Change to SSH “RSA key fingerprint”

We’ve made a change to one of the SSH keys our servers use, and this post explains why a small number of customers may see a warning message as a result. If you don’t use SSH to connect to the command-line shell (most people don’t), you can ignore this post completely.

The change is that the RSA key has been increased in size (to 2,048 bits) to ensure that sites we host pass PCI compliance scans. Most modern SSH software now uses ECDSA keys instead of RSA keys, so this won’t affect most people. But if your SSH software still uses RSA keys, you may see a message like this:

Warning: the RSA host key for 'example.com' differs from the
key for the IP address '192.0.2.3'
Are you sure you want to continue connecting (yes/no)?

Or even more alarmingly, like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
21:24:65:80:55:5e:8c:e2:d9:6d:21:43:ef:07:3f:21.

If you see either of these, it’s expected and okay. It’s telling you that it thinks the RSA host key has changed since the last time you connected — which it has.

If your SSH client software completely prevents you from connecting because of an existing entry in your computer’s “known_hosts” file, removing the line it mentions from that file will fix it.

The next time you connect after doing that, you’ll be prompted to add the new key. You can verify the key fingerprint it shows you on our SSH page.

Sites hosted with us aren’t affected by today’s “Let’s Encrypt” SSL security bug

We provide free Let’s Encrypt SSL certificates for all sites hosted with our company.

Recently, Let’s Encrypt found a problem with some certificates that could cause site visitors to see security warnings if the certificate wasn’t renewed before noon Pacific time today (March 4, 2020).

Our customers don’t need to worry, though. We’ve already renewed any affected certificates, so the problem will not affect any sites we host.

There’s a website at checkhost.unboundtest.com you can use to test your certificate if you want to be sure. As always, don’t hesitate to contact us if you have any questions.

Brief MySQL scheduled maintenance February 15, 2020

Update 10:58 PM Pacific time: the maintenance described below has been completed, and all services are running normally.

Between 9:00 PM and 11:59 PM Pacific time on Saturday, February 15, 2020, the MySQL database software on each of our servers will be upgraded from MariaDB version 10.0.41 to 10.0.44 (roughly equivalent to MySQL 5.6.47). This will cause an approximately 60 second interruption of service on each MySQL-using customer website at some point during this period.

This upgrade is necessary for security reasons and to fix bugs in MySQL.

In addition, the web14 server will be restarted during this period for a hardware upgrade, causing an approximately 3-minute additional outage for sites and email on that server only.

We apologize for the inconvenience this causes.

MariaDB / MySQL updated to version 10.1.41; Debian updated to 9.11

We’ve updated the MariaDB / MySQL database software on all our servers to version 10.1.41. This was part of a general update of Debian Linux to version 9.10 and then 9.11.

This upgrade should not be noticeable to our customers in any way, but of course, don’t hesitate to contact us if you have any questions or difficulties.

Problem with web08 server Aug 22, 2019 (resolved)

Between 4:06 PM and 5:03 PM Pacific time today (Aug 22, 2019), sites hosted on the “web08” server were intermittently unavailable due to a technical problem.

The problem was caused by a flood of connections that our systems failed to automatically block as they should. We’ve modified the software that handles this, and we do not expect the problem to recur.

We sincerely apologize to customers affected by this problem; we don’t consider it normal or acceptable, and strive to avoid incidents like this.

Brief server upgrades August 2019 (completed)

Update August 21, 2019: The maintenance described below has been completed for all sites.

Over the next few weeks, we’ll be retiring some old servers and moving sites on those servers to new (often faster) ones. Migrating a site takes just a few seconds in most cases, so it’s likely that neither you nor your visitors will notice this happening.

If someone does view your site while it’s being migrated, they’ll see a maintenance screen with a link to this blog post, like this:

If your site is in the small minority that has a large database (more than a few hundred MB), the migration could take a little longer — perhaps a few minutes. We try to do migrations during slow periods for each site, minimizing the impact on visitors.

Read the rest of this entry »

Network Outage for Subset of Customers July 23, 2019 (resolved)

There was an intermittent interruption of service for certain customers this morning (July 23rd, 2019) from about 9:15 AM – 10:00 AM Pacific Time.

During this time, a hardware failure in a router at one of our upstream data providers would have dropped incoming traffic for sites hosted in the 74.114.88.0/22 IP address range.

Once aware of the issue, we were able to reroute all traffic for that range through our own routers directly and avoid the issue. We’ve confirmed with the upstream provider that the faulty hardware has been identified and replaced.

We apologize for the trouble this caused customers who were affected.

Scheduled maintenance May 24, 2019 for some servers (complete)

Update May 24 11:00 PM Pacific time: The maintenance described below has been completed and all services are running normally.

Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 8 (codename “jessie”) to version 9 (codename “stretch”). We’ll be finishing that process soon, with brief scheduled maintenance on each server.

The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any site should not exceed ten minutes during this three hour period.

Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.

This coming weekend, we’ll be updating some (not all) web servers:

  • Friday, May 24, 9:00-11:59 PM Pacific: servers ending in digits “4”, “5” and “6”

So, for example, the “web05” and “web14” servers will be updated. This page explains how to find which server a site is on. (Servers ending in digits “0” – “3” and “7” – “9” have already been updated.)

Read the rest of this entry »

Scheduled maintenance May 17 & 18, 2019 for some servers (completed)

Update May 18 10:46 PM Pacific time: The maintenance described below has been completed and all services are running normally.

Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 8 (codename “jessie”) to version 9 (codename “stretch”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.

The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any site should not exceed ten minutes during this three hour period.

Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.

This coming weekend, we’ll be updating some (not all) web servers:

  • Friday, May 17, 9:00-11:59 PM Pacific: servers ending in digits “2” and “3” (completed)
  • Saturday, May 18, 9:00-11:59 PM Pacific: servers ending in digit “1” (completed)

So, for example, the “web03” server will be updated on May 17, and the “web11” server will be updated on May 18. This page explains how to find which server a site is on.

(Servers ending in digits “0”, “9”, “8” and “7” were updated last weekend, and servers ending in digits “4”, “5” and “6” will be updated the following weekend; we’ll post a separate announcement about that.)

Read the rest of this entry »

Scheduled maintenance May 10 & 11, 2019 for some servers (completed)

Update May 11 10:20 PM Pacific time: The maintenance described below has been completed and all services are running normally.

Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 8 (codename “jessie”) to version 9 (codename “stretch”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.

The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any site should not exceed ten minutes during this three hour period.

Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.

This coming weekend, we’ll be updating some (not all) web servers:

  • Friday, May 10, 9:00-11:59 PM Pacific: servers ending in digits “0” and “9” (completed)
  • Saturday, May 11, 9:00-11:59 PM Pacific: servers ending in digits “8” and “7” (completed)

So, for example, the “web10” server will be updated on May 10, and the “web07” server will be updated on May 11. This page explains how to find which server a site is on.

(Additional servers will be updated the following weekends; we’ll post separate announcements about that.)

Read the rest of this entry »