BREXIT – UK no RIGHT on EU domains

EU domains and Brexit

BREXIT – According to the latest information from the EU Registry (EURid) from 09. September 2019, UK companies and UK private individuals no longer have the right to EU domains and can no longer register new EU domains and for existing ones, the domain resolution (domain – DNS) will be published no later than 1 January. January 2020 and was discontinued on 1 January 2020. November 2020 cancelled / deleted!

If you have registered an EU domain as a citizen/company with a country code GB or GI, you can however contact the 1st November 2019, the BREXIT date without a deal, transfer his domain to another owner who is based in one of the 27 EU countries or is an EU citizen and is allowed to reside anywhere in the world!

It is also possible to: to apply for a trustee with the perception and management of its domains! Cu

stomers from GB/GI are automatically contacted by the registry so that they can take care of the timely adjustments! IMPORTANT: If

you as a GB/GI citizen/company do not take care of the timely conversion /transfer, you have to reckon with the loss of his domain, because he has from the 1st. January 2020 no longer has the right to own an EU domain!

Security for servers and network via anti-attacks

bye bye cpanel

cpanel-login

The new price model of cPanel with price increases of 236% up to 657% and more, with an announcement time of just under 1 month is so arrogant and impudent that our consequence is the result and we said bye bye cPanel

For many years we have offered cPanel webspaces and cPanel licenses as well as pre-built servers with cPanel. We used cPanel as a reliable web interface for controlling virtual hosts and so-called webspaces! However, cPanel has also come of age and unfortunately has not added much new, which other web interfaces like Plesk offer today to a much larger extent!

The web interface of cPanel sleeps on the development of 20 years ago. So the menu guide is bloated and dozens of functions seem to be available several times, as was so common with old monochrome menus, e.g. in WHM:

Create Account
List Accounts
Manage Accouns
Rearange an Accout
List suspended Accouts
Show Accounts over Quota
Show Bandwith Usages

cPanel has few functions, but many menu points. Plesk, on the other hand, has built in a lot of functions that still need to be searched under cPanel or purchased separately, such as the auto-installer!

Our shared hosting server with cPanel ran for many years very stable, but also Plesk servers run super-stable today and so we will move all customers who are still hosted on cPanel to Plesk very quickly. Corresponding mails are sent out to customers at short notice.

Unfortunately, our wholesaler for cPanel licenses did not give us an inconspicuous email until August about the upcoming price increase to 01.09. Informed. This mail has unfortunately gone down as a standard advertisement with us and we were awakened with horror when we received the monthly bill a few days ago, which actually increased in the purchase prices by 236%! We wrote to our distributor, who then replied patty that he had announced the prices in good time.

Well, if he thinks < 1 month would be on time? We have concluded some annual contracts with customers, which we can’t change either, as this is normal and therefore such a short price increase is cheeky and arrogant and as a result we decided to kick cPanel out of our offer with immediate effect! We can switch to Plesk without any problems, without our customers having to suffer a loss, but we get a gain in performance features that cPanel does not offer!

So we said only a little bit sorry “bye bye cPanel”

CAUTION: Kaspersky enables tracking (Super-COOKIE)

Kaspersky - Security may be under threat - WARNING - Tracking across all pages even in secret mode

For many years we have recommended Kaspersky as the best protection of your computer! Unfortunately, we have to withdraw this recommendation completely due to this intentionally or at least grossly negligently built-in safety leak!

UNIDENTIFIED: KASPERSKY modifies the received HTML/JAVASCRIPT code of ALL web pages, also in “secret mode” and adds its own code, but with a UNIQUE ID of your computer! Because this unique ID was assigned only once to identify exactly your computer, ALL website providers who have designed to read this ID could track it completely, so uniquely identify (person-accurate)! This is or was possible on websites where you have specifically prohibited tracking or on websites that you have accessed in the Icognito or secret page area of the browser and this is not only limited to one browser, but to all! Yes, even across VPN! This ID corresponds to a super cookie!

Also the deletion of cookies etc. did nothing at all, because the ID always remained the same! Whether users moved to sites in secret mode or established secret connections to special company computers, all could be tracked via this ID, even when transmitted via VPN!

In principle, KASPERSKY has data protection (GDPR) etc. completely eliminated with this programming and made users trackable across all borders, whether consciously or unconsciously!

Kaspersky has already hit the headlines many times with speculation that they may be able to do so. the Russian secret service. So far, however, all rumours have always been dismissed and espionage towards Russia has not yet been proved! But why Kaspersky has built in a code here, with a unique ID that allows tracking across the board, is either deliberate or extremely grossly negligent and stupid than the police allow! In any case, K
aspersky wanted to recognize for itself who the user of the unique ID is, just as Kaspersky would have wanted to explain itself (statement CT)! And from our point of view, this is already a sufficient violation of the GDPR, as Kaspersky’s callers/users have not been informed!

This data leak was published in the registry for vulnerable software at CVE-2019-8286 and a corresponding warning from the BSI was also issued!

One of the last updates changed the behavior that a code is still being injected into the web pages, but this is now with the same ID (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) that prevents tracking! Nevertheless, the installation of scripts that change the original websites is already in our opinion to be considered very problematic, especially for website developers in trouble

shooting! In principle, Kaspersky is involved in the protected traffic of HTTPS and changed the transmitted data, which often ended a problem with the certificates and ad errors. That’s what you call “Man in the Middle”! This should serve security here! Kaspersky is supposed to monitor traffic and provide protection here, but we have to consider the change of this data to be very dubious and we should not allow this under any circumstances!

We also show all website providers that we use Kaspersky ourselves, which makes us vulnerable, namely to target an attack precisely on Kaspersky’s software and that this is possible, we have already learned in the past, e.g. automatic scripts in Office files for MS Office packages, etc. smuggled in!

There is a workaround, (you will find a link here later – so come back in 2-3 hours) to prevent this change in the code of the received websites. Whether this is the ideal method or it is even better to uninstall Kaspersky completely and to refrain from using it in the future, remains to be seen! Many specialists claim that the security software (Windows Defender) built into By Microsoft from Windows 10 is already so secure that the use of installed software solutions can no longer provide additional security and the operation of the computer is more likely to be makes you more insecure!

But we are also aware that Microsoft has installed so many backdoors for many years and the NSA etc. also tricked so much about it, which could also be attacked and where customers who had used Kaspersky were better protected! It has not yet been proven that Kaspersky products have seriously stolen data! But allowing tracking in this way was a violation of the privacy policy and should be condemned as such. From our side, Kaspersky has lost a lot of trust and therefore we can no longer recommend the use! Whether you want to uninstall it or still use it as additional protection, you really should consider! But at least you should use the described workaround and prevent the change of the website code!

New Debian version 10.0 on servers

Debian 10
Debian 10

You can now order your new servers with Debian 10.0 code name Buster. The virtual servers (vServers) are usually deployed within a few minutes and are ready for you immediately! The maintenance period for new Debian versions is 5 years, so customers can plan and develop their new projects for long time!

Debian is the oldest, most influential and most widely used Linux distribution in the world! Debian is considered very stable and secure and is therefore often used as a basis for various subsystems and virtualization platforms!

Debian Buster (Debian 10) provides the following desktop environments for graphical desktop applications:

Cinnamon
GNOME
KDE Plasma
LXDE
LXQt
MATE
Xfce

Joomla poor hedging-open doors

For years, the developers have been tormenting themselves to finally get the software they have so poorly programmed to get you to the safe one and again and again the customers are promised that the new version would be safe! Unfortunately, each new version finds new open doors and vulnerability that allow hackers to break into the software and then misuse it for illegal activities!

Now dangerous bugs have already been found in it, where the hacker can even “adjust” the source for future updates! The result: Either no more updates can be loaded or from the source of the hacker with even worse malware! All th

e como la versions are affected up to 3.9.7. So if you haven’t updated to version 3.9.8, you should do so immediately now. If you claim that there are no updates, even though the latest version is not installed, then your one may already be hacked! We can o

nly recommend either a) to carry out regular updates or b) to enter into a maintenance contract (we offer our Joomla customers via the website https://webhosting.1awww.com/de/andere-produkte/joomla-wartungsvertraege.html) or c) Basically no longer a yoomla to use!

Millions of mail servers with EXIM await burglary

A vulnerability in exim, especially in the version 4.8.7-4.9.1 included! The update to 4.9.2 is designed to close the vulnerability!

Servers with exim in the dangerous versions that have not been updated in time can be compromised by attackers and evil hackers get full root control of these servers through this vulnerability! The bug is listed under CVE-2019-10149!

Mail servers, unlike normal servers, are much sensitive to look at! Often emails are used to, for example, To have passwords restored! Also in the e-mails often recipients leave the passwords! Stud only if they have not been changed and the hacker immediately gets access to the bank or Bitcoin wallet with the access mail! But also the hacker can use the hacked mail server to have the passwords sent to the mail address via password recovery function! Anyone who gets access to an important mail account as a hacker may be able to withdraw all assets from the user in question!

So those who run mail servers must be aware that such sensitive systems are to be maintained and maintained quite regularly!

All server operators should generally update their servers regularly! It may also be a good idea to install auto update! We have described how to do this on the following pages! https://serverhosting.1awww.com/de/virtuelle-server/dokumentation.html

Another Plesk Bug Lock Manager

It is gray when Plesk always changes anything, which then leads to the absolute gau, for example after a reboot! Tily thousands of bugs have already been found by administrators and new ones are constantly popping up, as they are now, when various administrators are despairing because they no longer get the plesk server running, after a reboot and the word round is also the case, the Plesk is also installed in the same way. Could, as simple as

that: The server stands and refuses to work with the following error messages:

Lock Manager error: '[LockManagerException] Can't open or create shared memory by shm.name: '/run/lock/lmlib/SharedLockManagerStorage0.2.4 '; Shm.start _ size: "8388608"; error ' Permission denied '.

Type PleskLockException
Message Lock Manager error: ' Ca[LockManagerException]n't open or create shared memory by shm.name: "/run/lock/lmlib/SharedLockManagerStorage0.2.4"; Shm.start _ size: "8388608"; error ' Permission denied '.
File Hierarchical.ê
Line 126


Here's how the Workarround works:


Cd/run/lock
chown root: Lock-manager lmli

b After that, just update the PHP with F5 function button!

Obvious Plesk Bug in DNSSec

When changing a signed DNS zone, obviously for some reason the zone is not re-signed, although this is necessary, because otherwise the inherent name servers will basically receive the outdated information! When setting up DNSSe

c, on the other hand, the signed DNS zone files are created, but unfortunately not if updates, for example, are created. More entries of the DNS zone can be added, Plesk writes only the original unencrypted DNS zone files, but does not sign them and you can try whatever you want, also a Bind/Named Restart does nothing at all and the name servers are always outdated Information supplied!

The workarround found after hours goes as follows:

a) cd/var/named/run-root/va
r b) ls
* c) rm .sign
ed * d) Reboot the complete
server e) Check again the files/var/named/run-r

oot/var If you then check the files in the directory, You will find that the signed-files have been regenerated and then, if the Affected name servers retrieve the zones, they will also be transferred with current and new values!


Joomla 3.9.3 closes security gaps

It 3.9.3 security flaws

Customers who have not signed a maintenance contract urgently need to provide regular updates so that vulnerabilities that have become known cannot be misused by hackers for burglaries!

The latest update from the one of the most recent versions 3.9.3 closes various security vulnerabilities of the CMS software!

If you don't want to do any more updates, you'd better develop your websites with the Prima website builder! Once developed websites never need to be updated again and you can also import existing websites with the PWB!

Just look at the demo or just try out how easy it is to develop secure websites with the Prima website builder without having to mess around with unsafe stuff like it!

Vulnerabilities = security vulnerabilities can be found in many software products. Some of these are not discovered by the affected programmers later, but may be So dangerous that you allow break-ins into the software! Therefore, security vulnerabilities must be eliminated in good time, which is usually done by the updates issued by the manufacturers!

Joomla urgently update on 3.8.13

Joomla 3.8.12 Vulnerabilities security vulnerabilities security vulnerabilitiesThe security team of Joomla has issued a new update that will close 5 Vulnerabilities!

Until the version of the Joomla 3.8.12, for example, hackers can Run damage code through the internal update area! Hackers can also register easily until you register with the 3.8.12 and obtain unlocking! What madness that Joomla remains one of the most unsafe CMS systems! The following CVEs were then classified as low, but only a few hours after publication, we were able to detect quite massive attacks on a customer web space with Joomla 3.8.12 that even led to a CPU-Durer load!

If you don't have a maintenance contract, you should urgently update you to date! Please also remember plugins and themes etc. With data!

If you want to separate from Joomla, we recommend that you
Prima-website builder

We are already converting various projects to the PWB, as it creates flawless pages that can no longer be hacked and where we don't have to carry out constant updates! Even large database projects, such as Europaladies.com, can be changed! If you have any questions, please get in touch with us!

Here are the CVE numbers and a short info on the Vulnerabilities:

CVE-2018-17859 Inadequate checks in com _ contact could allowed mail submission in disabled forms

CVE-2018-17856 Joomla's com _ joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com _ joomlaupdate and trigger a code execution.

CVE-2018-17857 Inadequate checks on the tags search fields can lead to an access level violation.

CVE-2018-17855 In case that an an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

CVE-2018-17858 Added additional CSRF hardening in com _ installer actions in the backend.

Informations-Blog von 1awww.com

%d Bloggern gefällt das: