PHP version 5.6 through PHP 7.1 has become EOL. Host 99 is the only Host provider that allows these versions until 2020. We must act to meet new server technology and to be able to offer new features that we currently cannot to our customers.

Dates of Deprecation:

PHP 5.6 End of Life happened on December 31, 2018.
PHP 7.0 End of Life happened on January 10, 2019.
PHP 7.1 End of Life happened on December 1, 2019.

Current Status: X represents not available after marked dates

Laravel 5.7: PHP >= 7.1.3 – X
Craft CMS 3.0.25: PHP >= 7.0 -X
WordPress 4.9.8: PHP >= 7.2
Symfony 4.1: PHP >= 7.1.3 -X
Neos 4.0: PHP >= 7.1 – X
Drupal 8: PHP >= 5.5.9 -X
PHPUnit 7: PHP >= 7.1 -X

Starting January 1, 2020. Host 99 technicians will start pulling these versions and will not longer function. There is no further support or patches for these versions and they are deemed a HIGH security risk to be in use and are not PCI-DSS Compliant.

Please proceed to update as soon as possible to avoid downtime. If you have any questions please feel free to contact us, our technicians will assist you with your requests.

#pcicompliance #newfeatures #bettersecurity #prosper #webhosting #security #development #ecommerce #zencart #wordpress

We have completed the scheduled maintenance for Server 23.

Unfortunately, Server 25 is still undergoing maintenance and transfers due to PCI Compliance requirements. Some of those accounts have already been transferred to their new destination. The remaining accounts under Server 25 will be under scheduled maintenance from April 25th, 2016 at through April 30th, 2016 to prevent as less downtime as possible & the transfer process will be slower to move the accounts to the upgraded network.

Server 23 has been completed and no further actions is required from those accounts. Server 23 customers should update their cPanel destination please log into your Host 99 account and navigate to “My Services Details” area and obtain the information there.

We greatly appreciate your patience, understanding during this transition.

Servers that will be affected as of today:
Server 25

Please be advised that we will be performing a scheduled network maintenance during the following date and time:

Starting Wed., April 20th, 2016 at 6 a.m. EST through Monday, April 25th, 2016 6 a.m. EST

Servers that will be effected:
Server 23
Server 25

This maintenance is necessary to perform upgrades on our servers to meet latest stable versions of the following components on our shared hosting platforms.

Server Hardware
cPanel Versions (Security)
Kernel Upgrade
Centos Upgrade From 6 to 7 on some machines from Centos 5 to 7
Network Switches (Gateways)

PCI Compliance Upgrades:
Regarding Host-99 PCI Compliance hosted customers we will be updating the following components on some of our PCI Compliance platforms.

PCI 2.0 to PCI 3.0
PCI Data Security Standard (DSS)
PIN Transaction (PTS) Security Requirements
Application Firewall and Hardening
Security Information and Event Management (SIEM)
Two-factor authentication
Encryption: FIPS-140-2
Internet Load Balancing
Dedicated Spotlight Server
Patching of the required infrastructure and operating system components

During this maintenance we will be moving switches onto a higher capacity switch fabric to enable faster connections to the Host-99 network from all points of the globe.

Action required: No action is required by our customers at this time. Your services will remain online during the upgrade unless otherwise noted. No data or inbound messages will be lost during this time, they will be stored on our mail relay servers until they can be delivered to your mailbox. If any changes are required our server technicians will send out a bulletin stating the requirements and full instructions to follow.

This maintenance will be SERVICE IMPACTING do to propagation of our new DNS servers (MINIMAL IMPACT). During this maintenance window you may experience two separate instances of latency and/or packet loss lasting up to 10 minutes each once we have made the changes.

You can check back from time to time on our Facebook page, Twitter and our blog for any posted updates or announcements. Please we ask all customers not to submit support tickets unless absolutely necessary if you are hosted on these two servers. We are aware of the effects of this maintenance process an each and every account will be restored back to normal operations when completed.

We appreciate your business and we appreciate your patience during this transition.

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

• The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
• WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.

Thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

We are proud to announce Host 99 will be fully supporting Server Name Indication.

What is SNI support?

SNI (Server Name Indication) support allows you to host multiple SSL certificates for different domains on the same IP add ress. At the start of the “handshake” process, SNI indicates the hostname to which the client connects. Users who are on shared servers that support SNI can install their own certificates without a dedicated IP address.

In order to experience the full benefit of SNI, all operational servers must run an operating system that supports this functionality, such as CentOS 6.

(SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS.

Name-based virtual hosting allows multiple DNS hostnames to be hosted by a single server (usually a web server) on the same IP address. To achieve this the server uses a hostname presented by the client as part of the protocol (for HTTP the name is presented in the host header). However when using HTTPS the TLS handshake happens before the server sees any HTTP headers. Therefore it is not possible for the server to use the information in the HTTP host header to decide which certificate to present and as such only names covered by the same certificate can be served from the same IP address.

In practice, this means that an HTTPS server can only serve one domain (or small group of domains) per IP address for secured browsing. Assigning a separate IP address for each site increases the cost of hosting, since requests for IP addresses must be justified to the regional internet registry and IPv4 addresses are now in short supply. The result is that many websites are effectively prevented from using secure communications over IPv4. IPv6 naturally deals in blocks of IP addresses at a time so is unaffected by this issue.

How SNI fixes the problem

SNI addresses this issue by having the client send the name of the virtual domain as part of the TLS negotiation. This enables the server to select the correct virtual domain early and present the browser with the certificate containing the correct name. Therefore with clients and servers that implement SNI, a server with a single IP address can serve a group of domain names for which it is impractical to get a common certificate.

SNI was added to the IETF’s Internet RFCs in June 2003 through RFC 3546, Transport Layer Security (TLS) Extensions. The latest version of the standard is RFC 6066.

(SNI) will only be available to Non PCI Compliant Regulated Accounts at this time. More details regarding SNI will be posted periodically on our blog and social media.

We have now implemented a strong suite for email over SSL. The change is simple and it allows you to protect your emails with stronger encryption. All email accounts must be set to allow SSL. We highly recommend using POP over IMAP for these configurations

When setting up your email client to send and receive email over SSL the following ports will need to be used:

“My Server Requires Authentication” must be checked and active (Thunderbird does not require this setting)

Incoming Port List:

• POP: 995
• IMAP: 143
• Security IMAP Type SSL: STARTTLS

Outgoing Port List:

• POP: 25 or 26
• IMAP: 26 or 993
• Security IMAP Type SSL: STARTTLS

Make the changes for Microsoft Outlook to resemble the configurations in the image below.

In Thunderbird:

Make sure your settings look like the image below. Be sure to accept any SSL certificates if asked. The SSL certificate will not be a domain dedicated SSL. It will be for the server your account is hosted on for best practices for virus spam protection.

All other email clients are to be set to the settings above or similar. If you are not able to get the SSL to work on your particular client please contact your local I.T. for support. Host 99 only offers support for it’s configurations not the email client itself.

In order to better serve our customers, Host 99 is making an important upgrade in your server's default configuration. The default version of PHP employed by our servers will be updated to PHP 5.4. This change will ensure a more secure and stable hosting environment going forward.

To help make this transition as smooth as possible, we are giving all customers some time to upgrade all PHP applications to insure compatibility.

This upgrade will take place on August 3, 2014 at 12 am EST standard time.

1. Why are you making this change?

The default version of PHP that our servers are currently utilizing; PHP 5.2 ; has been deprecated for some time. As such, we would like to see your sites enjoying the security and performance benefits of the newer versions of PHP which we already have available on the server.

2. How can I make sure my sites will work?

You will need to perform tests and research or contact the script developers or companies on which scripts you use to insure all applications are compatible.

3. Will my site experience any down time?

The update between PHP versions is simply a one step process. Downtime is estimated to one hour for the server itself. Applications that are not compatible with PHP 5.4 will fail to load properly once the change is performed. Again, while we will make every effort to offer better security, it is you as the customer to have all software updated to meet PHP 5.4 requirements please take immediate action to insure your website is fully functional with PHP 5.4

4. Who can help me update my site/script to use a newer version of PHP?

While we can assist you with changing the version of PHP your script utilizes, we will not be able to recode your site to be compatible with newer versions of PHP. You should contact the script's author/developer to inquire as to whether or not they currently have or plan to re-design their code to utilize later versions of PHP.

Server 23 maintenance has now been completed. All email and spam controls have been updated and restored to fully functional status. We do appreciate your patience during this period.

Server 23 is scheduled for maintenance on July 9, 2014 @ 12 am EST. This is an unexpected maintenance scheduled for issues found with the servers Spam and Email systems network connections.  Due to this non disclosed issue it is required for repair and email interruptions may occur. We will update periodically regarding the repairs and updates. No other servers are effected at this time. We do apologize for any inconvenience this may cause.

PCI Compliance
v1.5.0 is PA-DSS certified.
v1.5.1 was an optional update, not submitted for formal re-certification.
v1.5.2 was released as a beta only, and not submitted for formal re-certification.
v1.5.3 began re-certification but encountered delays, and is being released before certification is finalized. It includes stronger password handling with blowfish encryption, and many other improvements for security and performance and compatibility.

A final PCI-Certified version will be released (with a new version number) in hopefully only a couple months. This release is going out now so the community can benefit from the many improvements, including PHP 5.4 and PHP 5.5 compatibility, to keep up with current server upgrades happening with many hosting companies.

More Information Can Be Found on the Zen Cart website.

Server 26 old disk was successfully mounted and we have started to prepare data transfer to the new HD. Currently we are copying all the files to the new disk and the entire restoration will be completed within a few hours. (Accurately transfer without loss of data) We will update again once the entire process is completed.

==============PREVIOUS ANNOUNCEMENT (#2) ===================

Server 26 will require several hardware replacements to be fully restored. Our team is moving through these quickly. Our support and social media teams are working with customers to address any residual effects of the server reboots as well. It’s time like these that we realize most that it’s our customers who make Host 99 great–and when we appreciate you the most.

All accounts will be moved to a new server with much more resource and updated hardware. This action will require time. We do understand time is money and emails equals business. We are working around the clock with a full team to get server 26 restored and stable enough to transfer all accounts to the new server.

We know you’ve heard it before (and you’ll hear it again), but thank you for your support and patience.

==============PREVIOUS ANNOUNCEMENT ===================

It has been confirmed that Server 26 is experiencing high disk I/O wait. The server is actually up and functional. Due to ” high disk I/O wait” the server may seem unresponsive at times. May show an error such as “The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer’s network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.”

At this time we are preparing for HD replacement to restore access to all accounts. The rough graph below shows the ” high disk I/O wait” process and what is all involved. Again, we do apologize for the inconvenience and as expected the scheduled maintenance was required.

This announcement is a reminder. That Server 26 is currently being updated with known security vulnerabilities and hardware replacement due to previous failures a few weeks ago announced on 05/15/2014.  We do understand the inconvenience of the server being non functional but it is inevitable for the server to be fully operational without interruptions when hardware and updates are required.

We are currently finishing up the servers repairs and updates and will be fully functional in a short while. If you have any questions please do not hesitate to contact support for assistance. We do appreciate your business and your patience during this time.

We are currently experiencing a bug in our license file verification system.

Servers effected are as follows:

1. Server 22
2. Server 23
3. Server 24
4. Server 25
5. Server 26
6. Server 31
7. Server 63

Zones Effected:
1. Zone 3
2. Zone 7

These are being addressed by cPanel and will be fixed as soon as possible. The cPanel license error does not effect website up time. Only section effected is the cPanel platform. We do apologize for the inconvenience.

The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today.

The most serious of these is a potential man-in-the-middle attack CVE-2014-0224 which is being referred to as CCS Injection. Both Google’s Adam Langley and the original reporter of the problem have write ups that give more technical detail.

Host 99 technicians will be applying the required patch to all Host 99 servers to insure all servers, websites, accounts that use SSL are protected against CVE-2014-0224 and all the other vulnerabilities announced today. Everyone who uses OpenSSL in their software or on their server should upgrade as soon as possible; the OpenSSL team has released new versions today and Host 99 is implementing these patches immediately.

During this time all websites, accounts should not experience any downtime. In any case if performance shows sign of being slow or lagging. This is the reason for that. We do understand the importance of performance and we will work as fast as possible to insure all servers are protected and downtime is minimum if any.

We do appreciate your patience during this time.

Due to possible severe found issues with Server 26, we are forced to reboot Server 26 to find any possible issues that may be related to hardware or networking with the server. Due to high loads and connectivity issues we are forced to reboot and run “Maintenance” to insure the server is fully operational. The server has not been rebooted for more then 300 days which is usually beyond our allotment. We insure you the server will be functional as soon as humanly possible.

We will be performing several software updates on our servers this today at 3pm EST, 2pm CST, 12pm PST. The maintenance is required in order to keep the servers secure and up-to-date and functional. The Host 99 website , blog and support forum will be available during this time. We expect only a very short interruption of our service processing (i.e. while the web server software is restarting) and maintenance is being performed.

At this time it is unavoidable and is required. We understand the importance of the downtime and we do apologize for the inconvenience this may cause. We will keep our announcement section, blog and Social media sources updated regularly. If you have questions please submit a support ticket (Update Current Tickets) and we will answer as soon as we possible can regarding your questions.

We appreciate your patience during this procedure.

Host 99 Technical Security & Annalists Team
Host-99.com® | a E-Online Source solution
PCI Certified Hosting | Level 1 Compliant
Security and PCI Specialists

Host 99 is proud to announce the soon to be released SSD Business Hosting Server Platform Servers are now in the insight of our new SwiftServer platforms soon to release. Stay tuned for these updates and releases.. Hosting has taken a turn for the best with speeds up to 300 times faster then all servers Host 99 provides at this current time.

Keep visiting http://www.host-99.com/ for these updates and grab your SSD Platform as soon as it is available. Limited to PCI Regulated accounts only at this time.

Host 99 has partnered with CloudFlare to provide additional website protection while accelerating your site. Free!

What is CloudFlare?

CloudFlare is a service that improves your website’s performance and security. CloudFlare acts as a proxy between your visitors and our servers and can cache content and filter malicious traffic before it hits your origin server.

CloudFlare is suitable for all websites, including dynamic websites. We have partnered with CloudFlare and have implemented the service into our control panel. This means you can try the service with just a few clicks. If you are ever unhappy you can turn CloudFlare off as easily as you turned it on.

Advantages of the CloudFlare system

Site Performance Improvement: A typical website on CloudFlare loads twice as fast.

Bot and Threat Protection: CloudFlare uses data from third party sources, as well as the data from its community, to identify malicious threats online and stop the attacks before they even get to your site.

• Spam Comments Protection: CloudFlare leverages data from its own community and from third party resources to reduce the number of spam comments on your site.
  
• Alerting Visitors of Infected Computers: CloudFlare alerts human visitors that have an infected computer that they need to take action to clean up the malware or virus on their machine.
  
• Always Online Mode: In the event that a server is unavailable, visitors should still be able to access your site since CloudFlare serves the visitor a page from its cache.
  
• Lower CPU Usage: As fewer requests hit your DreamHost server, this lowers the overall CPU usage of your account.
  
• New Site Analytics: CloudFlare’s system keeps statistics on each hit and offers special insight into search engine crawlers and threats.

Who can use CloudFlare?

CloudFlare can be used by anyone with a website and their own domain, regardless of your choice in platform.
All Host 99 hosting plans INCLUDE CloudFlare security for FREE. Why wait? Take this offer and add the security to your website and be trouble free.

Two factor authentication is fully implemented at Host 99. Your account at Host 99 is now secured including your billing and cPanel logins with added phone authentication, and use 2FA to ensure that your account stays in your hands.

Learn More