Self-Assessment Questionnaires (SAQ) are forms used by eligible organizations to report the results of a PCI Data Security Standard (PCI DSS) self-assessment. On 30 January, the PCI Security Standards Council
Exploit type: Remote Code Execution in third-party PHPMailer library CVE Numbers: CVE-2016-10033 and CVE-2016-10045 http://www.securityweek.com/critical-rce-flaw-patched-phpmailer All versions of the third-party PHPMailer library distributed are vulnerable to a remote code execution
Find out what you need to do to update your security and protect your data! What is SHA? Contrary to popular belief, SHA is not an encryption. SHA stands for
We have completed the scheduled maintenance for Server 23. Unfortunately, Server 25 is still undergoing maintenance and transfers due to PCI Compliance requirements. Some of those accounts have already been
Please be advised that we will be performing a scheduled network maintenance during the following date and time: Starting Wed., April 20th, 2016 at 6 a.m. EST through Monday, April
We have now implemented a strong suite for email over SSL. The change is simple and it allows you to protect your emails with stronger encryption. All email accounts must be set to allow SSL. We highly recommend using POP over IMAP for these configurations
When setting up your email client to send and receive email over SSL the following ports will need to be used:
“My Server Requires Authentication” must be checked and active (Thunderbird does not require this setting)
Incoming Port List:
- POP: 995
- IMAP: 143
- Security IMAP Type SSL: STARTTLS
Outgoing Port List:
- POP: 25 or 26
- IMAP: 26 or 993
- Security IMAP Type SSL: STARTTLS
Make the changes for Microsoft Outlook to resemble the configurations in the image below.
Make sure your settings look like the image below. Be sure to accept any SSL certificates if asked. The SSL certificate will not be a domain dedicated SSL. It will be for the server your account is hosted on for best practices for virus spam protection.
All other email clients are to be set to the settings above or similar. If you are not able to get the SSL to work on your particular client please contact your local I.T. for support. Host 99 only offers support for it’s configurations not the email client itself.
Google officially announced that using a secure https:// (SSL Certificate) increases the ranking of your site.
It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of “nudging” behavior by Google. For years, the legacy entertainment industry has pushed Google to better rank “good” sites and to down rank “pirate” sites — which the industry still seems to think is a simple black and white calculation (it’s not). Google can point out that SSL v. non-SSL is obvious, but fully expect those who seem to think Google should be designed in their own interests, as opposed to those of Google’s users, to jump on this as proof that Google can solve other problems.
This still is a good move, though. Encouraging more encryption on the web is always the right move. It is just still a bit surprising that Google would take this step, and wonder how others will react to it.
In order to better serve our customers, Host 99 is making an important upgrade in your server's default configuration. The default version of PHP employed by our servers will be updated to PHP 5.4. This change will ensure a more secure and stable hosting environment going forward.
To help make this transition as smooth as possible, we are giving all customers some time to upgrade all PHP applications to insure compatibility.
This upgrade will take place on August 3, 2014 at 12 am EST standard time.
1. Why are you making this change?
The default version of PHP that our servers are currently utilizing; PHP 5.2 ; has been deprecated for some time. As such, we would like to see your sites enjoying the security and performance benefits of the newer versions of PHP which we already have available on the server.
2. How can I make sure my sites will work?
You will need to perform tests and research or contact the script developers or companies on which scripts you use to insure all applications are compatible.
3. Will my site experience any down time?
The update between PHP versions is simply a one step process. Downtime is estimated to one hour for the server itself. Applications that are not compatible with PHP 5.4 will fail to load properly once the change is performed. Again, while we will make every effort to offer better security, it is you as the customer to have all software updated to meet PHP 5.4 requirements please take immediate action to insure your website is fully functional with PHP 5.4
4. Who can help me update my site/script to use a newer version of PHP?
While we can assist you with changing the version of PHP your script utilizes, we will not be able to recode your site to be compatible with newer versions of PHP. You should contact the script's author/developer to inquire as to whether or not they currently have or plan to re-design their code to utilize later versions of PHP.
Server 23 maintenance has now been completed. All email and spam controls have been updated and restored to fully functional status. We do appreciate your patience during this period.
Server 23 is scheduled for maintenance on July 9, 2014 @ 12 am EST. This is an unexpected maintenance scheduled for issues found with the servers Spam and Email systems network connections. Due to this non disclosed issue it is required for repair and email interruptions may occur. We will update periodically regarding the repairs and updates. No other servers are effected at this time. We do apologize for any inconvenience this may cause.
EPIC – Electronic Privacy Information Center has filed a formal complaint to the Federal Trade Commission against Facebook for their secret manipulation experiment.
Facebook could be facing a federal investigation. Stay tuned and tell Facebook to STOP: https://cms.fightforthefuture.org/facebook-stop-tests/
This one is worth bringing back because the situation now is as urgent as it ever was. Take action: http://cms.fightforthefuture.org/tellfcc
v1.5.0 is PA-DSS certified.
v1.5.1 was an optional update, not submitted for formal re-certification.
v1.5.2 was released as a beta only, and not submitted for formal re-certification.
v1.5.3 began re-certification but encountered delays, and is being released before certification is finalized. It includes stronger password handling with blowfish encryption, and many other improvements for security and performance and compatibility.
A final PCI-Certified version will be released (with a new version number) in hopefully only a couple months. This release is going out now so the community can benefit from the many improvements, including PHP 5.4 and PHP 5.5 compatibility, to keep up with current server upgrades happening with many hosting companies.
More Information Can Be Found on the Zen Cart website.
Server 26 old disk was successfully mounted and we have started to prepare data transfer to the new HD. Currently we are copying all the files to the new disk and the entire restoration will be completed within a few hours. (Accurately transfer without loss of data) We will update again once the entire process is completed.
==============PREVIOUS ANNOUNCEMENT (#2) ===================
Server 26 will require several hardware replacements to be fully restored. Our team is moving through these quickly. Our support and social media teams are working with customers to address any residual effects of the server reboots as well. It’s time like these that we realize most that it’s our customers who make Host 99 great–and when we appreciate you the most.
All accounts will be moved to a new server with much more resource and updated hardware. This action will require time. We do understand time is money and emails equals business. We are working around the clock with a full team to get server 26 restored and stable enough to transfer all accounts to the new server.
We know you’ve heard it before (and you’ll hear it again), but thank you for your support and patience.
==============PREVIOUS ANNOUNCEMENT ===================
It has been confirmed that Server 26 is experiencing high disk I/O wait. The server is actually up and functional. Due to ” high disk I/O wait” the server may seem unresponsive at times. May show an error such as “The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer’s network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.”
At this time we are preparing for HD replacement to restore access to all accounts. The rough graph below shows the ” high disk I/O wait” process and what is all involved. Again, we do apologize for the inconvenience and as expected the scheduled maintenance was required.
This announcement is a reminder. That Server 26 is currently being updated with known security vulnerabilities and hardware replacement due to previous failures a few weeks ago announced on 05/15/2014. We do understand the inconvenience of the server being non functional but it is inevitable for the server to be fully operational without interruptions when hardware and updates are required.
We are currently finishing up the servers repairs and updates and will be fully functional in a short while. If you have any questions please do not hesitate to contact support for assistance. We do appreciate your business and your patience during this time.
We are currently experiencing a bug in our license file verification system.
Servers effected are as follows:
1. Server 22
2. Server 23
3. Server 24
4. Server 25
5. Server 26
6. Server 31
7. Server 63
1. Zone 3
2. Zone 7
These are being addressed by cPanel and will be fixed as soon as possible. The cPanel license error does not effect website up time. Only section effected is the cPanel platform. We do apologize for the inconvenience.
The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today.
The most serious of these is a potential man-in-the-middle attack CVE-2014-0224 which is being referred to as CCS Injection. Both Google’s Adam Langley and the original reporter of the problem have write ups that give more technical detail.
Host 99 technicians will be applying the required patch to all Host 99 servers to insure all servers, websites, accounts that use SSL are protected against CVE-2014-0224 and all the other vulnerabilities announced today. Everyone who uses OpenSSL in their software or on their server should upgrade as soon as possible; the OpenSSL team has released new versions today and Host 99 is implementing these patches immediately.
During this time all websites, accounts should not experience any downtime. In any case if performance shows sign of being slow or lagging. This is the reason for that. We do understand the importance of performance and we will work as fast as possible to insure all servers are protected and downtime is minimum if any.
We do appreciate your patience during this time.
Due to possible severe found issues with Server 26, we are forced to reboot Server 26 to find any possible issues that may be related to hardware or networking with the server. Due to high loads and connectivity issues we are forced to reboot and run “Maintenance” to insure the server is fully operational. The server has not been rebooted for more then 300 days which is usually beyond our allotment. We insure you the server will be functional as soon as humanly possible.
We will be performing several software updates on our servers this today at 3pm EST, 2pm CST, 12pm PST. The maintenance is required in order to keep the servers secure and up-to-date and functional. The Host 99 website , blog and support forum will be available during this time. We expect only a very short interruption of our service processing (i.e. while the web server software is restarting) and maintenance is being performed.
At this time it is unavoidable and is required. We understand the importance of the downtime and we do apologize for the inconvenience this may cause. We will keep our announcement section, blog and Social media sources updated regularly. If you have questions please submit a support ticket (Update Current Tickets) and we will answer as soon as we possible can regarding your questions.
We appreciate your patience during this procedure.
Host 99 Technical Security & Annalists Team
Host-99.com® | a E-Online Source solution
PCI Certified Hosting | Level 1 Compliant
Security and PCI Specialists
Host 99 is proud to announce the soon to be released SSD Business Hosting Server Platform Servers are now in the insight of our new SwiftServer platforms soon to release. Stay tuned for these updates and releases.. Hosting has taken a turn for the best with speeds up to 300 times faster then all servers Host 99 provides at this current time.
Keep visiting http://www.host-99.com/ for these updates and grab your SSD Platform as soon as it is available. Limited to PCI Regulated accounts only at this time.
You can click to access the list of all the possibly affected sites. But before signing off any site as ‘vulnerable’, we recommend that you check their respective blogs for the latest updates. There is no way of telling how many sites out of the list were actually attacked as the bug leaves no trace of any attack carried out on the site.
Thankfully, names like Google, Amazon, and Microsoft have not yet found their way to the list.
The Federal Trade Commission is warning small businesses that an email with a subject line “Pending consumer complaint” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.
The FTC’s advice: Delete the email. For more information on malicious software (malware), visit www.OnGuardOnline.gov/malware.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
Big web hosting companies’ get all the attention in an industry they seem to dominate. With exposure, rankings, and search engine results they can often create whatever reputation they want for themselves. Invariably, most customers go with the big web hosting companies, because these are the only providers they know about from their limited research. But does a bigger hosting company necessarily mean that the company is better? Here is a look at some aspects that might make you choose a smaller company.
Isn’t Bigger Better?
Often times our mentality leads us to think that bigger is always better. After all, how did they get so big in the first place? They must be doing something right. But just because a web hosting company did something right at some point, does not mean they have it all figured out now.
One advantage of going with a smaller company is the fact that they don’t have a huge budget for their advertising. Because smaller companies don’t have bottomless advertising funds, they must take care of their existing customers and rely on word-of-mouth from current customers to get new ones. They will ensure that you get the best offers, prompt customer care, personalized services and do anything else you need, because you are important to their future.
A big hosting company with 1,000,000 users, on the other hand, knows that if you walk away there are 50 new people signing up while you are busy complaining. Your business is not as valuable to a big company as it is to a smaller company. So, in many cases the customer service of the big company does suffer.
The Big Company vs. the Smaller Company
Numerous big web hosting companies offer tons of space and bandwidth that customers don’t necessarily need. Most customers will overlook their actual requirements and settle for quantity over quality.
The big companies also offer excessive quantity to outgun each other; once one does it, all the others have to follow to keep up. Customers need to understand their needs and not get lured in by excessive offers that lack quality. After all, when was the last time you uploaded a 2000 GB file?
Another commonly misconceived notion is that small companies do not offer 24/7 support. In today’s market, big and small companies tend to offer 24/7 customer support. But with big companies, you tend to run the risk of speaking to someone who is poorly trained with no technical background.
While you can’t guarantee that every small hosting company is better than a big hosting company, we just think it is important that you don’t over look small hosting companies during your search. At the end of the day, it isn’t just about the 100000000000GB bandwidth or 100000000GB space that makes a difference in your company, but it’s the quality of service that makes the difference.
Host 99 has partnered with CloudFlare to provide additional website protection while accelerating your site. Free!
What is CloudFlare?
CloudFlare is a service that improves your website’s performance and security. CloudFlare acts as a proxy between your visitors and our servers and can cache content and filter malicious traffic before it hits your origin server.
CloudFlare is suitable for all websites, including dynamic websites. We have partnered with CloudFlare and have implemented the service into our control panel. This means you can try the service with just a few clicks. If you are ever unhappy you can turn CloudFlare off as easily as you turned it on.
Advantages of the CloudFlare system
Site Performance Improvement: A typical website on CloudFlare loads twice as fast.
Bot and Threat Protection: CloudFlare uses data from third party sources, as well as the data from its community, to identify malicious threats online and stop the attacks before they even get to your site.
- Spam Comments Protection: CloudFlare leverages data from its own community and from third party resources to reduce the number of spam comments on your site.
- Alerting Visitors of Infected Computers: CloudFlare alerts human visitors that have an infected computer that they need to take action to clean up the malware or virus on their machine.
- Always Online Mode: In the event that a server is unavailable, visitors should still be able to access your site since CloudFlare serves the visitor a page from its cache.
- Lower CPU Usage: As fewer requests hit your DreamHost server, this lowers the overall CPU usage of your account.
- New Site Analytics: CloudFlare’s system keeps statistics on each hit and offers special insight into search engine crawlers and threats.
Who can use CloudFlare?
CloudFlare can be used by anyone with a website and their own domain, regardless of your choice in platform.
All Host 99 hosting plans INCLUDE CloudFlare security for FREE. Why wait? Take this offer and add the security to your website and be trouble free.
You’ve heard a lot of talk about the importance of backingup your hard drive just in case something should happen to your computer. There are few things more painful than knowing that all of your precious files have been lost forever. The same holds true for websites. It seems like every day there is a new headline about the latest high profile website crash. Unfortunately, website threats are very real. Backing up your website helpsyou to safeguard against those threats.
Unfortunately, hackers have become commonplace on the web. While the aim of a hacker may be to steal credit card numbers and other sensitive information, often people hack websites merely to prove themselves or cause trouble. If your website is online, there is always the chance that it may become compromised.
Storing a copy of your files on your computer is a good idea, but should your machine crash, get lost, or fall off a cliff, then your files will be gone with it. Backing up your files remotely is a more practical option in the event that something happens to your machine.
Updates Gone Wrong
Regular updates refer to updated features and increased security, but they don’t always go as planned. This is why WordPress always tells you to perform a backup before updating. Websites have multiple components, including plugins, themes, software, and back-end programming. An awry update to any of these can take an entire website offline for any amount of time.
Malware and Viruses
Viruses, trojan horses, and other malware can find their way into your website even via third parties that are normally safe. You can download them unknowingly with a theme or plugin, or they can slip in through a chink in your firewall’s armor. Having backup files means that you’ll be prepared just in case your site starts acting mysteriously weird.
The truth is that people make mistakes. It’s perfectly possible that an employee or contractor might click a wrong button or delete a necessary file by accident. When you backup your files, there’s less chance that human error will mess up your operations.
Minimize the Damage
Say you log onto your website one day, only to be greeted with an unfamiliar error page. You try again and again, but it still doesn’t come up. You get a sinking feeling in your stomach as you realize that something has gone wrong. You could either a) Go into an all out panic as you try to figure out what went wrong, and whether or not you’ve lost all of your precious content, or b) Become a bit annoyed that you may have to spend some time reloading your website, but you won’t have reason to go into an anxious tailspin.
How to Backup Your site
If by now you’re convinced that backing up your website is the right thing to do, there are a few ways you can go about it.
Find out if your web host provides website backups as a service.
Contact the person who designed your website and ask them to do it for you. They should have enough knowledge of how content management systems work that they would be able to manually backup your files.
Use an additional “just in case” backup service. Many of these services exist, so do your research. Some are more cost effective than others, while others have software that’s more or less user friendly.
Install a backup plugin on your site. Some plugins allow you to schedule backups, as well as send your files to cloud services like Dropbox.
If you have a smaller website, you might just choose to compress your files in a ZIP folder and email them to yourself. Again, this works best for small websites. So if the size of your files is bigger than your email provider allows you to send, or if you expect that the size of your site will expand, then look into one of the other backup options.
It’s a good idea to also save a copy of your files on your computer, though you should also do this in addition to one of the other techniques. Having two copies of your files isn’t a bad idea. As the old adage goes, better safe than sorry.
Backing up your site doesn’t take a lot of time or money, and it it’s a worthwhile investment considering all of the threats that exist online. Backup your website today, and avoid becoming one of those anxiety-ridden business owners who must reluctantly restart their website from scratch.
Two factor authentication is fully implemented at Host 99. Your account at Host 99 is now secured including your billing and cPanel logins with added phone authentication, and use 2FA to ensure that your account stays in your hands.