VPN Servers Offline Temporarily

Due to the recent and well publicized Heartbleed openSSL security threat, we have taken offline one of our VPN servers which was susceptible to this vulnerability (vpn.myhostcontrols.com). This is being rebuilt/replaced with a newer version of the software which is not susceptible by the OpenSSL vulnerability.

During this time customers will not be able to connect using their original login details.  Please open a support ticket to obtain temporary login details on one of our alternate VPN servers.

Customers using vpn.lnc.net are not currently affected, however connections may be sporadic  and may drop due to the increased level of hack attempts against software/servers which hackers believe to be vulnerable.

 

Less than 1 week left until Windows XP is no longer supported

Three quarters of UK businesses ‘still running Windows XP’

A huge number of organisations are still using Windows XP and once Microsoft stops supporting it next week, they are going to find themselves with gaping security holes.

What end of XP support means for you

  • XP users will be at risk from new viruses and malware
  • Businesses still using XP could potentially fail compliance or audit checks as they will be using an unsupported operating system
  • Research shows that XP machines could be responsible for up to 40% more unscheduled downtime and cost 1.5 times more in maintenance costs than newer devices
  • All XP machines will be vulnerable to security risks and viruses after 8th April – this also includes Windows 7 devices when XP mode is being run
  • Click here to read Microsoft’s blog about the risk of running XP after support ends

All users should be upgrading to Windows 7 or 8 now if they have not already. We would recommend Windows 7 to most customers as it still has a familiar interface and works much the same as Windows XP, whereas Windows 8 is vastly different in the way it works and looks and is aimed at touch screen devices.

 

BTI-V1 server maintenance Schedule

Hello,

We will be installing some much-required security updates on one of our hypervisor servers. This will necessitate

a restart after completion. Unfortunately, this also means that servers and services hosted on the server will also

be affected. We would not be performing this exercise unless absolutely necessary.

This will be taking place on Saturday 5:30 PM (UTC) and services will be down or show intermittent errors for

3 to 4 hours after.

We appreciate your patience and we will update further if there are any issues.

 

Update : 5:50 PM

Hello,

A required security updates have been installed on one of our hypervisor servers. The services and servers hosted on the server are now online. The servers and services hosted on the server being down for approximately 30 minutes.

We appreciate your patience.

Server Outage Today 05/02/2014

We are currently experiencing an issue with one of our hypervisors which is affecting several dedicated and shared hosting systems. Engineers have been alerted and are investigating the issue.  

UPDATE: 11:04 Engineers are on site replacing Hardware parts of the Hypervisor. We expect systems to start coming back online shortly as we start re-instaing the Virtual servers one by one. 

UPDATE: 19:54

The cause of todays issue was motherboard failure on BTI-V2, a rare occurance but hardware failure is inevitable on all servers at some point. As a result all the VM’s have now been moved to a new hyper-visor DRAAL-V27
Unfortunately the task  took several hours, so several servers were down during the day as a result and we apologize for any inconvenience this has caused.
the effect on shared hosting was minimal and only vindrizi-w2 (mysql) was directly affected, so would have affected any site with a mysql database on this server, which would only be customers on WebsitePanel.
This would have also unfortunately had a knock on effect on other  coldfusion sites not using MySQL on vindrizi-w2 due to the way CF works. this is because the affected sites cause hanging requests which then means unaffected sites become queued behind the hung requests and then timeout. Unfortunately there is no way to avoid this with CF due to the fact it runs as a service and not a process so sites impact each other more drastically than PHP or ASP sites.

Important Security Patch available for Mura CMS – Update Now!

If you run a website built with MURA CMS then we recommend you read the following announcement from the Mura blog and update your site accordingly.

http://www.getmura.com/blog/important-security-patch-available-for-mura-cms-update-now/

IMPORTANT UPDATE FROM BLUETHUNDER DOMAINS and ICANN

 Following another successful year for our customers, BlueThunder has grown and recently acquired loudex.net, as a result the number of its domains under management by almost 300%.  As part of this acquisition we decided to retire Bluethunderdomains.net and merge it with loudex.net, which we feel is a better domain and brand name.

Don’t worry the control panel you have become accustomed to over the years has not changed, all the navigation, menus and functionality remains the same, only the name has changed. The portal itself will also receive a facelift over time, but this will not change the overall functionality.

Part of the reasoning behind our decision was due to the big changes which are happening in the industry that were initiated by the global authorising body last month as they issued new regulations and procedures in the ICANN 2013 Registrar Accreditation Agreement. I am now able to share this information with you and what affect this will have on some of you who use any “I.T. managed domain services” and have a 3rd party as the domain Admin, Technical or Billing contact, you will need to change this.

Please read this announcement carefully.

 

VALIDATING REGISTRANT E-MAIL ADDRESSES

From January, the registrant contact will need to be validated upon the purchase or transfer of a domain name or if the registrant’s first name or last name has been modified. Should any of these occur, BlueThunder will send an email requiring an affirmative response from the registrant. If we do not receive an affirmative response from the registrant within 15 days, it will result in the name being suspended for a further 14 days before it is placed back on the market for sale. The name will can only be placed on ‘Hold’ status for a further 14 days but the most significant issue this will cause is; if the domain is being used it will take the domain and any related services such as email, SSL and websites offline.
 

If a registrant has already validated their contact information, this process will not be initiated. 

The same validation process must also take place for WHOIS Data Reminder Policy (WDRP) notices, 30 day expiration notices or 5 day expiration notice bounces. It will therefore be of the utmost importance to ensure the WHOIS data is accurate, up-to-date at all times. For those of you new to the control panels at our domain company Loudex (formerly BlueThunder Domains) we have hundreds of video and KB tutorials explaining exactly what you need to do, plus our team are on hand to give advice. 

 

In order to ensure this process is as easy to manage as possible in January we will introduce a number of new alerts including registrant validation and reminder emails (no these genuinely are not SPAM) which will be sent 5, 10 and 134 days after the validation process is triggered. You can opt out of these if you don’t want to receive them but if you do, you must remember to take this action off your own back or risk having services go offline. 

 

ICANN WEBSITE REQUIREMENTS 

ICANN now requires that registrars (which is US) list new information on their websites which, if you are interested, is explained in more detail from these links. 
 

 

Thank you for your continued business and support.

 

Sincerely, 

 

Robert Edsell
Chief Executive

Support for legacy versions of ColdFusion to be discontinued

As most folks have undoubtedly heard by now, the number of hacks against vulnerable ColdFusion servers has increased exponentially, including high profile  breaches such as the Department of Energy and Washington state’s court. This article by Information Week goes into more detail.

This of course means that any servers running older versions of ColdFusion will remain vulnerable to attack indefinitely as there will never be any new patches or updates to fix those vulnerabilities. If your website is running on a legacy version of ColdFusion then it is at risk and will continue to be so.

LEGACY = any version of ColdFusion before Version 9.

Earlier this year in a previous post we let customers on the legacy servers know that we would be discontinuing support for older versions of ColdFusion, primarily for security reasons, and as we migrate customers off our old HELM systems that we will only be supporting ColdFusion 9/10 onward. We were however finding after 6 months that most customers still had not taken any action to test or update their websites on newer versions of ColdFusion, so we extended the deadline and delayed our migrations.

Why should we upgrade?

One other response we have received from some customers is “we do not want to update our site and incur any costs, so we will just move to another host that still support ColdFusion 5/6/7/8 ”.
While we understand it can be frustrating to have to update a website which for all intents and purposes appears to still be working fine, moving to another host will not solve the security issues, it will simply prolong the inevitable. Please be aware that the vulnerabilities affect any server with any host running legacy versions of ColdFusion, and while there may well be some hosts out there who will continue to offer these legacy versions they are doing so out of complete ignorance or negligence. 

We are however taking this pro-active action not only to protect ourselves but also to protect our less tech savvy customers from having their websites hacked and used as phishing/scam websites. Unfortunately these types of hacks can go unnoticed for months by the website owners, by which point your website may have been used to scam or spread malware to thousands of unsuspecting visitors.

Consider this analogy:-

Your house is extremely insecure, it has single glazed windows and doors with no locks, the bricks are so loose they can be removed and there is no alarm system. Your insurance company tells you that they cannot provide you with any contents insurance on this house due to the complete lack of security. The only solution is to get a better more secure house, but moving to a new house that had exactly the same issues would not solve your problems and would put you back in the same situation expect it would have cost you considerably more time and money.

Moving to a host with the exact same CF version = the exact same problem.

What can we do to help ?

We also understand that many customers do not have the technical skills or knowledge to address this issue, but fear not as we do have all the required skills and knowledge and there are several solutions we can offer;

1. Site rebuild

We have found that many customers with legacy (old) websites  actually have quite a few other security issues with their site also, such as SQL injection, form spamming, etc. While ColdFusion may have been a great solution at the time the site was originally built, it can be rather overkill now for a simple site when there are many off the shelf open source solutions that will do exactly what you need at no cost. Also  many common website hacks have become common place since your website was first built which it is now vulnerable to (the same would also be true of sites built in ASP or PHP or any other languages, not just ColdFusion). In many cases we have found that we can rebuild simple websites using  something like WordPress in less time than it would take to test and fix the site in a new version of ColdFusion, often we can do this in 1 way.
This has other added advantages.

  • WordPress is FREE and open source
  • WordPress has thousands of FREE plugins to add additional functionality to your website.
  • WordPress gets updates regularly to address any bugs or security issues, you can easily apply these updates yourself or ask us to do it for you.
  • WordPress has thousands of templates to choose from, giving you the chance to refresh your website design as well and make it compatible with mobile devices.
If your site is not a simple flat site (i.e has a CMS system or custom functionality) and you need a more comprehensive rebuild, such as a FULL content management system, then we can aid with this also.

2. Upgrade to new CF version

We can test your site on the latest version of CF and make sure it works correctly, as well as fix any other security issues we may find, and then migrate you to our new servers.

3. Upgrade/Switch to Railo

Railo is a FREE open source alternative to ColdFusion which has various benefits, such as.

  • None of the current ColdFusion security issues
  • Every customer gets their own Railo admin so can manage their own settings and data sources etc without having to contact us.
  • Supports plugins and application extensions
  • You could switch to dedicated hosting without the associated license costs of ColdFusion
  • Bugs get fixed far more quickly
  • All settings can be stored locally within your site and thus transposed between servers and hosts.

We can test your site on Railo and fix any issues and migrate to our new servers. In most cases we have found that old legacy sites will run on Railo with little or no changes, and often with less changes than are required to get it working on a newer version of ColdFusion.

 

If you would like  to speak with us in advance of your migration to discuss your options  further or obtain a quote then you can call us on 0845 468 2369 or complete the contact form on our website.

Fixing slow ColdFusion apps – webinar Tue 11/12/13 1pm EST

Are you running your ColdFusion apps with the hand brake on? 

I remember the last time I drove a car with the hand brake on by mistake. We didn’t go fast, the ride was jerky for the passengers and a strange smell started to fill the car. Eventually I slapped my forehead and realized that there was no point pressing the gas harder until I fixed the problem with the hand brake…

Slow ColdFusion code

  • Are your ColdFusion applications running slow? 
  • Do certain pages seem to be stuck in a tar pit? 
  • Are your users complaining or defecting to other sites?

Many users will leave a slow loading site and Google has said that it includes page speed as part of its search ranking.
Additionally slow pages can drag down an otherwise good performing server, potentially causing crashes.

In this webinar you will learn about ColdFusion functions and tags to avoid if you want fast code. Common coding mistakes that slow down apps. And we will dig deeply into the caching and performance functionality built into ColdFusion to dramatically increase the performance of your web applications. From developing for performance to caching for performance, this session will teach you all the tips and tricks you can use every day in your ColdFusion development. 


The presenter is Denny Springle

Denny
Denny has over 20 years of progressive IT and software engineering experience working in numerous development languages including Perl, Java, HTML, Javascript, AJAX, ActionScript, and CSS with a primary focus over the last decade on ColdFusion development.

He is an Adobe Community Professional and has spoken at many user group meetings and conferences. 
 

Title: Fixing slow ColdFusion apps
Date: Tuesday, November 12, 2013
Time: 1:00 PM – 2:00 AM EST
After registering you will receive a confirmation email containing information about joining the Webinar.
System Requirements
PC-based attendees
Required: Windows® 8, 7, Vista, XP or 2003 Server
 
Mac®-based attendees
Required: Mac OS® X 10.6 or newer
 
Mobile attendees
Required: iPhone®, iPad®, Android™ phone or Android tablet
 

Space is limited.
Reserve your Webinar seat now at:
https://www4.gotomeeting.com/register/725642727

CFMAIL Keep sessions alive

ColdFusion 9.0.1  -  Bug 3369472

Today Adobe has just released a statement about a bug in CFMAIL. If you are using CFMAIL settings in your website or application code please read this carefully.  

Problem Description: when using CFMAIL and specifying an smtp server, username and password, the spool manager does not consider the username/password when the keep mail connection check box is checked in administrator.

Steps to Reproduce: Setup 2 cfmail based on a query with 1000+ records. set both cfmail tags to the same SMTP server, but use a different username/password for each… example tag 1: smtp.gmail.com username: user1@gmail.com password:user1password, tag2: smtp.gmail.com username: user2@gmail.com password:user2password

Actual Result: You will find that when “keep connection alive” is checked, it is entirely possible for emails from user2 to be sent through user1′s account.

Expected Result: User1′s emails sent only through user1′s account and user2′s emails be send through their account.

Workaround

We have not tested this ourselves but the forums suggest the following workaround. In your DNS, create a CNAME to point to your SMTP server addresses so that both websites were looking at different domain names rather than the same one. The unique domain name is enough to force Coldfusion to create a new connection rather than use the same one.

 

Configuration

Hardware and Environment details: App and OS, English Windows Svr 2006 x64, All browsers

FREE Google Apps for non profits now available to UK organisations

We are pleased to be able to pass on the news that Google Apps for non profits (which is free) is now available in the UK too.

BlueThunder has always been a supporter of non profit orgs and we help where we can by offering discounted or even FREE services to our non profit clients as well as advice and consulting if required.
With Google Apps non profit, such organisations can now have email, document sharing, cloud storage and much more for FREE.

We encourage all non profit orgs to sign Up Here

If you would like help to setup or migrate over to Google Apps then please contact us.