Yesterday, Internet security researchers announced discovery of the Heartbleed SSL security bug. This bug allows attackers to bypass SSL encryption on servers that use certain versions of software called “OpenSSL”.
Our servers are not, and never have been, vulnerable to this bug, because we’ve never used the affected versions of the OpenSSL software. Our customers are not affected by it in any way.
At approximately 10:00 PM Pacific time Saturday April 5, 2014, the “web07” server will be restarted. This will cause a short interruption of service for Web sites on that server lasting less than 8 minutes.
Other servers will not be affected. Mail for customers on this server will be queued and delivered after a short delay.
Between 10:41 and 10:49 AM Pacific time today (March 25, 2014), some MySQL database queries on the web12 server ran very slowly and caused “timeouts” for scripts. (No other servers were affected.)
The problem is fixed, and we’ve added an automated check to prevent it from recurring.
The PHP developers recently released versions 5.4.26 and 5.5.10 that fix several bugs. We’ve updated PHP 5.4 and 5.5 on our servers as a result.
Update: The maintenance described below was completed with less than 10 minutes downtime per server.
Between 10:00 PM and 11:59 PM Pacific time on Saturday March 1 2014, the “web05“, “web07” and “web08” servers will be restarted. This will cause a short interruption of service on each of these three servers, lasting less than 10 minutes, at some point during this two hour period.
Other servers will not be affected. Incoming mail for customers on these servers will not be lost, but will be queued and delivered after the maintenance.
The PHP developers recently released versions 5.4.25 and 5.5.9 that fix several bugs. We’ve updated PHP 5.4 and 5.5 on our servers as a result.
We’ve updated phpMyAdmin to the latest version, 4.1.8.
Some customers using very old e-mail programs (such as Microsoft Entourage and Netscape Mail) have complained that their programs have started showing a warning that the “Certificate Authority Is Expired” or “Unable to establish a secure connection”. These old e-mail programs have certificates for common “root certificate authorities” built into them, with expiration dates that have now passed. There is no way to update the root certificates which are built into these old programs, unfortunately, so these e-mail programs will always complain that the root certificates are expired and thus no longer valid. This is not a problem with our e-mail servers, but instead is a problem with the old e-mail programs — they were never expected to be used this long.
If this is happening to you, there are three possible actions.
Our business offices will be closed on Monday, February 17 to observe the US legal holiday. As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until the next day, and telephone support (via callbacks) will be available only for urgent problems.
At approximately 2:45 PM Pacific time February 6, 2014, the Apache Web server running on the web13 server hung and needed to be manually restarted. We fixed the problem at 2:56 PM.
Obviously this sort of problem should not happen. We are monitoring it closely, and investigating it in more detail to try to find the root cause, so that we can take corrective action as necessary to prevent it from happening again. We apologize for the inconvenience caused by this problem.
