ENOM DNS issues

ENOM are currently having some DNS issues which is affecting any of our customers who use ENOM DNS servers. This includes customers who manage their DNS through our domain portal www.loudex.net which uses ENOM.

Sorry for the inconvenience, but this is somehting we have no control over.

more details can be found on ENOM’s twitter feed here

CryptoLocker Virus – What you need to know

With Christmas fast approaching, it’s the time of year that online scammers, spammers and hijackers send themselves into overdrive mode.

Christmas is such an important time of year for many of our businesses, especially those in e-commerce who need to deal with the festive spike, so hackers know it is a good time to strike.

One of the nastiest online threats around has sadly reared it’s ugly head again this year, and has affected some of our customers.

It is a particularly horrible piece of ransomware called Crypto Locker, which is infecting Windows computers around the world, and has been since September 2013.

It is delivered in email form, and tricks recipients into opening the email by pretending to be from a legitimate company. Those who download the zip file inside it unintentionally allow Crypto Locker to control their computers. Crypto Locker then holds your computer hostage and leaves you with one choice: pay a set amount of ransom money or lose everything on your hard drive.

Once the virus has taken hold, there is horribly little you can do, but we do have a couple of suggestions that could help.

Infected computers will display a warning notice (from the virus) that tells you not to “disconnect from the Internet or turn off your computer”. Funnily enough, this is exactly what you should do, as if the virus is still in the process of infecting your files, unplugging your computer may save some them.

Next, find out which files you have lost to assess the extent of the damage. Check whether you have backups of these, which could be in your ‘Windows System Restore’ files. Make sure there is nothing missing that you absolutely need and don’t have access to anywhere else. Hopefully you will find everything essential to you, as paying the ransom to get them back will only encourage more malware of this sort to be created.

If you do have a backup, you should wipe your computer of the virus by running your antivirus software, as virtually every version will get rid of Crypto Locker. Next you can restore your backup and sigh a huge sigh of relief.

If you do not have backups, and you have no other way of accessing important files, there is little you can do but pay the ransom.

There are however a number of copycat viruses around which show up asking for money even though your computer isn’t infected. So if you do think your computer may be infected, ask an expert before paying anyone anything!

To prevent an attack, make sure you are careful with any email you receive and don’t open it if you can’t figure out who it is from or why they may be emailing you. Back up all of your personal and business files regularly, and run up to date anti-virus software regularly.

Be really careful with any email you receive, don’t download or open any attachments before being absolutely sure what they are.

If you are still unsure of your options, give us a call on 0845 468 2369 and we can discuss the virus, precautions you should take and anti-virus software. 

Retirement of BABCOM-POST SMTP relay servers

Back in 2012 we made an announcement about various changes to our services, including the discontinuation/retirement of our BABCOM-POST servers which are currently used for SMTP relay of bulk email and email from websites hosted on HELM servers.

The original announcement can be found HERE.

This change will now come into affect on the 1st Jan 2015 along with the EOL retirement of all the HELM servers, and it will no longer be possible to relay email through these servers after this date.

Customers currently using these servers to send mail will need to use an alternative method.

All email sent through our servers must comply with our ANTI-SPAM policy HERE. Any domains found to be sending mail in breach of this policy which results in our servers being blacklisted may be banned from sending any further email through our servers at our discretion.

The default method to send email will be as follows

  • By default all outgoing email will need to be sent through one of your existing pop3 accounts and will be subject to the standard mail limits.
    Details on the mail limits and quotas can be found HERE.
  • You will only be able to send email FROM a REAL email address hosted on our mail server. You will not be able to use FAKE from addresses or an email address that is not hosted on the same server, any emails trying to do this will be rejected.

This may require you to make minor changes to any code on your website that sends email and specify the smtp server, username and password.


Bulk email options

If you need to send large quantities of email that exceeds the quotas of your mailbox, such as newsletters or transaction emails, then we recommend the following options.

  • If you need to send 12,000 or less emails per month, and do not require any support or advanced features then please take a look at www.mandrill.com, which is FREE for up to 12,000 emails per month.
  • If you are looking for a fully supported service which includes bounce processing, reporting and mail/link tracking then please consider our SendGrid service which starts at £10 per month.


New Domain Names Launching!

We have just heard that 14 new domain extensions are entering new launch phases. Some will become available to the general public, whereas others will be available to pre-register for if you have the relevant Trademark.

Have a look at the launch dates and specifications of these great new TLD (top level domain) names below:

Wednesday, 5th November


Pre-registration and Sunrise for Trademark Holders


Priority Placement for Landrush


Priority Placement for Early Access


General Availability



Wednesday, 12th November

Sunrise for Trademark Holders


Priority Placement for Early Access


General Availability


If you have any questions or would like more information, please email our sales team

Patch Tuesday – Your update on the updates

It was a very busy “Patch Tuesday” as far as we can tell with major releases from all the tech giants including Microsoft, Apple and even Oracle who released security patches for Java earlier this week also. As always for our managed customers we don’t just jump in and start updating client systems we usually wait a few days so we can listen to the jungle drums of the Internet and wait to see if a groundswell of complaints materialises from overly eager IT managers who have broken something because the patch is, for want of a better word, flawed.


Finally for those running Windows, information about Microsoft’s security patches  for Patch Tuesday October 2014 can be found by clicking the link below but in short its quite a biggie for Windows 2003 SP2 (both X64 and X32 editions) with a number of critical issues particularly in IE



For more information on the Java update please read more here;


The main thing to note with this Java update is that they released two versions of Java 1.7. Version 1.7.0_71 contains only the security patches and 1.7.0_72 contains both the security patches and non critical/non security bug fixes. Larry’s men recommend upgrading to 1.7.0_71 unless you are experiencing one of the issues patched in 1.7.0_72.


Yesterday Apple also unleashed its new desktop operating system, Yosemite. Whilst never advertised as a security update the folks at Apple always ensure that OSX updates includes fixes for the most recently identified vulnerabilities. The OS was first announced at Apple’s developer’s conference last June, but became available as a free download Yesterday after apples main event in Cupertino, Calif.

To find out more, see what Apple has to say about their latest release here http://www.apple.com/uk/osx/



You may have read about “poodle” (CVE-2014-3566) vulnerability in an earlier post but for those who didn’t it was very big news. In short, it’s an architectural bug in the SSLv3 protocol that means it cannot be patched or fixed you just need to use a better security protocol. Security boffins are recommending that you disable SSLv3 support on your servers and clients as soon as possible to avoid leaving the door open.


ACTION: Disable SSLv3 on your servers to be safe.

The impact of disabling SSLv3 on your web server means that clients that don’t support the TLSv1 protocol will not be able to connect over HTTPS (IE6 on Windows XP). You should also consider any crawlers, bots or API traffic coming from other servers that may be using an older HTTPS client.

More on poodle:


Staying ahead of the bad guys

There are things you can do to check for vulnerabilities in your server configuration like add HackMyCF to your subscription from as little as £5 per month. The newly updated HackMyCF JVM scanner will raise an issue if your server has not been updated and will warn you if your web server accepts SSLv3 connections.

Drupal Core – Highly Critical – Public Service announcement – PSA-2014-003

  • Advisory ID: DRUPAL-PSA-2014-003
  • Project: Drupal core
  • Version: 7.x
  • Date: 2014-October-29
  • Security risk: HIGHLY CRITICAL 


Last week Drupal announced that there had been “automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.”

WARNING: Simply updating to Drupal 7.32 will not remove backdoors.

If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.

Data and damage control

Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.

Take a look at their help documentation, ”Your Drupal site got hacked, now what”


Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.

Removing a compromised website’s backdoors is difficult because it is not possible to be certain all backdoors have been found.

The Drupal security team recommends that you consult with us but we can say that we have not applied any patches on behalf of customer sites or have cause to block any SQL injection attacks at the time of the announcement on Oct 15th, 4pm UTC. Their advice, you must restore your website to a backup from before 15 October 2014. While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch.


ColdFusion Security Bulletin APSB14-23

Security Update: Hotfixes available for ColdFusion

Release date: October 14, 2014

Vulnerability identifier: APSB14-23

Priority: See table below

CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572

Platform: All Platforms


Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.  These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator.  Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes. 

Affected software versions

ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms. 


Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb14-23.html

Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown GuideColdFusion 10 Lockdown Guide and  ColdFusion 9 Lockdown Guide.

Priority and severity ratings

 Adobe categorizes these updates with the following priority ratings and recommends users update their installations to the newest versions:


ColdFusion Version Hotfix Version Platform Priority rating
11 Update 2 All 2
10 Update 14 All 2
9.0.2 Update 7 All 2
9.0.1 Update 12 All 2
9.0 Update 13 All 2

These updates address important vulnerabilities in the software.


Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.  

These hotfixes resolve a cross-site request forgery vulnerability (CVE-2014-0570).

These hotfixes resolve a cross-site scripting vulnerability (CVE-2014-0571).

These hotfixes resolve a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions (CVE-2014-0572).


Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

End of SSL 3.0 as POODLE attacks.

SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information

Back at the end of September, a team at Google discovered a serious vulnerability in SSL 3.0 that can be exploited to steal certain confidential information, such as cookies. This vulnerability, known as “POODLE”, is similar to the BEAST attack. By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.

Any website that supports SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a behavior of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

Google’s security team has recommended that systems administrators simply turn off support for SSLv3 to avoid the problem. But this will mean that some users trying to connect securely to a web server using SSLv3 will have trouble connecting if they’re using a client that only supports this protocol.



IMPORTANT NOTICE: There is no patch or update available to fix it in windows and Linux, but it is possible to disable SSLv3 on both the VM platforms by modifying registry in windows and config file in Linux.



ColdFusion security hotfixes for version 9-11

Adobe released security hotfixes today classified as “important” to address a XSS, CSRF, and authentication issue in CF administrator: http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html

This update also includes updated web server connectors for both IIS and Apache on ColdFusion 10. ColdFusion 11 connectors do not appear to be updated since ColdFusion 11 update 1 (last month).

We will be updating our WebsitePanel shared hosting servers and any customers with fully managed servers.

Un-managed customers or those with only Basic management will need install the update themselves.

Legacy HELM systems will NOT be updated.


End Of Life Notice for ColdFusion 9

Hello lovely customers


We have some news for those of you who use ColdFusion 9.

ColdFusion 9 is coming to end of it’s life, and will stop being supported by Adobe on the 31st December 2014. In practice this means Adobe will no longer care for this software at all, it’s security vulnerabilities will never be fixed, ever, and websites running it will be left vulnerable.

Websites running on ColdFusion 9 (or indeed any version below 9 which is also no longer supported) will become easy bait for hackers who may be able to leverage any unplugged vulnerability to get into the website, plant whatever code they fancy into it, and generally do whatever other nasty things they want to do with your website. I’m sure you can appreciate this isn’t ideal.


The good news – we can offer you cost effective migration to a FREE alternative


There may however be good news for some, as we can migrate your website to an open source, more secure, and FREE alternative CFML engine called Railo.

Depending on the complexity and installation of your website, the migration fee could be as little as your monthly ColdFusion subscription. Also, as Railo is free, you would no longer be tied into any contract  or have to worry about upgrade costs (whoop whoop).

Give us a call for a free consultation with our experts, so we can work out whether your site will work on Railo, and give you a quote for the migration.

For those of you who are dedicated to Adobe and have dedicated hosting, you can upgrade your ColdFusion to 10 or 11, but bear in mind these will reach EOL and lose their Adobe lovin’ in 2017 and 2019 respectively.  You can upgrade to the latest version through Adobe, or give us a call and we can sort it out for you.


A bit more about Railo


Just like ColdFusion, Railo is a CFML engine that runs webpages written in the CFML language.

Railo is simply the open source solution whereas ColdFusion is the commercial solution.

Railo is perfectly capable of running the vast majority of ColdFusion sites with little or no changes. We have even found that in most cases, sites migrated from ColdFusion to Railo actually run better, requiring less fixes and sometimes none at all. Railo also has far fewer security issues and bugs than ColdFusion.

Because Railo is FREE, we can keep all our servers up to date with the latest version, making them more secure and giving you all the latest features and functionality at no extra cost.

Railo also has the added advantage of giving every single website its own web admin (equivalent to the ColdFusion admin), allowing customers to manage all their own settings such as mappings, data sources and smtp servers without having to contact us. For more information on Railo please visit www.getrailo.org.  

If you are interested in switching your site to Railo, or even PHP such as WordPress, then we are ready and waiting to help you do so please Contact us through our website, or by phone: 0845 468 2369