News Items

Current, Recent and Sticky News Items.

PHP 8.0 Installation Delay

PHP 8.0 is now supported by cPanel, but we do not yet consider it ready for production use.

In particular, Imagick, the native PHP extension for using the ImageMagick API, is not yet available for mainstream inclusion within the PHP 8.0 version. More information is available at...

https://github.com/Imagick/imagick/issues/358

Until PHP 8.0 is found to be fully production ready, we will delay its installation on all our public hosting servers.

However, in anticipation of the eventual installation of PHP 8.0 on our servers, clients should make themselves familiar with the information provided in the following PHP articles...

https://php.net/manual/en/migration80.php

https://php.net/manual/en/migration80.incompatible.php

https://php.net/manual/en/migration80.deprecated.php

For further information, please refer to the following article...

Managing MultiPHP Versions

Rotation of /home/*/logs/*.php.error.log

We have noticed that most developers are never rotating their php.error.log files, and are instead allowing them to increase indefinitely, even up to gigabyte sizes.

Today, all existing php.error.log files have been backed up and restarted, and will now be rotated on the first of each month.

Monthly rotations will be created as php.error.log.1, php.error.log.2 and php.error.log.3 for month - 1, month - 2 and month - 3 respectively.

If clients require php.error.log data older than three months, they should now create their own additional retention/rotation routines.

Removal of External Forwarders

For background information, please refer to our past news items of 31st August, 2020, 17th August, 2019 and 25th February, 2017 at...

Update - Deprecation of External Forwarders

Reminder - Deprecation of External Forwarders

Deprecation of External Forwarders

External forwarders have been deprecated on all GCom Internet public hosting servers for a number of years, and we are now moving forward with the final removal of all remaining external forwarders.

Users should expect any forwarders to external email addresses to shortly be disabled and removed. Additonally, any external forwarders detected as sending spam, or having items rejected by an external network for being suspected as spam, will be immediately disabled and removed.

Users with forwarders pointing to external networks should now urgently be migrating all such email addresses to full email accounts.

For more information, please see...

Creating an Email Account

Update - Email Storage Policies Enforcement - Rescheduled to 1st November, 2020

For background information, please refer to our past news item of 1st September at...

Email Storage Policies Enforcement

Originally scheduled for Thursday, 1st October, 2020, the automatic and regular purging of email items older than 2 months in folders of all email accounts has now been rescheduled to Sunday, 1st November, 2020.

Any clients who currently have email items older than 2 months stored on their servers should be sure to retrieve all email to their own local storage immediately, and then to regularly collect and remove all new email items thereafter.

Major Network Expansion - 28th September - 31st October

During the period from Monday, 28th September, 2020 through to Saturday, 31st October, 2020, GCom Internet will be migrating all core services from Equinix SY3 to our new Equinix SY5 network.

The CPUs, RAM, bandwidth and general resources we've allocated to these new servers are quite massive by Australian standards, and the servers are being brought online solely to handle the expansion of our web hosting operations.

In completing the upgrade, a huge amount of data will need to be transferred between live servers, and the data is scheduled to be moved one server at a time in multiple stages.

Although the process will be quite lengthy and complex, only minimal interruption is expected for clients.

Any clients managing their DNS externally should ensure they have their zones configured in full compliance with the instructons provided at...

Externally Delegated DNS Configuration

Email Storage Policies Enforcement - 1st October, 2020

GCom Internet's general documentation and public hosting policies clearly note that all email accounts require regular collection and removal of all stored email items.

Creating an Email Account

File Storage

Email and Spam

However, a small proportion of clients have created email accounts which have either gone completely unchecked since creation, or have been allowed to accumulate email for long periods.

As a solution to this, with effect from Thursday, 1st October, 2020, folders of all email accounts will be automatically and regularly purged of email items older than 2 months.

Any clients who currently have email items older than 2 months stored on their servers should be sure to retrieve all email to their own local storage immediately, and then to regularly collect and remove all new email items thereafter.

Update - Deprecation of External Forwarders

For background information, please refer to our past news items of 17th August, 2019 and 25th February, 2017 at...

Reminder - Deprecation of External Forwarders

Deprecation of External Forwarders

The creation of email forwarders pointing to email addresses on external networks is now fully disabled on all GCom Internet public hosting servers.

Additionally, users should expect any pre-existing forwarders to external email addresses to eventually be disabled and removed.

Users with forwarders pointing to external networks should already be actively migrating all such email addresses to full email accounts.

For more information, please see...

Creating an Email Account

PHP 7.2 Removal - 1st December, 2020

Active support for PHP 7.2 ceased in December, 2019, and extended security support will continue for the product only until December, 2020.

Accordingly, GCom Internet will discontinue provision of PHP 7.2 processing on all our public hosting servers with effect from Tuesday, 1st December, 2020.

Clients who have not already transitioned to PHP version 7.3 or 7.4 should begin upgrading and debugging their code now in preparation for the December, 2020 cutoff.

For further information, please refer to the following article...

Managing MultiPHP Versions

PHP 7.4 Installation - 6th July - 12th July

PHP 7.4 is now stable for production use and properly supported by cPanel.

We will be adding the option of PHP 7.4 to all our public hosting servers over the period 6th July to 12th July.

Before selecting PHP 7.4 as the active version for their site, clients should make themselves familiar with the information provided in the following PHP articles...

https://php.net/manual/en/migration74.php

https://php.net/manual/en/migration74.incompatible.php

https://php.net/manual/en/migration74.deprecated.php

For further information, please refer to the following article...

Managing MultiPHP Versions

Impending Decommission of White and Blue GCom Webmail

This item affects only GCom's email clients. This does not affect GCom's Australian hosting clients.

For background information, please refer to our past news item of 28th January, 2019 at...

Deprecation of White and Blue GCom Webmail

The legacy white and blue GCom Webmail interface has now been deprecated for well over a year, but many clients are still using that interface.

Any clients still using the white and blue GCom Webmail interface should read the above linked news item. Clients who have not already done so, should begin moving over to the new system which will soon fully replace the legacy interface.

Information related to the process of moving contacts from the old system to the new system is provided in the previous news item.

Full Absorption of cPanel Price Increase

For background information, please refer to our past news item of 11th July, 2019 at...

Oakley / cPanel Massive Price Increase

In mid 2019, under the control of its new owner of Oakley Capital, cPanel brought massive disruption to the industry with an astounding pricing increase to their licensing...

cPanel Price Hikes

By leveraging our considerable economy of scale and our ultra-conservative level of account loading across all our servers, GCom Internet is pleased to confirm that we will be fully absorbing the added costs of cPanel's increased licensing model.

cPanel will continue to be our primary hosting platform for all shared hosting clients. There will be no increase to the pricing of our hosting plans.

PHP 7.1 Removal - 1st December, 2019

Active support for PHP 7.1 ceased in December, 2018, and extended security support will continue for the product only until December, 2019.

Accordingly, GCom Internet will discontinue provision of PHP 7.1 processing on all our public hosting servers with effect from Sunday, 1st December, 2019.

Clients who have not already transitioned to PHP version 7.2 or 7.3 should begin upgrading and debugging their code now in preparation for the December, 2019 cutoff.

For further information, please refer to the following article...

Managing MultiPHP Versions

Backscatter Spam Protection

For background information related to backscatter and the spam it causes, please refer to the article at...

Backscatter (email)

With the latest anti-backscatter logic now contained in our network's Exim Message Transfer Agents (MTAs), it is more important than ever that clients ensure they configure their email handlers in line with our published policies and knowledge base articles...

In particular, clients should be aware that if they choose to create an email account with the same email address as a forwarder, then if the email account is allowed to fill up with stored email, all further incoming email directed to that address will normally be rejected at SMTP time. The incoming item will not be sent to either the email account or the forwarder target.

It has always been our policy that the use of our servers for anything other than short-term storage of email archives is not permitted. Clients are required to regularly collect and delete all email stored in all mailboxes associated with hosting accounts.

Reminder - Deprecation of External Forwarders

For background information, please refer to our past news item of 25th February, 2017 at...

Deprecation of External Forwarders

With the increasing problems related to reliable acceptance of forwarders by external networks in recent years, users with forwarders pointing to external networks should begin migrating all such email addresses to full email accounts.

Users should expect external forwarders to be fully banned on GCom Internet public hosting servers at some time in the future.

For more information, please see...

Creating an Email Account

Oakley / cPanel Massive Price Increase

On August 20th, 2018, cPanel signed an agreement to be acquired by a group led by Oakley Capital (Oakley). At that time, cPanel basically advised it would be business as usual with no anticipated price increases...

cPanel Oakley Investment FAQ

However, less than a year later, cPanel, now under Oakley control, has brought massive disruption to the industry with an astounding pricing increase to their licensing...

cPanel Price Hikes

For the moment, we will be absorbing the price increase internally for the benefit of our clients, and we will be considering various options over the next few months to protect our clients from the Oakley price gouging.

We will raise additional news items related to this matter as the situation becomes clearer.

MySQL Upgrades - 5.6 to 5.7 - 23rd April - 28th April

GCom Internet will be performing major upgrades on all our MySQL 5.6 stream servers to the 5.7 stream over the period 23rd April to 28th April.

We will be configuring MySQL 5.7 with disabled Strict SQL Mode, so all modern and well-coded applications should execute without any issues.

If clients encounter any MySQL 5.7 compatibility problems within their code, they should make themselves familiar with the information provided in the following article...

Changes in MySQL 5.7

PHP 7.3 Installation - 27th March - 31st March

PHP 7.3 has now been released for production use.

We will be adding the option of PHP 7.3 to all our public hosting servers over the period 27th March to 31st March.

Before selecting PHP 7.3 as the active version for their site, clients should make themselves familiar with the information provided in the following PHP articles...

https://php.net/manual/en/migration73.php

https://php.net/manual/en/migration73.incompatible.php

https://php.net/manual/en/migration73.deprecated.php

For further information, please refer to the following article...

Managing MultiPHP Versions

PHP 5.6 - Brief Extension

For background information, please refer to our past news items of 18th September, 2018 at...

PHP 5.6 Removal

PHP 7.0 Removal

As scheduled, PHP 7.0 was fully removed from all our public hosting servers on 1st Januay, 2019.

However, we still have a small number of users who have not yet fully upgraded their code away from the obsolete PHP 5.6 stream. In view of this, we are currently running a special version of PHP 5.6.39 which is being manually patched for hardening against known vulnerabilities.

It is now critical that any clients who have not already transitioned to PHP version 7.1 or 7.2 should urgently debug their code and upgrade to the new PHP streams.

For further information, please refer to the following article...

Managing MultiPHP Versions

Deprecation of White and Blue GCom Webmail

This item affects only GCom's email clients. This does not affect GCom's Australian hosting clients.

The current white and blue GCom Webmail interface is now reasonably old, and will soon run into issues in reliably decoding a number of newer email formats.

Clients should now regard the old interface as deprecated, and should begin moving over to the new interface at...

https://wm.gcom.net.au

To allow clients to migrate over to the new system in their own time, we will leave the existing email interface in place for an extended period at its current address. However, we will eventually remove the old interface entirely and point all its associated links to the new package.

Clients can transfer their existing contacts from the old system to the new system using the following process...

To export from the old system - Login > Address Book > Private address book > Export contacts.

To import into the new system - Login > Contacts > Click on the dropdown arrow > Import > Import.

Reminder - Removal of SquirrelMail

For background information, please refer to our past news item of 25th May, 2018 at...

Removal of SquirrelMail

Currently, GCom Internet public hosting servers are running the latest cPanel stable stream of version 74. The next major upgrades will be to version 76, and then to version 78.

SquirrelMail is now planned for full removal in version 78 of cPanel. This allows only a few more months before SquirrelMail will no longer be accessible.

All Webmail users should now urgently move from the SquirrelMail interface to the much more robust Horde interface which has always been our recommended webmail application for all users.

For further details related to logging in to webmail, please refer to the following knowledge base articles...

PHP 7.0 Removal - 1st January, 2019

Active support for PHP 7.0 ceased in December, 2017, and extended security support will continue for the product only until December, 2018.

Accordingly, GCom Internet will discontinue provision of PHP 7.0 processing on all our public hosting servers with effect from Tuesday, 1st January, 2019.

Clients who have not already transitioned to PHP version 7.1 or 7.2 should begin upgrading and debugging their code now in preparation for the January, 2019 cutoff.

For further information, please refer to the following article...

Managing MultiPHP Versions

PHP 5.6 Removal - 1st January, 2019

Active support for PHP 5.6 ceased in January, 2017, and extended security support will continue for the product only until December, 2018.

Accordingly, GCom Internet will discontinue provision of PHP 5.6 processing on all our public hosting servers with effect from Tuesday, 1st January, 2019.

Clients who have not already transitioned to PHP version 7.1 or 7.2 should begin upgrading and debugging their code now in preparation for the January, 2019 cutoff.

For further information, please refer to the following article...

Managing MultiPHP Versions

Removal of SquirrelMail

Over the next few version updates, cPanel will deprecate and then fully remove the SquirrelMail webmail application.

SquirrelMail's last update was May 30th, 2013, with their last full release provided on July 12, 2011. In that seven years, four versions of PHP have reached End of Life, and SquirrelMail has not kept pace with either operational or security changes.

All Webmail users should now move from the SquirrelMail interface to the much more robust Horde interface which has always been our recommended webmail application for all users.

For further details related to logging in to webmail, please refer to the following knowledge base articles...

Global SMTP Email Relaying

Effective immediately, GCom Internet now provides high availability SMTP email relaying servers for business grade email delivery via the Amazon SES infrastructure.

For further details, please visit our email relaying page.

Multiple PHP Availablity

Effective immediately, GCom Internet now provides hosting cilents with self-configurable access to all non EOL production versions of PHP.

All versions of PHP run under the same high performance PHP-FPM handler with bytecode caching active.

For further information, please refer to the following article...

Managing MultiPHP Versions

File Versioning and Restoration

With the migration to our new cloud servers now being completed, GCom Internet has brought online versioning and self-restoration services at a file level for all hosting clients as standard.

For further information, please refer to the following article...

Performing a File Restoration

Full-Site System Backup Downloads

Related to the news item immediately above, clients now have access to GCom Internet's own system-centric full-site backups which provide similarly versioned availablity to the services operating at a file level.

For further information, please refer to the following article...

Downloading an Account Backup

Removal of cgiemail and cgiecho - 4th December - 10th December

The author of the cgiemail and cgiecho scripts has not provided maintenance of this code in a decade. For many years now, we and other third parties have coded essential patches for issues and vulnerabilities as they have been discovered.

However, recently discovered flaws in the software have shown cgiemail and cgiecho to no longer be suitable for modern, shared hosting environments.

Accordingly, over the period 4th December to 10th December, GCom Internet will be removing support for cgiemail and cgiecho from all our public hosting servers.

In the unlikely event that clients still have cgiemail or cgiecho dependencies within their code, they will need to upgrade their software to a current version, or manually patch their code with a suitable workaround.

Removal of Dedicated IPs and Associated Fees

In September of 2016, GCom Internet began providing all shared hosting accounts with free SSL/TLS certificates as standard. For more information, please refer to the following article...

Free https:// SSL/TLS

With all modern operating systems and browsers now fully supporting SNI for SSL/TLS certificates, we are consequently removing the redundant option of providing dedicated IPs for shared hosting accounts, and will be removing the associated monthly fee from all accounts previously relying on dedicated IPs.

Starting immediately, GCom Internet will be transitioning any hosting accounts with dedicated IPs to SNI. Account owners with properly delegated domains need take no special action. Any clients with domain delegation errors will be contacted directly as their sites are moved away from dedicated IPs.

New Method of Pre-Delegation Access to Services

Because of the clumsiness and inherent security risks associated with cPanel's default method of providing pre-delegation access to services, GCom Internet has coded and implemented an in-house solution to provide a cleaner and more secure method of accessing services for clients with domains not yet delegated to our DNS servers.

For specific information related to this new feature, please see...

Services Access

Due to the provision of this new method of pre-delegation access, the default cPanel method of providing temporary access to services will now be phased out. Please see the news article immediately below.

Removal of Default cPanel Temporary Access Method - 23rd June

Because of the provision of our new method of pre-delegation access to all hosting clients' services as detailed immediately above, the default cPanel method of providing temporary access to services will now be phased out.

Details of the deprecated temporary access method are available at...

Temporary Access (Deprecated)

The default cPanel temporary access method will be completely disabled after 23rd June, and clients should instead implement processes in line with the new method of pre-delegation access detailed at...

Services Access

Increased LVE Process Resources - 28th May

With the completion of migrating all GCom Apache hosting servers to the Event Multi-Processing Module as notified in the news item immediately below, we have now also increased the process resources of all hosting clients' virtual environments.

Entry processes, physical memory, PHP memory_limit, CPU and disk I/O (sustained and burst) have all been increased between 25% and 300%.

It is important that site administrators do not regard this increase in resources as a reason to neglect keeping site coding and configuration tight and efficient for a shared hosting environment. Normally, well coded sites should very rarely reach their LVE resource limits.

Please note that it is normal for cPanel resource graphs to look fractured over any period where both the old and new resource limits apply.

Apache Event MPM Migration - 23rd May - 28th May

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

Over the period 23rd May to 28th May, we will be migrating all GCom Apache hosting servers to the now stable Event Multi-Processing Module.

This migration should cause no downtime for hosted sites, and will automatically benefit all users with reduced resource usage.

Information regarding the nature and benefits of the mpm_event_module can be found at...

https://httpd.apache.org/docs/2.4/mod/event.html

Deprecation of External Forwarders

With the increasing problems related to reliable acceptance of forwarders by external networks in recent years, users with forwarders pointing to external networks should begin migrating all such email addresses to full email accounts.

Users should expect external forwarders to be fully banned on GCom Internet public hosting servers at some time in the future.

For more information, please see...

Creating an Email Account

Outdated Software Exploitation

World wide scanning and exploitation attacks on outdated WordPress, Joomla, Drupal and other CMS and general applications have greatly increased recently.

For their own security, all hosting clients are reminded that they are required to keep all installed applications up to date with the latest stable version of the package as per our hosting policies

As at the time of this posting, the current versions of some common applications are...

  • WordPress 4.7
  • Joomla 3.6.5
  • Drupal 7.5.3
  • Concrete 5.7.5.11
  • Mambo 4.6.5
  • osCommerce 2.3.4

For any other applications running on your site, please check directly with the distributor of the package for the current version, and update accordingly.

If you need any assistance with this process, please be in contact with your web developer or local IT support staff.

Free Comodo SSL/TLS DV Certificates

As of today, 14th September, GCom Internet will begin the roll-out of the free generation, approval and installation of Comodo SSL/TLS Domain Validated (DV) certificates for all domains and subdomains of all hosting clients across all our public hosting servers.

For specific information related to this new feature, please see...

Free https:// SSL/TLS

All clients with existing SSL/TLS certificates will now have their future renewals performed for free. If any existing SSL/TLS clients would also prefer to move from a dedicated IP to SNI to save the monthly fee for a dedicated IP, please simply email us a notification from your Administrative and Billing Contact (ABC). For more information related to SNI, please see the external article at https://en.wikipedia.org/wiki/Server_Name_Indication.

Because of this addition of free Comodo SSL/TLS certificates as standard for all current and new hosting accounts, our legacy shared SSL system will now be phased out. Please see the news article immediately below.

Removal of Legacy Shared SSL - 30th September

Because of our new free provision of Comodo SSL/TLS Domain Validated (DV) certificates to all hosting clients as detailed immediately above, our legacy shared SSL system will now be phased out.

Details of the deprecated shared SSL method are available at...

Shared SSL (Deprecated)

Any clients relying on the shared SSL system to provide encryption to their visitors should now modify their code to use https:// access via their own domain name and personal Comodo SSL/TLS certificate.

The legacy shared SSL system will be completely disabled after 30th September.

PHP Upgrades - PHP 5.5 End of Life - 4th July - 10th July

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

We will be performing major upgrades on all our PHP 5.5 stream servers to version 5.6.22 over the period 4th July to 10th July.

We again strongly recommend that all hosting clients make themselves familiar with the information provided in the following PHP articles...

https://php.net/manual/en/migration56.php

https://php.net/manual/en/migration56.incompatible.php

https://php.net/manual/en/migration56.deprecated.php

As PHP 5.6 is also rapidly approaching end-of-active-support, we additionally recommend careful investigation of the following PHP articles in anticipation of the eventual upgrade of all servers to PHP 7.0...

https://php.net/manual/en/migration70.php

https://php.net/manual/en/migration70.incompatible.php

https://php.net/manual/en/migration70.deprecated.php

https://php.net/supported-versions.php

PHP allow_url_fopen Permanently Disabled

For many years now, it has been a basic tenant of server security that PHP's allow_url_fopen should not be enabled on production servers. This has always been the position of the PHP Security Consortium, as detailed at...

http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html

Although our hosting policies disallow any PHP application which requires allow_url_fopen to be enabled, we have trialled allowing exceptions to that policy since April, 2015. However, because of the ongoing risks caused by missing or incomplete sanity checks in users' self-coded PHP applications, and also due to poor coding practices evident even in some distributed applications such as...

https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/

...we can no longer allow any exceptions to this policy. PHP's allow_url_fopen will now be permanently disabled, without exception, on all our public hosting servers, just as allow_url_include has always been.

If users have any legacy applications affected by allow_url_fopen being disabled, they should immediately upgrade their applications, or manually convert their old code to a curl implementation. A good reference which explains this simple process can be found at...

http://www.radwin.org/michael/2003/07/03/php_libcurl_example/

Users should be in touch with their web developer or local IT support provider if they need further information or assistance.

Google Chrome AuthName Feature/Bug

A new feature/bug is becoming increasingly encountered by users of the latest release of the Chrome browser as detailed at...

https://productforums.google.com/forum/#!topic/chrome/uMMFajaOWX8

This is causing difficulty for WordPress administrators using Chrome to log in to their wp-login.php interface through our Bot Protection Layer as detailed at...

Application Bot Protection Layer

Until new Chrome code is released to correctly handle the AuthName value, we will need to keep our Bot Protection Layer disabled on all our public hosting servers.

As always, all WordPress users are strongly advised to include brute force protection in their installations. For general information related to standard options for WordPress, please see...

https://wordpress.org/plugins/search.php?q=brute+force

Concrete5 5.x / Apache 2.4.17 Conflict

A conflict with Apache 2.4.17 currently exists in all Concrete5 5.x installations.

Visitors to Concrete5 sites will encounter "Page Not Found" errors when clicking on menu items and page links when both of the following two conditions are true...

  1. The "Pretty URLs" option is enabled within Concrete5
  2. The web server is running the current version of Apache 2.4.17

Until corrective software updates are available, two alternative solutions exist for the problem...

  1. Disable the "Pretty URLs" option within Concrete5
  2. Add the following line to the Concrete5 config/site.php file
define('SERVER_PATH_VARIABLE', 'REQUEST_URI');

At this stage, the latter option appears to be the most suitable as it retains existing URI references consistent with search engine listings.

*** IMPORTANT ***

To allow client sites to operate normally for visitors, we have already applied this patch to all Concrete5 installations found on our hosting servers.

No further action should be required by site managers unless they overwrite the existing config/site.php files. If that occurs, the patch will need to be manually reapplied to the file.

All clients with Concrete5 installations are also advised to keep their applications up-to-date with the latest available version at all times. For Concrete5 version information, please see...

https://documentation.concrete5.org/developers/background/version-history

PHP Upgrades - PHP 5.4 End of Life - 17th October - 25th October

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

We will be performing major and minor upgrades on all our PHP 5.4 and 5.5 stream servers to version 5.5.30 over the period 17th October to 25th October.

Because PHP 5.4 has reached end-of-life and is no longer receiving security updates, it is now unsuitable for use in production environments.

We again strongly recommend that all hosting clients make themselves familiar with the information provided in the following PHP articles...

https://php.net/manual/en/migration55.php

https://php.net/manual/en/migration55.incompatible.php

https://php.net/manual/en/migration55.deprecated.php

As PHP 5.5 is also rapidly approaching end-of-life, we additionally recommend careful investigation of the following PHP articles in anticipation of the eventual upgrade of all servers to PHP 5.6...

https://php.net/manual/en/migration56.php

https://php.net/manual/en/migration56.incompatible.php

https://php.net/manual/en/migration56.deprecated.php

https://php.net/supported-versions.php

Google Chrome https Feature/Bug

A new feature/bug has been widely encountered in the current release of the Chrome browser as detailed at...

https://www.code.google.com/p/chromium/issues/detail?id=505268

This is causing difficulty for visitors to some web sites when they are using the affected browser. The problem is encountered particularly with sites using an installation of the WordPress WooCommerce plugin prior to version 2.3.13, as discussed at...

https://wordpress.org/plugins/woocommerce/#developers

All clients with WooCommerce installations should immediately upgrade to the current version, or remove the installations entirely if no longer required.

New Standard and Advanced Hosting Plans

GCom Internet has recently released two new hosting plans which complement rather than replace our legacy Gold and Platinum plans. Although we will not be accepting new orders for Gold or Platinum hosting, we will be keeping the legacy plans operational indefinitely for existing clients.

The new Standard and Advanced plans provide two or three times the bandwidth and disk space resources of our legacy plans, but with no increase in price. However, there are new limits imposed on the total number of mailboxes and the per mailbox maximum disk quota under the new plans.

For details of the new plans, please visit our hosting plans page.

If you would like your existing Gold or Platinum hosting to be cross-graded to one of the new plans, please log in to your cPanel to ensure that all of your existing email accounts have a disk quota set specifically to 250MB or less, and then drop us an email from your recorded Administrative and Billing Contact (ABC) email address authorising the change of plan.

Please note that each of your configured email accounts must have a set value for the disk quota. They cannot be set to "∞".

In most cases, you will receive much greater resources for no additional cost on the new plans, and in the case of legacy Platinum accounts, you may be able to halve your monthly hosting fee by cross-grading to the new Standard plan.

We hope to hear from you soon.

PHP Upgrades - PHP 5.3 End of Life - 12th March - 22nd March

This item affects only clients using GCom's Australian hosting services. This does not affect GCom's Australian ISP access clients.

We will be performing major and minor upgrades on all our PHP 5.3 and 5.4 stream servers to version 5.4.38 over the period 12th March to 22nd March.

Because PHP 5.3 has reached end-of-life and is no longer receiving security updates, it is now unsuitable for use in production environments.

All legacy PHP 5.3.29 servers will now be upgraded to 5.4.38.

We again strongly recommend that all hosting clients make themselves familiar with the information provided in the following PHP articles...

https://php.net/manual/en/migration54.php

https://php.net/manual/en/migration54.incompatible.php

https://php.net/manual/en/migration54.deprecated.php

As PHP 5.4 is also rapidly approaching end-of-life, we additionally recommend careful investigation of the following PHP articles in anticipation of the eventual upgrade of all servers to PHP 5.5...

https://php.net/manual/en/migration55.php

https://php.net/manual/en/migration55.incompatible.php

https://php.net/manual/en/migration55.deprecated.php

https://php.net/supported-versions.php

Termination of Dialup Services - 31st March

This item affects only the few GCom Internet clients still using dialup internet access.

At the end of March, 2015, GCom Internet will be removing our remaining local and national dialup lines, and terminating our dialup internet access product.

Dialup internet access is now a truly outdated product, and only a few GCom Internet users still have active dialup accounts. The cost for us to provide dialup services, along with the poor relative value of dialup for the end-user when compared with broadband connections, now makes the product unreasonable to continue.

We've enjoyed supplying dialup access to our users for many years, but for quite some time we've been funding the considerable cost of providing the product with profits from other sides of our operations, and the time has definitely come to finally terminate the product.

The removal of dialup access will have no impact on our core services of web and email hosting, and GCom Internet clients' email accounts will continue unaffected, although all email addresses will now simply be invoiced on a flat rate of $3.50/month per address.

We apologise for any inconvenience caused to our remaining dialup users, but assure you that you will be much better served using a modern broadband connection.

Tim Thumb - End of Life

The timthumb.php image manipulation utility has been generally regarded as a dead product with critical security issues for a while now. For the most recent background information, please see...

https://cxsecurity.com/issue/WLB-2014060134

https://www.binarymoon.co.uk/2014/09/timthumb-end-life/

Despite being listed as a banned application in our hosting policies, we're still encountering instances of existing and new clients running non current versions of the package on their sites. Accordingly, we've now forcibly upgraded all instances of timthumb.php to the current (and probably final) version of the package on all our shared hosting servers.

Clients should urgently remove their reliance on the application, as any further vulnerability and exploit occurrences will very likely result in its permanent blocking network-wide on all our servers.

Web Folder Index Listing Security

Due to a current exploit relying on the ability to access raw file listings in web folders without index.html or other suitable default index files being present, we've changed the default index listing behaviour on all our shared hosting servers.

Previously the default was to allow raw file listings in any web folders where users did not specifically set protection on their folders. However, now the network wide default is to disallow raw file listings in web folders.

In the rare cases where such access is genuinely required, users can reactivate the raw file listing behaviour for specific folders by way of the "Index Manager" icon in the "Advanced" group of icon in their cPanel, or via an appropriate .htaccess directive.

Please think carefully before taking such action, and do so only on a folder by folder basis as required. In almost all cases, there are better and more secure alternatives to simply allowing visitors to directly examine your internal web file structure.

PHP4 - End of Life

At the end of 2007, the PHP development team announced that support for PHP 4 had officially ceased, although critical security fixes could continue to be made available on a case-by-case basis until August, 2008.

We've continued legacy support for the product for many years longer than that, but support for PHP4 has now been permanently discontinued on all our public hosting servers.

Microsoft FrontPage - End of Life

Microsoft officially terminated their FrontPage web development product in 2006, and we originally set December, 2006 as the advised target date for end users to work around any reliance on the discontinued product.

We've continued legacy support for the product for many years longer than that, but support for FrontPage extensions has now been permanently discontinued on all our public hosting servers.

Removal of Autoresponders - 4th December - 8th December

During the period from 4th December through to 8th December, GCom Internet will be disabling all autoresponders currently active in client accounts on all our Australian and USA shared hosting servers. This feature will no longer be available to shared hosting accounts.

This has become necessary due to clients leaving autoresponders in place for extended periods of time, and allowing them to respond blindly to all incoming email including spam and phishing type items with false reply-to addresses.

We regret any difficulty this decision may cause to those few users with active autoresponders in place, but the risk of having our servers blacklisted due to blind autoresponders has become too great for us not to take this action for the benefit of our clients as a whole.

Application Bot Protection Layer Installed

In April, an unprecedented worldwide bot driven attack was initiated against WordPress sites. The attack hits sites at a massive rate, attempting to brute force administrator passwords. Apart from the security risk to the sites themselves, the ferocity of the attack is such that it effectively represents a DDOS attack on the hosting servers. The attack is often levied from tens of thousands of IP's.

After coding and testing a number of mitigation solutions to deal with the learning and evolving nature of the attack, we eventually settled on a front end CAPTCHA challenge which we've installed to protect all wp-login.php accesses. When users now access their WordPress administrator login, they are first presented with a CAPTCHA challenge dialogue. The instructions contained in the dialogue supply an alphanuma string to be entered as a user name, and a simple number sum to be entered as a password. These values need to be manually entered as a first layer protection for all WordPress administrator logins. The user name and password values will be changed from time to time as required for effectiveness.

General opinion is that similar attacks will eventually be levied against other popular CMS and related applications, and we will add this top layer CAPTCHA challenge protection to other applications as required.

Scroll