnic.net. We can provide site backup then remove public_html folder with all contents free of charge. You need to install php script and theme from scratch. If your website doesn't load at all, it most likely infected with CryptoPHP.

Nothing would ever happen to your website if you keep it secure. Avoid installing plugins and themes from unknown (not verified) vendors!

1. Install script properly in the first place then secure. It takes 1-2 hours to secure Wordpress installation, not 1 minute: https://my.westnic.net/howtos/wordpress.html

2. Physically remove unused plugins and themes (via FTP). If you install plugin, please check source! There are many infected plugins and themes.

3. Do not use usernames "admin". Create new one then assign privileges.

4. Change user/pass to cPanel every 6 months using password generator tool. Do not use own passwords like "sunny2015".

5. Purchase then install antivirus with built-in firewall, keep OS and browsers updated.

When my server will be removed from Spamhaus? I need to send very important email right now!

As soon as we complete all scans then suspend/terminate compromised websites. If you cannot reach recipient due to Spamhaus block, please use alternative sources, for example, gmail. If you use email for business, it's good idea to get business apps (gmail, Google disk etc) for domain. It cost only $5 per user/month and does provide more redundancy and reliability. We use it too and there is nothing wrong with that: cPanel server has only one or two MX records (Google provides 5) and get blacklisted 3-5 times per year. Please note that blacklist doesn't affect inbound emails. 

Servers affected (server IDs): cheetah, rl2, eu7, eu8, eu11, ms3, panther2, micro, micro2, dc6dc18, luna, eagle. Unfortunately, more will be on the blacklist soon due to new Spamhaus policy/rule scan. We'll post new server IDs here. Server ID in red: blacklisted on Spamhaus; server ID in yellow: pending removal from Spamhaus, ongoing malware scans; server ID in green: compromised websites either removed or suspended, delisted from Spamhaus.

Thank you for your patience and cooperation.
We're working hard to resolve this issue ASAP.

 

WestNIC support
https://support.westnic.net 


Read more »



Nov
18
RESOLVED: Jaguar access issue (networking)
Posted by WestNIC Support on 18 November 2014 04:05 PM

Update #1 11/18/2014 20:26 EST: this issue has been resolved. Please let us know if you still cannot access websites on "jaguar" server. Thank you!

 

Dear customers,

We're currently experiencing networking issue with specific IP range. It should be resolved within next few hours. There is nothing wrong with server by itself. You can access your account via cPanel or WHM. You may also send and receive messages using secure server protocols (incoming/outgoing server: jaguar.westnic.net) or webmail. If you wish to use webmail, please login to cPanel > Email > Webmail.

We do apologize for the inconvenience.

Thank you,

WestNIC Support
https://support.westnic.net 


Read more »



Oct
6
PUMA server upgrade has been completed
Posted by WestNIC Support on 06 October 2014 03:22 PM

=======

UPDATE #2 10/08/2014 17:06 EST: Transfer was completed at 13:02. On Friday morning we'll assign same dedicated IPs (from puma server) then reinstall dedicated SSLs. On Sunday we'll load Softaculous script installer.

UPDATE #1 10/08/2014 03:08 EST: transfer has been initiated. It should be completed by Friday, 3:00 EST. There is no downtime associated with transfer. New server ID is: JAGUAR

 

Dear friends,

If you host websites on "PUMA" server, we have great news! Websites will be moved to brand new Dell Poweredge R820 server with new processor, new 6 Gb/s hard drives in RAID-1 configuration and 64 GB DDR3 memory. New server has double uplink (2 x 1000 Mbps connection), dual power supply (platinum certification) and RAID controller (enterprise level). And most importantly, we'll be using new secured cPanel environment: CloudLinux Operating system which would allow to utilize more memory and CPU.

We've been using Dell servers for over 10 years (built for resellers and SD customers) which proved highly reliable and redundant. That's why we decided to replace all old (2009-2012) servers with Dell R720 - R820 by the end of 2015.

What to expect:

1. In the next few days all websites on "PUMA" server will be copied over to new server. New server ID: JAGUAR. There is no downtime associated with transfer because DNS will remain the same.

2. If you use external DNS, please contact us for new IP (to change "A" record) or use our DNS:

ns1.westnic.net
ns2.westnic.net
ns3.westnic.net

3. PHP version 5.3.x will be replaced with PHP 5.4.x. If you run severely outdated script, it may stop functioning. It's good idea to upgrade scripts ASAP to avoid any errors as soon we move website over.

4. Upload, memory and other limits will be increased! Upload limit will be set to 256 MB and memory to 2 GB (old server has 64 MB upload and 512 MB memory limit).

5. New server is connected via dual 1 Gbps uplinks - this would improve network connection and load speed. 

6. New server will show "cPanel trial license" (yellow banner on the top). This message will disappear as soon as we disconnected old server (puma).

7. Softaculous script installer is missing on new server. It will be added by Sunday, October 12

8. 

What you should do now:

1. Please upgrade outdated PHP scripts. New server has PHP 5.4.x (PHP 5.3.x has been depreciated).

2. Generate full cPanel backups then download them to personal computer. Please don't forget to remove full cPanel backup files from /home/username/ folder. This would help us to move your websites to new server much, much faster. If you have old backups sitting in user folder, please download then remove. Thank you in advance!

 

We hope you enjoy new server. If you have any questions prior server upgrade, please do let us know: 1-212-671-1942 (24/7/365) or 24/7 support desk: https://support.westnic.net

Yours,

WestNIC Support
https://support.westnic.net 

This message was originally posted on Sunday, October 5th at 15:17 EST


Read more »



Sep
15
DC12 - DC22 servers (Washington DC)
Posted by WestNIC Support on 15 September 2014 03:20 AM

Dear customers,

All servers in Washington DC data center have been updated. We've installed new Linux kernels, apache, php and other server software. Reboot has been completed. Please let us know if you experience any issues: https://support.westnic.net

Thank you!

WestNIC 24/7/365 Support


Read more »



Jun
22
Elephant server maintenance - 06/23/2014 between 1 AM and 4 AM EST (completed)
Posted by WestNIC Support on 22 June 2014 02:56 AM

Dear customers,

Update #1: upgrade process has been completed, server is up and running. Total downtime: 20 minutes.

We're planning to upgrade DDR3 memory on "ELEPHANT" server on June 23rd, between 1 AM and 4 AM EST. Expected server downtime: less than 40 minutes. After this upgrade it would be possible to raise PHP memory limit to at least 196 MB.


Thank you for your patience! 

WestNIC Staff
https://support.westnic.net 


Read more »




Help Desk Software by Kayako Resolve