OpenSSL Heartbleed exploit and what it means for you (CVE-2014-0160)

April 10th, 2014 @ 03:50PM - 0 Comment(s)

OpenSSL HeartbleedAt the start of this week there was an OpenSSL vulnerability that was made public which effectively allowed hackers to be able to dump 64kb worth of content sitting in the server memory. This memory is often used to store private keys and other private information.

For those that are unaware, OpenSSL is the cryptographic library that is used to secure a very large percentage of the Internet’s traffic (including services with majority of web hosting providers around the world, including VentraIP Australia).

Whilst there is no proof of concept showing that private keys for SSL certificates could be leaked in their entirety using this vulnerability, the threat definitely exists and could potentially allow users to decrypt  SSL encrypted data (which is especially bad for credit card transactions).

We would also like to stress that we have no reason to believe that any data has been breached from any of our infrastructure.

To mitigate this and protect our clients, we have upgraded OpenSSL on all our shared hosting servers and have recompiled Apache & PHP. For our Business cPanel Webhosting clients we have updated to the latest release of LiteSpeed to patch the potentially destructive vulnerability.

Clients with a cPanel VPS should have received the OpenSSL update through the nightly cPanel update function, however,  you can complete a few easy steps via SSH to force an update to the OpenSSL library:

yum clean all && yum update openssl -y
service httpd stop
service httpd start

Whilst we have no reason to believe that any data was breached, we suggest all clients rotate their passwords – and ensure that they don’t use the same password across multiple websites.

For clients that wish to have their SSL certificate  ’rekeyed’  – which is the process of generating a new private key for your existing SSL certificate (what is used to decrypt secure information) — then our technical support team will be more than happy to assist with this via eTicket through VIPControl.

All of VentraIP Australia’s corporate SSL certificates – including VIPControl, Order Forms & website – have been rekeyed to ensure maximum security for our clients.

As we have no reason to believe that there was any breach to our infrastructure, we will not be terminating any VIPControl client sessions, however, clients who have active sessions can use the ‘Logout’ button and then login again to re-establish a new session.

You can find more information on the OpenSSL Heartbleed exploit online at Codenomicon’s heartbleed.com website.


It’s sale time! 75% off new hosting, 50% off new VPS and more!

March 28th, 2014 @ 12:25PM - 2 Comment(s)

It’s sale time! Until midnight Sunday you can take advantage of any of the offers below, and remember to forward this email to your family or friends and let them get in on the deals as well!

Today we’ve got 75% off all new EconomyMulti and Business hosting services. What a bargain! Just use coupon code 75OFF when placing your order on our web site, and be sure to pre-pay 1, 2 or 3 years in advance to make the most of it.

Next up are some discounted domain names! Register any new .com.au or .net.au domain name for just $19.95 for 2 years, saving $5.00! No coupon required, just go to the web site and register. Please note that this offer is only available for new registrations and not available for renewals!

Have you been thinking about upgrading to a VPS? Well today is the day! We’ve got a massive 50% off all newBusiness VPS and Economy VPS services with limited stock in Sydney and Melbourne. Use coupon code 50VPSwhen placing your order on our web site, and you can pre-pay up to 1 year in advance. Get in quick because this one is guaranteed to sell out!

And finally… how does a half price EasyTrust SSL certificate sound? At just $24.95 for 1 year, there has never been a better time to secure traffic to your web site! No coupon required, just login to VIPControl or head to our web site and place your order.

That’s everything we have today, but I promise there is something BIG coming in May, and yes, we will have renewal and upgrade discounts available then so keep an eye out for that! ;-)

One last thing… every order placed during this promotion will get you in the draw to win 1 of 2 $500 WISH Gift Cards!! The winners will be announced on Monday, so good luck!!

These offers MUST end at midnight Sunday, so be sure to get your order in and don’t miss out. And remember to share these offers with your friends and family!

Have a great weekend!


Post incident report for service disruption on 28/02

February 28th, 2014 @ 06:42PM - 0 Comment(s)

Today we experienced a service disruption to all services hosted from our Sydney data centre, and partial disruption to services hosted from our Brisbane data centre, for approximately 20 minutes between 11:18AM and 11:38AM AEDST.

Cause

The service disruption was caused by a power surge and brief loss of power to the primary feed due to the primary UPS bank overheating after an earlier air conditioning failure. Once on site, data centre technicians manually transferred supply direct to mains power which restored power to the primary feed.

Even though the majority of our infrastructure is supplied power from both the primary and secondary power feeds, it appears that some of our provider’s networking equipment is not which caused the complete loss of network services to the facility. The majority of our cPanel shared hosting and VPS customers who had already been migrated to our new Dell platform did not experience a loss of power and therefore the system up time would remain.

Restoration

When power was returned to the primary feed just after 11:30AM AEDST, our provider was able to restore network connectivity and our team was able to perform a post incident assessment. At this time, approximately 95% of services in Sydney returned to normal operation, however there were some minor issues with legacy hardware that is still powered only by a single feed.

Prevention

This is the third issue that we have had with power in this facility, and we have made it clear that as soon as we were able we would be relocating all services out of this data centre in to the new NextDC S1 enterprise data centre. This move has been in planning for several months and is already scheduled to take place on the evening of Saturday, March 22. A status event is scheduled to be posted next Monday, with a follow up email to all customers shortly after.

The move to NextDC S1 will rectify a number of key issues we have with the current facility, including power availability and network redundancy.

Every device will be powered by dual power, and any single corded legacy devices will be powered through an ATS (Automatic Transfer Switch) which automatically detects a loss of power in one feed and switches it to another without disruption. Our network will also no longer be reliant on a single provider to deliver multiple services, and will utilise a number of providers and diverse network paths for complete redundancy.

The new network in NextDC S1 will be provided by Synergy Wholesale, which features a brand new Brocade-powered network with dual redundant connectivity from a tier 1 transit provider, a tier 2 transit provider, and gigabits of peering from multiple internet exchanges in NSW.

These changes will ensure that an issue of this nature is unable to happen again without some extraordinary circumstances taking place beforehand.

Providing a high quality service to all of our customers is paramount to our business and our Management team, and we are satisfied that work that has already been completed and changes that are due to be made in three weeks time will prevent issues of this nature from happening in the future.


VentraIP Wholesale to become Synergy Wholesale

January 14th, 2014 @ 02:18PM - 7 Comment(s)

VentraIP Wholesale becomes Synergy Wholesale

VentraIP Group, Australia’s sixth largest domain name and web hosting provider, today announced that its highly successful wholesale division will be separated and re-launched under the new name Synergy Wholesale, to meet growing demand for an independent, full service wholesale platform for Australian resellers.

Synergy Wholesale will officially launch in Q2 2014 subject to final approval from regulatory bodies auDA and ICANN.

The company will continue to offer all of the wholesale services previously available under the VentraIP Wholesale banner to nearly one thousand existing resellers, including domain names, web hosting, SSL certificates and online SMS, while adding a range of new infrastructure services such as rack space in NextDC enterprise data centres, premium internet bandwidth, virtual and dedicated servers.

angelo_1

Twenty-two year old co-founder and CEO of VentraIP Group and Synergy Wholesale, Angelo Giuffrida, said Synergy Wholesale would fill a void in the market that is grossly under serviced and ignite competition in the sector.

“Since Distribute.IT suffered a critical cyber security incident that ultimately lead to its demise in June 2011, the local wholesale market has been a virtual monopoly to the only remaining company that services clients who require a wholesale partner that does not directly offer a retail product. However, they do not offer the full suite of services that we will, and I am very confident that with the introduction of Synergy Wholesale the landscape is set for a big change”, he said.

Angelo goes on to explain that Synergy Wholesale will also take over the data centre and network infrastructure component of the existing VentraIP Australia retail business, allowing it to focus more closely on its retail offering.

“This is not just a cosmetic separation. It’s a complete physical separation that will see resources shift from one company to another, and will continue to operate independently of one another”, he said.

Synergy Wholesale will inherit the existing VentraIP Wholesale reseller platform, touted by many as one of the best available in the market. It will also continue VentraIP Wholesale’s commitment to operating a fair and open market, by guaranteeing the same prices are paid by all resellers regardless of their buying power.

“Our commitment to our loyal customers is second-to-none, and the level of service they receive from us will only improve with a renewed focus on both our retail and wholesale customers, with dedicated resources to build upon our reputation of delivering outstanding customer service and technical support”, Mr. Giuffrida said.

angelo_2