Tonight a serious issue has temporarilly affected many of our customer websites and servers. NO DATA HAS BEEN LOST, although websites, cPanel itself and SSH are currently unavailable. IMAP, POP3 and SMTP appear to be working normally.

I’d like you to know we are working hard to make sure everything is back up in a timely manner, and I will update as soon as possible, as information reveals itself.

Thank you for understanding, and thank you for choosing us as your web host.

- Mark Mutti

As usual, support will be available 24 hours a day, even during this Thanksgiving Holiday here in the United States. We are also working on expanding our livesupport (live chat) hours for your convenience!

For those who celebrate the holiday, we hope you have a fun and happy Thanksgiving, and as always, we are very grateful to be your web hosting provider. Thank you!

(Gobble gobble)

- Mark Mutti
Owner, PhireFast.com

After our own research, and communication with other web hosting and email providers, we have confirmed that Verizon has started blocking Port 25 (SMTP) access on their platform.

For many years, PhireFast has run an SMTP Relay on Port 26 for our clients facing this restriction from their ISPs, which until now has mainly only been AT&T DSL and Earthlink.

The Fix: Simply access your email program’s settings and change your POP3 email account’s SMTP port from 25 to 26 and you should be alright. IMAP platform users are not affected by Verizon’s switch-over.

The Reason: Many ISPs block port 25 to prevent the transit of spam on their network. By blocking access to this common port, one extra layer of “protection” (or so they say) is added to their network.

As always, please feel free to ask us for help by submitting a Support Request.

Thank you for hosting with us!

Just download and install the latest version of Pidgin. It will automatically upgrade your current version.

US-CERT Emailed today:

Pidgin has released a security advisory to address a vulnerability affecting libpurple. This vulnerability is a buffer overflow that may allow an attacker to execute arbitrary code. Libpurple is used by multiple instant messenger (IM) programs including Adium and Pidgin.

IM applications that use libpurple may distribute it as a part of their security updates. Users are encouraged to update affected IM software as soon as possible. A partial listing of IM programs that implement libpurple can be found in the “What is libpurple?” webpage on the Pidgin website. Additional information may be found in the US-CERT Vulnerability Notes Database.

Excerpted from their email blast earlier today, new features include:

* Improved search and member list performance
* Date filter options for Active Content page
* Many improvements for Sphinx searching (i.e. ability to filter by forum, ability to search titles only, ability to group posts as topics, plugin functionality for modifying the query, and misc bug fixes)
* Ability to hide an application’s tab on the front end, while still allowing it to be publicly accessible
* Improved IP address lookup tool can now support add-on applications
* Portal option to not pin pinned topics for articles
* Added link to user profile when editing a member in ACP
* Added display of time remaining for suspended members when editing a member in ACP
* Spam Monitoring Service support
* Ability to control image quality for Gallery images (jpg/png only)
* PHP version 5.3 is now supported in IP.Board except for OpenID login method. We are awaiting updates from OpenID vendors.

These features look promising, and I recommend if you can, upgrade to it! The improvements to the search are worth it alone, in my opinion.

Also from their email:

You can download IP.Board 3.0.2 and any applications you have an active license for in the client area. As always, make a backup of your community before proceeding.

If you need a hand with this, let us know! We’re here for you, day and night.

Happy foruming! Thanks for hosting with PhireFast!

Twitter.com is being DDOSed right now, and the event is reminding us that even Twitter, with their bottomless funding and technical contacts, has been unusable most of the day.

This is a grim reminder that the internet is just like the wild west. Everyone server administrator is responsible for their own “e-land,” and when the bigger boys come in to town and start wreaking havoc, you better watch out.

The winner of most DDOS attacks is the contestant with the most bandwidth. DDOS attacks often come from hundreds or thousands of IP addresses and locations which are constantly changing – A situation which is nearly impossible to block. The analogy I’ve always liked is “you’re trying to shoot several moving targets.” In this case, it’s obvious that Twitter is being overpowered, and for this, I wish them luck.

Promotion that makes no sense right now, seeing that they’re down:
Don’t forget to check out PhireFast on Twitter! twitter.com/phirefast

Regarding the DDOS attack against PhireFast two weeks ago:
Incoming DOS Attacks (Update: Federal Report Now Filed)

Wishing luck to Twitter today. Happy hosting!

If you are one of our clients who uses an iPhone, we thought you should know about a new security risk Apple has just released an update to fix.

Apple has released iPhone OS 3.0.1 to address a vulnerability in the CoreTelephony component. By sending a specially crafted SMS message to a user, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users review Apple article HT3754 and apply any necessary updates to help mitigate the risk.

Source: US CERT & Apple

On behalf of the PhireFast Team, I wish you best of luck!

UPDATE (11:49am PT, Fri July 17 2009): Things have been running smoothly since my last update. Our new firewalls are doing the trick and an average of 30 new attacking IPs per hour are successfully being blocked. We are currently filing reports of this incident on a federal level with the FBI’s IC3 department to further re-enforce the fact we take incidents like this very seriously. The report will be made public by PhireFast when all is said and done. Thanks again for hosting with PhireFast!

UPDATE (5:11pm PT, Thurs July 16 2009): I’m pleased to announce it looks like the problems have been resolved now and we’re readier than ever to face another massive DDOS attack like this one proved itself to be. Thank you guys for hosting with PhireFast – This is real-time assurance you’ve chosen a competent host!

UPDATE (8:23am PT, Thurs July 16 2009): The all-knowing engineers are now in and helping block one last set of IP addresses. We managed to keep server loads low throughout the night, and are now blocking out an IP spoofer.

UPDATE (12:21am PT, Thurs July 16 2009): Looks like we have this under control (for now, anyway.) Will keep you posted all the way to the end.

UPDATE (11:27pm PT, still Weds July 15 2009): We’re currently under attack from an IP address right here in Los Angeles. Oh, the irony! I say we go knocking on every door until we find the culprit. Nothing better than humor to get us through hard times like this. :-p

Original post:
Thanks to the talent, skill and experience of our team, it’s very rare we have problems like this to report.

However, tonight, multiple PhireFast servers have fallen under medium-scale Distributed Denial Of Service attacks, also knows as DDOS attacks. (Wikipedia article about DDOS Attacks)

What is assumed to be nothing more than an unusually impressive attempt from some kids somewhere, is taking a bit longer to clear up than expected.

All servers have been and are currently online and functioning. There has been no interruption in service, though you may have noticed a little sluggishness these evening, and for this we apologize.

DDOS attacks can be difficult to deal with. Think of one as trying to shoot several moving targets – Attacks spawn from many locations all around the world.

Granted we have handled tonight’s attack very quickly and effectively, the war has not yet been won. We do have DDOS mitigation hardware in place and are putting it to good use tonight.

I will personally be keeping you posted throughout this ordeal.
(No technicians were harmed in the making of this blog post.)

PhireFast and iPocalypse are working together to bring an affordable new package to members of the iPocalypse network, although the package is not limited to only iPocalypse members.

The iPackage
25GB Disk Space
250GB Bandwidth/Month.
cPanel + Webmail
PhireFast’s Hourly Offsite Backups
… and more! View full specs »

For those of you already hosting with us, we hope you are enjoying our quality of service, and invite you to add an IRC chat to your website – It only takes a few minutes and is backed by the friendly staff of iPocalypse (and it’s free!)
Add a chat to my website »

For those considering getting started, we invite you to experience a whole new combination of affordability and quality, via the iPackage!

We hope current clients are enjoying our service, and we extend an invitation to future clients to contact us at any time with any questions.

I’d like to take a moment to post some interesting news which has the potential to affect many of our clients. This news is regarding a relatively new web-based exploit you should be aware of.

Gumblar Malware Exploit Circulating

added May 18, 2009 at 12:47 pm
US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc.  The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.

US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate the risks.

US-CERT will provide additional information as it becomes available.
Source: http://www.us-cert.gov/current/index.html#gumblar_malware_attack_circulating

This instance serves as a good reminder to keep FTP information safeguarded, and web software updated. This especially goes for CMS systems, Blog and Forum software.

As always, we’re here to help. If you should need any help updating your web-based software, please let us know. We are able to assist with this in most cases, and as always, are willing to go to any extent to keep our network safe for you and your visitors.

As always, practice safe browsing and hosting.
Thank you for hosting with us! We’re proud to be your host!

- Mark A Mutti
PhireFast Administration
e: mark.mutti[~at~]phirefast.com
p: (866) 350-4456 Ext 100