We've just started work on a complete revamp of the AKIS website and will working on this over the next couple of months to hopefully lauch it in November.  We'll also be launching our new CMS based fully "self-update" websites and will be offering some introductory discounts on them.  Added to that we might soon run another "Winter Sale" on selected website packages... stay tuned!

CRITICAL ANNOUNCEMENT
If you are using Wordpress you must make sure you upgrade it to 2.8.4 IMMEDIATELY or remove it from your site entirely.    Details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress

Last night a number of people on Twitter and blogs mentioned that their Wordpress sites were acting up. Specifically that permalinks were broken and showing up with weird code.

There are two clues that your WordPress site has been attacked:

1)  There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.” (Check your permalinks in Admin > Settings > Permalinks).There are strange additions to the pretty permalinks

2)  A back door was created by a hidden Administrator. Check your site users for an Administrator or a name you do not recognize. You will probably be unable to access that account.

Wordpress has identified that there are hackers out there, hacking sites that aren't using the most-current version of Wordpress (versions below 2.8.4 as of 05/09/2009 -- there are rumours that 2.8.5 is due to be released imminently so keep an eye out for that too).

If you have not yet been hacked, UPGRADE NOW! Immediately. Stop reading this, really, and go upgrade. If you don't know open a support ticket and we can point you in the right direction. Again, details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress

If you have been hacked, sorry, you're going to be busy! Upgrading alone will not fix a hacked site. Mashable.com's alert said: "You'll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It's a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too."

Not sure how to do that? It's not that difficult, but it is very time-consuming.

We cannot stress how important it is to get your Wordpress installation up-to-date, a number of our client have reported problems in the last 48 hours, the source of these problems have been to do with out of date Wordpress installs (nothing to do with us at AKIS).  Remember: If your scripts are out-of-date then your site is insecure and could be hacked at any moment.

This announcement is to remind all clients of the security requirements when setting passwords on accounts.

THE PROBLEM
When creating accounts in cPanel - choosing the cPanel password, email account passwords and other things that require passwords, it is essential that a secure password is used. This will decrease the risk of third parties guessing the password or 'cracking' it using an automated program to try different combinations. We put a lot of time into keeping our servers secure for the benefit of everyone but something like this is in the direct control of clients and we ask for everyone's help in making sure this aspect of security is given attention.

The reason that it is important for passwords to be secure is the same reason for making sure your house front door is shut and locked before leaving for work in the morning: a direct login to a cPanel or email account can be dangerous in the wrong hands, especially when those hands are intent on causing harm. During the past few months we have dealt with several cases of guessed/cracked passwords resulting in mass spam, warez dumps, hacking attempts, etc which reflects very badly on the account owner as it often results in account suspension while we check through everything. Due to the increased number of these we are seeing (and therefore having to clean up) we'll be taking some action to prevent it from happening as detailed below.

THE SOLUTION
When creating passwords, please take the following into consideration:

* DO NOT use a dictionary word
* DO NOT use family, friend or common names
* DO NOT use sequential letters or numbers (eg abc, 123)
* DO NOT use the same password for multiple logins
* DO use random strings of letters and numbers
* DO use different passwords for different logins
* DO include upper and lower case letters at random

Need help creating a random password?  See: http://www.pctools.com/guides/password/

PREVENTATIVE MEASURES
In order to try and prevent further problems with spam and other nasty stuff as a direct result of the account password being extremely weak, we will be putting to work some scripts to notify us of high risk accounts.

All servers will be installed with password 'cracking' software which will be used to run a very low level (ie weak) check on all user passwords. If this software is able to guess/match any passwords we will contact the user to request that the account password is changed.

It should be noted that our checking procedure will be very low level and only match user passwords that are extremely insecure and therefore easy to crack. The wordlist we'll be using is not large by any means and contains common words, people and place names along with very common passwords - if someone was going to try and crack a password all these would be included.

Us making sure that all passwords are set beyond the most basic possible security should benefit all users and make our servers more secure (along with individual accounts being more secure). No-one enjoys having their account files wiped, spam sent from their account without their knowledge, servers being blacklisted, etc and this is what we are aiming to reduce.

If you have any questions regarding this announcment then please open a helpdesk support ticket as usual at: http://www.anthonykeenan.com/helpdesk

Thank You.

With Immediate effect, all AKIS web hosting clients (old and new) with a PREMIUM package have had their Data Transfer allowance permanently increased from 20Gb to 25 Gb per month. at no extra cost.

Happy New Year!

UPDATE: THIS WORK HAS BEEN CARRIED OUT ON "RICHARDS" BUT HAS BEEN RESCHEDULED ON "BELLAMY" FOR THE 18th JANUARY AT 10PM GMT.

This is announcement contains information that is critical to all clients using any MySQL databases. On January 4, 2009 we will be upgrading MySQL to the latest stable version which is currently at stable version 5.0.X. The maintenance will begin at 10:00 PM (GMT) and downtime will be approximately one hour per server as Apache needs recompiled.

MySQL v5.0 (BETA) was released in March of 2005 and the production version was released in October of 2005. Up until now we have put off the upgrade (for what will be nearly 3 years) as a courtesy to our existing clients running older scripts. When MySQL v5 was originally released, many popular scripts/applications were not compatible with the new version of the software. That being said, it is now time to push the upgrade so that all our clients may enjoy the many benefits that MySQL v5 brings to the table.

Clients that have 3rd party or custom programmed scripts in use now should either contact the developer to ensure compatibility and/or reference the following website page which contains important information in regards to compatibility issues. Please ensure that any scripts installed via Fantastico have been upgraded to the appropriate version to support MySQL v5, otherwise these scripts will fail to work after the update - it is your responsibility to check/upgrate your scripts/applications as necessary prior to the upgrade date.

http://dev.mysql.com/doc/refman/5.0/en/upgrading-from-4-1.html

We apologise for any inconvenience that may be caused by this maintenance, however this upgrade is long overdue and needed to maintain an up to date hosting service.

13 DEC UPDATE FOR AKIS "ECOMMERCE PACKAGE" CLIENTS
We have enquired with the CubeCart developers support team whether or not this update will "break" or otherwise cause problems for existing CubeCart stores - they have responsed with a definitive answer and that answer confirmed that the way in which AKIS will have mySQL v5 running (with "strict mode" disabled) will allow older/existing CubeCart stores from 3.0.10 onwards to keep on working with no issues.

We will of course be checking all "AKIS ecommerce package stores" on the date of the mySQL upgrade in January to make sure no problems arise.  There does however remain a small chance of problems despite what CubeCart have reported to us, but if any problems do arise they will be worked on as a high priority.

---