News Items

Current, Recent and Sticky News Items.

New Method of Pre-Delegation Access to Services

Because of the clumsiness and inherent security risks associated with cPanel's default method of providing pre-delegation access to services, GCom Internet has coded and implemented an in-house solution to provide a cleaner and more secure method of accessing services for clients with domains not yet delegated to our DNS servers.

For specific information related to this new feature, please see...

faq/800920.html

Due to the provision of this new method of pre-delegation access, the default cPanel method of providing temporary access to services will now be phased out. Please see the news article immediately below.

Removal of Default cPanel Temporary Access Method - 23rd June

Because of the provision of our new method of pre-delegation access to all hosting clients' services as detailed immediately above, the default cPanel method of providing temporary access to services will now be phased out.

Details of the deprecated temporary access method are available at...

faq/514614.html

The default cPanel temporary access method will be completely disabled after 23rd June, and clients should instead implement processes in line with the new method of pre-delegation access detailed at...

faq/800920.html

Increased LVE Process Resources - 28th May

With the completion of migrating all GCom Apache hosting servers to the Event Multi-Processing Module as notified in the news item immediately below, we have now also increased the process resources of all hosting clients' virtual environments.

Entry processes, physical memory, PHP memory_limit, CPU and disk I/O (sustained and burst) have all been increased between 25% and 300%.

It is important that site administrators do not regard this increase in resources as a reason to neglect keeping site coding and configuration tight and efficient for a shared hosting environment. Normally, well coded sites should very rarely reach their LVE resource limits.

Please note that it is normal for cPanel resource graphs to look fractured over any period where both the old and new resource limits apply.

Apache Event MPM Migration - 23rd May - 28th May

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

Over the period 23rd May to 28th May, we will be migrating all GCom Apache hosting servers to the now stable Event Multi-Processing Module.

This migration should cause no downtime for hosted sites, and will automatically benefit all users with reduced resource usage.

Information regarding the nature and benefits of the mpm_event_module can be found at...

https://httpd.apache.org/docs/2.4/mod/event.html

cPanel Interface Upgrade - 25th February - 11th March

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

Over the period 25th February to 11th March, we will be performing upgrades of the now deprecated cPanel X3 interface to the new Paper Lantern interface on all our public hosting servers.

Although the interface has changed greatly between X3 and Paper Lantern, the overall functionality remains generally the same. However, one notable exception is that the new interface now refers to domain parks as domain aliases, which better describes the true nature of the function.

Outdated Software Exploitation

World wide scanning and exploitation attacks on outdated WordPress, Joomla, Drupal and other CMS and general applications have greatly increased recently.

For their own security, all hosting clients are reminded that they are required to keep all installed applications up to date with the latest stable version of the package as per our hosting policies

As at the time of this posting, the current versions of some common applications are...

  • WordPress 4.7
  • Joomla 3.6.5
  • Drupal 7.5.3
  • Concrete 5.7.5.11
  • Mambo 4.6.5
  • osCommerce 2.3.4

For any other applications running on your site, please check directly with the distributor of the package for the current version, and update accordingly.

If you need any assistance with this process, please be in contact with your web developer or local IT support staff.

Free Comodo SSL/TLS DV Certificates

As of today, 14th September, GCom Internet will begin the roll-out of the free generation, approval and installation of Comodo SSL/TLS Domain Validated (DV) certificates for all domains and subdomains of all hosting clients across all our public hosting servers.

For specific information related to this new feature, please see...

faq/547178.html

All clients with existing SSL/TLS certificates will now have their future renewals performed for free. If any existing SSL/TLS clients would also prefer to move from a dedicated IP to SNI to save the monthly fee for a dedicated IP, please simply email us a notification from your Administrative and Billing Contact (ABC). For more information related to SNI, please see the external article at https://en.wikipedia.org/wiki/Server_Name_Indication.

Because of this addition of free Comodo SSL/TLS certificates as standard for all current and new hosting accounts, our legacy shared SSL system will now be phased out. Please see the news article immediately below.

Removal of Legacy Shared SSL - 30th September

Because of our new free provision of Comodo SSL/TLS Domain Validated (DV) certificates to all hosting clients as detailed immediately above, our legacy shared SSL system will now be phased out.

Details of the deprecated shared SSL method are available at...

faq/103192.html

Any clients relying on the shared SSL system to provide encryption to their visitors should now modify their code to use https:// access via their own domain name and personal Comodo SSL/TLS certificate.

The legacy shared SSL system will be completely disabled after 30th September.

PHP Upgrades - PHP 5.5 End of Life - 4th July - 10th July

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

We will be performing major upgrades on all our PHP 5.5 stream servers to version 5.6.22 over the period 4th July to 10th July.

We again strongly recommend that all hosting clients make themselves familiar with the information provided in the following PHP articles...

http://php.net/manual/en/migration56.php

http://php.net/manual/en/migration56.incompatible.php

http://php.net/manual/en/migration56.deprecated.php

As PHP 5.6 is also rapidly approaching end-of-active-support, we additionally recommend careful investigation of the following PHP articles in anticipation of the eventual upgrade of all servers to PHP 7.0...

http://php.net/manual/en/migration70.php

http://php.net/manual/en/migration70.incompatible.php

http://php.net/manual/en/migration70.deprecated.php

http://php.net/supported-versions.php

PHP allow_url_fopen Permanently Disabled

For many years now, it has been a basic tenant of server security that PHP's allow_url_fopen should not be enabled on production servers. This has always been the position of the PHP Security Consortium, as detailed at...

http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html

Although our hosting policies disallow any PHP application which requires allow_url_fopen to be enabled, we have trialled allowing exceptions to that policy since April, 2015. However, because of the ongoing risks caused by missing or incomplete sanity checks in users' self-coded PHP applications, and also due to poor coding practices evident even in some distributed applications such as...

https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/

...we can no longer allow any exceptions to this policy. PHP's allow_url_fopen will now be permanently disabled, without exception, on all our public hosting servers, just as allow_url_include has always been.

If users have any legacy applications affected by allow_url_fopen being disabled, they should immediately upgrade their applications, or manually convert their old code to a curl implementation. A good reference which explains this simple process can be found at...

http://www.radwin.org/michael/2003/07/03/php_libcurl_example/

Users should be in touch with their web developer or local IT support provider if they need further information or assistance.

System and Application Upgrades - 10th May - 15th May

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian email access clients.

GCom Internet will be performing combined system and application upgrades across all our Australian hosting servers over the period 10th May to 15th May.

This process will require several brief downtimes for various services on each server as the upgrades are performed. We will be performing the upgrades during the quietest time of day with respect to each server.

Google Chrome AuthName Feature/Bug

A new feature/bug is becoming increasingly encountered by users of the latest release of the Chrome browser as detailed at...

https://productforums.google.com/forum/#!topic/chrome/uMMFajaOWX8

This is causing difficulty for WordPress administrators using Chrome to log in to their wp-login.php interface through our Bot Protection Layer as detailed at...

faq/704121.html

Until new Chrome code is released to correctly handle the AuthName value, we will need to keep our Bot Protection Layer disabled on all public hosting servers.

As always, all WordPress users are strongly advised to include brute force protection in their installations. For general information related to standard options for WordPress, please see...

https://wordpress.org/plugins/search.php?q=brute+force

System and Application Upgrades - 3rd February - 7th February

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian email access clients.

GCom Internet will be performing combined system and application upgrades across all our Australian hosting servers over the period 3rd February to 7th February.

This process will require several brief downtimes for various services on each server as the upgrades are performed. We will be performing the upgrades during the quietest time of day with respect to each server.

Concrete5 5.x / Apache 2.4.17 Conflict

A conflict with Apache 2.4.17 currently exists in all Concrete5 5.x installations.

Visitors to Concrete5 sites will encounter "Page Not Found" errors when clicking on menu items and page links when both of the following two conditions are true...

  1. The "Pretty URLs" option is enabled within Concrete5
  2. The web server is running the current version of Apache 2.4.17

Until corrective software updates are available, two alternative solutions exist for the problem...

  1. Disable the "Pretty URLs" option within Concrete5
  2. Add the following line to the Concrete5 config/site.php file
define('SERVER_PATH_VARIABLE', 'REQUEST_URI');

At this stage, the latter option appears to be the most suitable as it retains existing URI references consistent with search engine listings.

*** IMPORTANT ***

To allow client sites to operate normally for visitors, we have already applied this patch to all Concrete5 installations found on our hosting servers.

No further action should be required by site managers unless they overwrite the existing config/site.php files. If that occurs, the patch will need to be manually reapplied to the file.

All clients with Concrete5 installations are also advised to keep their applications up-to-date with the latest available version at all times. For Concrete5 version information, please see...

http://www.concrete5.org/documentation/background/version_history/

PHP Upgrades - PHP 5.4 End of Life - 17th October - 25th October

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

We will be performing major and minor upgrades on all our PHP 5.4 and 5.5 stream servers to version 5.5.30 over the period 17th October to 25th October.

Because PHP 5.4 has reached end-of-life and is no longer receiving security updates, it is now unsuitable for use in production environments.

We again strongly recommend that all hosting clients make themselves familiar with the information provided in the following PHP articles...

http://php.net/manual/en/migration55.php

http://php.net/manual/en/migration55.incompatible.php

http://php.net/manual/en/migration55.deprecated.php

As PHP 5.5 is also rapidly approaching end-of-life, we additionally recommend careful investigation of the following PHP articles in anticipation of the eventual upgrade of all servers to PHP 5.6...

http://php.net/manual/en/migration56.php

http://php.net/manual/en/migration56.incompatible.php

http://php.net/manual/en/migration56.deprecated.php

http://php.net/supported-versions.php

Apache Web Server Upgrades - 14th September - 19th September

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian email access clients.

GCom Internet will be performing Apache 2.2 to Apache 2.4 upgrades across all our Australian hosting servers over the period 14th September to 19th September.

This process may result in a brief downtime on each server as the upgrades are performed. We will be performing the upgrades during the quietest time of day with respect to each server.

DNS and Hosting Servers Archival Snapshot - 5th August

GCom Internet will be performing a one-off archival snapshot of all Australian DNS, administration and hosting servers from around midday on 5th August until mid to late evening.

No DNS zone changes, new hosting orders or hosting modifications will be processed while the backups are in progress.

All support tickets received during this period will be queued and processed after the backups are complete late on 5th August.

Google Chrome https Feature/Bug

A new feature/bug has been widely encountered in the current release of the Chrome browser as detailed at...

http://www.code.google.com/p/chromium/issues/detail?id=505268

This is causing difficulty for visitors to some web sites when they are using the affected browser. The problem is encountered particularly with sites using an installation of the WordPress WooCommerce plugin prior to version 2.3.13, as discussed at...

https://wordpress.org/plugins/woocommerce/changelog/

All clients with WooCommerce installations should immediately upgrade to the current version, or remove the installations entirely if no longer required.

Security Patches and Server Reboots - 3rd July

Due to a recently exposed vulnerability in the CloudLinux CageFS code, GCom Internet will be performing a system upgrade on all our hosting servers in the early hours of 3rd July.

This process will require a reboot of all hosting servers, and will result in a few minutes of downtime for all hosted services during the night.

Server Cluster Upgrade - 9th June

GCom Internet will be performing an upgrade of one of our server clusters starting at 11:00 AM on 9th June.

This process will have no impact on existing end-user services, but no hosting orders or DNS zone changes will be processed while the upgrade and associated data migration is in progress.

All new orders and DNS zone changes will be held over until the process is complete in the afternoon of 9th June.

Server Backups to Amazon S3 - 16th May - 17th May

GCom Internet will be performing an initialisation of additional and redundant backups held within the Amazon S3 network over the period 16th May to 17th May for all servers.

This process will have no impact on existing end-user services, but no email or hosting orders will be processed while the initialisation is running.

All new orders will be held over until the process is complete on 17th May.

System and Application Upgrades - 24th April - 26th April

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian email access clients.

GCom Internet will be performing combined system and application upgrades across all our Australian hosting servers over the period 24th April to 26th April.

This process will require several brief downtimes for various services on each server as the upgrades are performed. We will be performing the upgrades during the quietest time of day with respect to each server.

New Standard and Advanced Hosting Plans

GCom Internet has recently released two new hosting plans which complement rather than replace our legacy Gold and Platinum plans. Although we will not be accepting new orders for Gold or Platinum hosting, we will be keeping the legacy plans operational indefinitely for existing clients.

The new Standard and Advanced plans provide two or three times the bandwidth and disk space resources of our legacy plans, but with no increase in price. However, there are new limits imposed on the total number of mailboxes and the per mailbox maximum disk quota under the new plans.

For details of the new plans, please visit our hosting plans page.

If you would like your existing Gold or Platinum hosting to be cross-graded to one of the new plans, please log in to your cPanel to ensure that all of your existing email accounts have a disk quota set specifically to 250MB or less, and then drop us an email from your recorded Administrative and Billing Contact (ABC) email address authorising the change of plan.

Please note that each of your configured email accounts must have a set value for the disk quota. They cannot be set to "∞".

In most cases, you will receive much greater resources for no additional cost on the new plans, and in the case of legacy Platinum accounts, you may be able to halve your monthly hosting fee by cross-grading to the new Standard plan.

We hope to hear from you soon.

PHP Upgrades - PHP 5.3 End of Life - 12th March - 22nd March

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

We will be performing major and minor upgrades on all our PHP 5.3 and 5.4 stream servers to version 5.4.38 over the period 12th March to 22nd March.

Because PHP 5.3 has reached end-of-life and is no longer receiving security updates, it is now unsuitable for use in production environments.

All legacy PHP 5.3.29 servers will now be upgraded to 5.4.38.

We again strongly recommend that all hosting clients make themselves familiar with the information provided in the following PHP articles...

http://php.net/manual/en/migration54.php

http://php.net/manual/en/migration54.incompatible.php

http://php.net/manual/en/migration54.deprecated.php

As PHP 5.4 is also rapidly approaching end-of-life, we additionally recommend careful investigation of the following PHP articles in anticipation of the eventual upgrade of all servers to PHP 5.5...

http://php.net/manual/en/migration55.php

http://php.net/manual/en/migration55.incompatible.php

http://php.net/manual/en/migration55.deprecated.php

http://php.net/supported-versions.php

Termination of Dialup Services - 31st March

This item affects only the few GCom Internet clients still using dialup internet access.

At the end of March, 2015, GCom Internet will be removing our remaining local and national dialup lines, and terminating our dialup internet access product.

Dialup internet access is now a truly outdated product, and only a few GCom Internet users still have active dialup accounts. The cost for us to provide dialup services, along with the poor relative value of dialup for the end-user when compared with broadband connections, now makes the product unreasonable to continue.

We've enjoyed supplying dialup access to our users for many years, but for quite some time we've been funding the considerable cost of providing the product with profits from other sides of our operations, and the time has definitely come to finally terminate the product.

The removal of dialup access will have no impact on our core services of web and email hosting, and GCom Internet clients' email accounts will continue unaffected, although all email addresses will now simply be invoiced on a flat rate of $3.50/month per address.

We apologise for any inconvenience caused to our remaining dialup users, but assure you that you will be much better served using a modern broadband connection.

Tim Thumb - End of Life

The timthumb.php image manipulation utility has been generally regarded as a dead product with critical security issues for a while now. For the most recent background information, please see...

http://cxsecurity.com/issue/WLB-2014060134

http://www.binarymoon.co.uk/2014/09/timthumb-end-life/

Despite being listed as a banned application in our hosting policies, we're still encountering instances of existing and new clients running non current versions of the package on their sites. Accordingly, we've now forcibly upgraded all instances of timthumb.php to the current (and probably final) version of the package on all our shared hosting servers.

Cllients should urgently remove their reliance on the application, as any further vulnerability and exploit occurrences will very likely result in its permanent blocking network-wide on all our servers.

Web Folder Index Listing Security

Due to a current exploit relying on the ability to access raw file listings in web folders without index.html or other suitable default index files being present, we've changed the default index listing behaviour on all our shared hosting servers.

Previously the default was to allow raw file listings in any web folders where users did not specifically set protection on their folders. However, now the network wide default is to disallow raw file listings in web folders.

In the rare cases where such access is genuinely required, users can reactivate the raw file listing behaviour for specific folders by way of the "Index Manager" icon in the "Advanced" group of icon in their cPanel, or via an appropriate .htaccess directive.

Please think carefully before taking such action, and do so only on a folder by folder basis as required. In almost all cases, there are better and more secure alternatives to simply allowing visitors to directly examine your internal web file structure.

PHP4 - End of Life

At the end of 2007, the PHP development team announced that support for PHP 4 had officially ceased, although critical security fixes could continue to be made available on a case-by-case basis until August, 2008.

We've continued legacy support for the product for many years longer than that, but support for PHP4 has now been permanently discontinued on all our public hosting servers.

Microsoft FrontPage - End of Life

Microsoft officially terminated their FrontPage web development product in 2006, and we originally set December, 2006 as the advised target date for end users to work around any reliance on the discontinued product.

We've continued legacy support for the product for many years longer than that, but support for FrontPage extensions has now been permanently discontinued on all our public hosting servers.

Removal of Autoresponders - 4th December - 8th December

During the period from 4th December through to 8th December, GCom Internet will be disabling all autoresponders currently active in client accounts on all our Australian and USA shared hosting servers. This feature will no longer be available to shared hosting accounts.

This has become necessary due to clients leaving autoresponders in place for extended periods of time, and allowing them to respond blindly to all incoming email including spam and phishing type items with false reply-to addresses.

We regret any difficulty this decision may cause to those few users with active autoresponders in place, but the risk of having our servers blacklisted due to blind autoresponders has become too great for us not to take this action for the benefit of our clients as a whole.

Application Bot Protection Layer Installed

In April, an unprecedented worldwide bot driven attack was initiated against WordPress sites. The attack hits sites at a massive rate, attempting to brute force administrator passwords. Apart from the security risk to the sites themselves, the ferocity of the attack is such that it effectively represents a DDOS attack on the hosting servers. The attack is often levied from tens of thousands of IP's.

After coding and testing a number of mitigation solutions to deal with the learning and evolving nature of the attack, we eventually settled on a front end CAPTCHA challenge which we've installed to protect all wp-login.php accesses. When users now access their WordPress administrator login, they are first presented with a CAPTCHA challenge dialogue. The instructions contained in the dialogue supply an alphanuma string to be entered as a user name, and a simple number sum to be entered as a password. These values need to be manually entered as a first layer protection for all WordPress administrator logins. The user name and password values will be changed from time to time as required for effectiveness.

General opinion is that similar attacks will eventually be levied against other popular CMS and related applications, and we will add this top layer CAPTCHA challenge protection to other applications as required.

Scroll