Messages

[hopefully]

EDIT: You should also remove PHP versions that have reached EOL(end-of-life) PHP 5.3 EOL Announcement and require the site owners to use the next higher version. If the scripts on the site stops working then the owner will hopefully "wake up" and can either upgrade the script to a newer version, ask the script publisher to support the latest PHP version or move to a different script. I once had a very bad experience with a host that refuses to upgrade past 5.2.17 because:

Sorry for the double post.  Our plans are to remove 5.2 and 5.3 once 5.6 is released.  (5.2 may very well be removed before that.  It has only been kept due to compatibility reasons for some users, but honestly it is not worth the risk.)  The problem is that some have 5.2.17 selected that can use a newer version.

P.S. Could you please change the Pong Master text next to my name to Aleeious Lead Developer Thanks.

Are you not able to update your title in the forum?  If not, I will do this for you.

We will be doing additional scans for outdated WordPress versions on all servers tomorrow at some point.  If your site is found to not be running the latest version, your site will be suspended.

If more than 15 sites are found that contain outdated scripts, we will seriously consider disabling the mail function globally.

Thank you.  We will take these under advisement.

Most likely, we will just stop all mail() functions, but unfortunately, sending of spam is not the only thing that is happening with users and their outdated scripts nor is it just malicious scripts injected on sites, but files being added to phish, etc that themselves are not malicious (in that antivirus, mod_security, rkhunter (which we already use) would catch.

We will go through all users searching for outdated scripts.  If a site is found to contain outdated scripts we will be forced to disable all of the users sites permanently without notice.  This is unfortunate, but there are too many users that load a script and never use it.  Be sure you either keep every script updated or remove scripts you are not using.  This includes scripts in /old directories, etc.

In the past, we blocked the mail function and only allowed it upon request.  This may need to happen again.  (As said above, this would not stop all of the abuse.)

Everyone needs to keep every script they use up to date.  They need to be using the highest PHP version their scripts will allow.  We will be removing 5.2/5.3 from all servers in the near future.  If your scripts do not run with PHP 5.4 or later, it is time to find something else to use.

Due to all of the breaches of late, be sure you are changing all passwords regularly.  Especially control panel, FTP, and mail account passwords, but it is also a good idea to change database passwords as well.

The problem is not with users spamming, but users not keeping their scripts up to date that then allow others to inject files, setup phishing sites, and send massive amounts of spam.

I hope it does not have to be shut down, but unfortunately, a small number of users can cause heaps of problems.  Most of the problem users have been eliminated from the other transitions, so hopefully this will improve.

Running this service is not worth the aggravation.

We have to constantly deal with spammers exploiting users that do not keep their scripts up to date, our servers getting blacklisted, threatened to unplug our servers on a daily basis, etc.  It is an endless cycle at least every week.

For this reason, we are seriously considering shutting this service down.

The next time we find outdated scripts on a users site, spam coming from a users site, or other activities that are against our terms of service or our providers terms of service, we will be cancelling those accounts permanently.  In most cases, the exploits are either due to outdated CMS/forum/blog scripts that allow users to upload files to your site (then use those files to send massive amounts of spam), or by exploited passwords.  It is important that every change ALL of their passwords, including control panel, FTP, mail accounts, etc.

When updating to a new version of WordPress (for example) be sure to check for malicious files that could have been placed there from an exploited version (especially if you are upgrading from a version older than 3.7.1).

That would be very unfortinate and unfair to the users who legitamitly use this wonderful service and have paid for a couple of years. It would punish them more then those who are causing harm. As there aren't many hosts with such great services and very low limits, it would mean laginimate users would have to either pay a bigger fee on a different service or migrate to a free host(and we all know whats that like ). Please keep this wonderful service running, many people depend on it.

Sincerely,

Customer

Running this service is not worth the aggravation.

We have to constantly deal with spammers exploiting users that do not keep their scripts up to date, our servers getting blacklisted, threatened to unplug our servers on a daily basis, etc.  It is an endless cycle at least every week.

For this reason, we are seriously considering shutting this service down.

The next time we find outdated scripts on a users site, spam coming from a users site, or other activities that are against our terms of service or our providers terms of service, we will be cancelling those accounts permanently.  In most cases, the exploits are either due to outdated CMS/forum/blog scripts that allow users to upload files to your site (then use those files to send massive amounts of spam), or by exploited passwords.  It is important that every change ALL of their passwords, including control panel, FTP, mail accounts, etc.

When updating to a new version of WordPress (for example) be sure to check for malicious files that could have been placed there from an exploited version (especially if you are upgrading from a version older than 3.7.1).

PHP 5.5.11 has been released, but we are going to wait another day to see if an updated 5.4 version is released before building the new version on all of the servers.

Relaying has been changed from Authenticated to Closed on EU server.
We have also disabled the submission ports on this server.

If this continues, all servers will be following.

This means you will not be able to send mail using our servers, you must send via your ISP's servers.

Someone has been spamming via the EU server again.  Most likely via compromised mail password.

That server is now blacklisted.  Hopefully the provider will not unplug us like before, but if you cannot access your site, that is what happened.

An additional 22 domains were found to have outdated versions of WordPress on WEST.  Those sites have now been suspended.

As a reminder, anyone suspended today for this reason can have their site reinstated, but they must upgrade to the latest version of WordPress to keep their site running.

There are far too many exploits with these older versions of WordPress to allow you to keep using them.  Many sites have been hacked.  In the past, we have just suspended those sites, but since more and more are being altered, it is a good idea to disable them all.  Our providers have also pressured us to do this for abuse reasons.

4 Domains were found to include outdated WordPress installations on LAX.  Those 4 domains have been suspended.

The accounts from EAST and EU have been suspended.  We will allow a one time reactivation on these accounts as long as you agree to update your site.

49 Domains were found on EU that had outdated scripts.  Those sites are in the process of being suspended now.

Just checking the east server (domains only, not subdomains), we found that 22 domains had outdated versions of WordPress (earlier than 3.7.1 where the exploit was supposedly fixed).

This is just on the EAST server.  We will be suspended all sites that contain outdated scripts.  Many of these had WordPress on their root folder vs a subfolder, but either way, if we find an old version on your site, it will be taken down.

We can no longer tolerate this and since some users don't seem to think they need to keep updated scripts, those users will no longer be using our service.