Category Archives: Announcements

Steps we’ve taken to mitigate against Openssl “Heartbleed” bug

It’s quite likely you will have heard by now about the Openssl “Heartbleed” bug, which was made public two days ago, and caught the worlds attention yesterday. If you haven’t heard yet, just type Openssl Heartbleed into your favourite search engine. It is probably the vulnerability that is inflicting the worst damage we’ve ever seen across the world right now. If you haven’t checked if your VPS is vulnerable yet, you really must treat this with urgency if you want to minimise any damage. The vulnerability allows anyone to easily retrieve random portions of memory from services running on your VPS that rely on Openssl to encrypt sensitive data. That memory may contain sensitive data such as session cookies, usernames, passwords, or possibly even private keys.

The purpose of this post is to let you know what action we took yesterday, Tuesday 9th April, to secure our own infrastructure. That is, our own servers and web services. This information does NOT apply to customers’ VPS’. We only offer unmanaged services at the moment, so it is customers’ responsibility to ensure their systems are patched regularly and promptly. If you need assistance with dealing with this, or any other serious security issue, please do not hesitate to raise a support ticket and we will be glad to help.

Early in the morning yesterday (BST) we made sure all affected servers on our infrastructure had the released Openssl update applied, and any affected services were restarted to ensure the update had taken effect. This means it was no longer possible for anyone to directly exploit the vulnerability on our servers, as of mid morning Tuesday 9th April. Judging by the media reports we are seeing today of companies’ web sites being actively exploited, we have acted very swiftly on that front.

However, as you will be hearing again and again from many companies over the coming days and weeks, it is impossible for anyone to know whether this vulnerability has been actively exploited prior to the fix being applied. Therefore, we took to precautionary measure of generating a new private key, contacting our SSL certificate vendor, and having them re-issue a new certificate for all our https protected services.  We also took the opportunity to upgrade from a SHA1 SSL certificate to a stronger SHA256 certificate. By yesterday evening, the new cert was deployed to all our web services, including the Client Billing/Account area, and VPS control panel. What this all means is, if by any chance someone was able to steal our private key via this vulnerability prior to us updating, they would not be able to use it to compromise us.

Despite our swift action, we’d like to ask our customers to reset both their billing account password and VPS Control Panel password at the earliest opportunity. Although we have no evidence of any malicious activity having taken place, it would be very wise for customers to do this purely as a precautionary measure.

We now accept Bitcoin

We’re delighted to announce that we now accept Bitcoin payments! 

We accept bitcoin

Yes, both new and existing customers can now pay for their VPS with Bitcoin, via BIPS, as well as our existing payment methods of PayPal and bank transfer.

In fact, we might as well go ahead and say it …. 

We love bitcoin !!

That’s right, this is not just an additional method of payment we’re adding, we strongly believe in the ideals that Bitcoin represents. We want to live in a world where everyone has the freedom to be able to pay another individual or organisation without having banks or governments ruling over the transaction, and helping themselves to a cut via hidden fees that are far in excess of what is fair or reasonable.

In the same spirit, we’d also like to announce good news for European customers, which is that they now have the option to pay us via bank transfer from their local bank in EUR, PLN, CHF, NOK, SEK, DKK, HUF, GEL, RON, TRY, CZK or BGN, for a flat fee of only £0.50, with no extra charges from their bank or ours. This has been made possible because of Transferwise, a brilliant company who are also liberating ordinary people everywhere from the stranglehold that big banks have over international money transfers.

Of course, customers in the UK can pay us already via bank transfer without charge, and all customers regardless of where they live in the world can pay us via credit or debit card using PayPal if they prefer, whether they have a PayPal account or not. But we are always looking to increase the number of options available to our customers.