News
Jan
19
Upcoming Billing System Migration
Posted by Brent S. on 19 January 2015 06:01 PM

Last year, we successfully implemented an updated account portal (https://billing.touchsupport.com/) that offers additional benefits and features compared to our current system (https://legacy-billing.touchsupport.com/).

Over the next month, we will be hard at work migrating all accounts to the updated portal so that you can experience the most recent enhancements! The new account portal provides secure access to pay invoices, review service details, open support requests and manage devices.

Once your account is migrated, you will notice immediate improvements:

  • Enhanced communications and support
  • Improved user experience

Additionally, customers with hosted data center solutions in one of our data centers will be able to take advantage of:

  • Bandwidth monitoring
  • Detailed metrics reporting
  • IP address tracking
  • Remote reboot control
  • Sophisticated monitoring

The security and accuracy of your account data is paramount and we understand the potential pitfalls of any type of migration. To ensure a smooth transition, we will be manually migrating accounts, one at a time, using the following process:

Pre-Migration
We will utilize a detailed checklist to prep your account for a successful migration. After the pre-migration checks are complete, we'll notify you that your account is ready and scheduled for migration.

Migration
We will complete a zero-downtime migration of your account data to https://billing.touchsupport.com/

Post-Migration
The accuracy of your account data will be verified by the migration team. We'll notify you that the migration process is completed so that you can login to review your account and update your billing and contact information, if necessary.

Answers to commonly asked questions regarding the migration are listed below:

Q: When will I be able to access the updated account portal?
A: During the migration you will receive new login credentials for https://billing.touchsupport.com/ and you can login at that time.

Q: How will I receive my new login credentials?
A: Your new login credentials will be sent via e-mail to the primary e-mail address listed on your current account.

Q: Is there anything I need to do?
A: Due to security guidelines from our credit card processing vendor, credit card data cannot be migrated with your account data. Once you receive your new login credentials, please log into the new portal and re-enter your credit card information if you wish you continue automated billing each month. We apologize in advance for the inconvenience this causes.

Q: What if I have an active PayPal subscription that automatically sends payment each month?
A: Due to security guidelines from PayPal, your subscription cannot be modified to work with our updated account portal. Please cancel any active PayPal subscriptions by following the instructions listed at https://www.paypal.com/us/webapps/helpcenter/helphub/article/?articleID=FAQ2327

Once you receive your first invoice from our updated portal, you will have the ability to create a new PayPal subscription. We apologize in advance for the inconvenience this causes.

Q: I have an account credit balance. What will happen to it?
A: Any account credit(s) will be transferred during the migration and will be applied to future invoices.

Q: Is there any downtime associated with the migration?
A: No, not at all. You will have full access to your new account portal and legacy account information during and after the migration.

If you have any questions, please let us know by opening a new request at https://support.touchsupport.com/index.php?/Tickets/Submit


Read more »



Dec
24
Touch Support Maintenance | Sunday Dec 28, 2014 at 8:00pm EST
Posted by Brent S. on 24 December 2014 05:38 PM

Upcoming Maintenance Notification

Touch Support staff will be conducting software upgrades on our Load Balancing and Traffic Management appliances.

The following services will be affected and will be unavailable during the outage:

Project Management Tracking System (https://project.generalsupport.net/)
Enterprise Billing, Device Tracking and Support System (https://ubersmith.generalsupport.net/)
Outsourced Support Billing System (https://billing.touchsupport.com/)
Knowledge Base and Support System (https://support.touchsupport.com/)

Purpose: Upgrade firmware on F5 BIG-IP Firewall and Traffic Management Hardware
Duration: Up to 240 minutes
Start of maintenance window: December 28th, 2014 at 8:00pm EST
End of maintenance window: December 29th, 2014 at 12:00am EST

​During the scheduled maintenance window all systems that are currently configured to route connections through the F5 hardware appliances will be offline for the duration of the upgrade. Touch Support engineers will work diligently to assure that data integrity is maintained and downtime is kept to a minimum.

Our website (http://www.touchsupport.com/), will be online and reachable throughout the maintenance window.

Immediate Assistance: For immediate assistance during the outage please contact us via live chat.  Alternatively, you can reach us at (888) 45-TOUCH.
Outage Updates: For updates during the outage please visit our out-of-band information center.

This information has been posted here for your convenience.  Additionally, if you have any comments, questions, or concerns regarding this outage please simply reply to this e-mail.  Thank you!

Regards,
Jason Hamilton
CTO
Touch Support, Inc.


Read more »



Sep
25
CVE-2014-6271: Severe Bash Vulnerability Disclosed
Posted by Brent S. on 25 September 2014 12:40 PM

A major vulnerability in the Bash shell has been disclosed yesterday.

This vulnerability may impact many websites, content management systems, web applications and web server platforms. Any shell execution or shell function that is performed by a web application, including the storage of request data in environment variables, may present an attack vector that allows the execution of arbitrary code.

What this means:

Systems that have not updated their version of ‘bash’ and who provide web hosting in any form may allow remote attackers to upload files, execute arbitrary commands, capture sensitive data, generate SPAM and more.

This vulnerability was announced yesterday and the community has not had time to research the impact this has on individual products, but this may turn out to be one of the most significant vulnerabilities reported this year. You will likely start hearing about it in mainstream press as the week progresses.

What to do:

If you're currently subscribed to one of our server administration plans, our staff is already hard at work updating the version of 'bash' to keep your server up-to-date.  These should be no interruption to service for any customer while this upgrade is happening.

Otherwise, if you are the administrator of a Linux server, update your version of ‘bash’ to a patched version immediately.

For example, an update for Ubuntu has already been released. If you are running Ubuntu, executing ‘apt-get update’ and then ‘apt-get upgrade’ without quotes should fix the issue for you.

The Touch Support difference:

We install a unique set of tools onto your server(s) when you sign-up for one of our server administration plans.

When these types of vulnerabilities arise, our team quickly identifies them and develops a plan to keep your data safe, which typically include software updates that are rolled out to all affected servers. Then, we check to make sure they are no longer vulnerable. But, we don't stop there.

Our proprietary system administration tools are then updated to include a check for the specific vulnerability so that our administrators are instantly notified in the future if there is an issue.

For more information:

Please reference the following sites for additional details:

https://access.redhat.com/articles/1200223

https://access.redhat.com/security/cve/CVE-2014-6271


Read more »



Sep
5
cPanel releases EasyApache 3.26.7
Posted by Brent S. on 05 September 2014 11:55 AM

SUMMARY
cPanel, Inc. has released EasyApache 3.26.7 with Apache version 2.2.29. This release addresses vulnerabilities CVE-2014-0118, CVE-2014-0231, CVE-2014-0226 and CVE-2013-5704. We encourage all Apache 2.2 users to upgrade to Apache version 2.2.29.

AFFECTED VERSIONS
All versions of Apache 2.2 before version 2.2.29.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.7 with an updated version of Apache 2.2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5704
http://apache.cs.utah.edu//httpd/CHANGES_2.2.29


Read more »



Jul
29
cPanel releases EasyApache 3.26.3
Posted by Brent S. on 29 July 2014 03:16 PM

cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, CVE-2013-0338, CVE-2013-0339, CVE-2013-1969, and CVE-2013-2877. We encourage all PHP 5.5 users to upgrade to PHP version 5.5.15, and all users to upgrade to Libxslt version 1.1.28 and Libxml2 version 2.9.1.

AFFECTED VERSIONS
All versions of PHP 5.5 before 5.5.15.
All versions of Libxslt before 1.1.28.
All versions of Libxml2 before 2.9.1.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-4670 - MEDIUM

PHP 5.5.15
Fixed a bug in the SPL component related to CVE-2014-4670.

CVE-2012-6139 - MEDIUM

Libxslt 1.1.28
Fixed a bug in the Libxslt library related to CVE-2012-6139.

CVE-2012-5134 - MEDIUM

Libxml2 2.9.1
Fixed an out of bound access bug in the Libxml2 library related to CVE-2012-5134.

CVE-2013-0338 - MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-0338.

CVE-2013-0339 - MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-0339.

CVE-2013-1969 - HIGH

Libxml2 2.9.1
Fixed buffer conversion bugs related to CVE-2013-1969.

CVE-2013-2877 - MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-2877.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.3 with updated versions of PHP 5.5, Libxslt and Libxml2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest versions of PHP, Libxslt and Libxml2.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6139
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0338
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877
http://php.net/ChangeLog-5.php#5.5.15
http://xmlsoft.org/ChangeLog.html
http://xmlsoft.org/Libxslt/ChangeLog.html


Read more »



Jun
27
SuperMicro IPMI Vulnerability Notification
Posted by Eric M. on 27 June 2014 11:57 AM

Hello,

Many of you have likely heard of a vulnerability which affects the SuperMicro manufacturer's out of band management controller: IPMI. Details on this vulnerability can be found at http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/ .

This vulnerability allows attackers to quickly determine the password used to access the component by accessing port 49152 over public networks. They can then use it to format your machine, gain root or administrator level access, or use it to engineer other attack vectors.

To test if you are vulnerable you can attempt to connect via port 49152 and review the response to “GET /PSBlock”.

If you are or think you are on a vulnerable SuperMicro publicly accessible IPMI, it is strongly recommended to complete the following.

FIRST
Secure your IPMI network by blocking access to port 49152 or swapping off public to a private network.

SECOND
Change your password for IPMI device.

Note Completing these steps out of order will leave your newly changed password vulnerable.

If you are a colocation client currently running SuperMicro machines with publicly accessible IPMI, we strongly urge you to take efforts to secure your machine's IPMI immediately. If you need time to secure these IPMI devices, please open up a ticket with us now and list the IPMI IPs you would like null-routed.

If you are a server administration client currently running SuperMicro machines with publicly accessible IPMIs we strongly recommend contacting your data center to to secure these IPMI devices. The immediate recommendation is to ask your datacenter to block port 49152 to prevent access while you secure any publicly accessible IPMIs.

If you have questions or comments, please open a ticket so that we can address them.

Thank you,
Touch Support, Inc.


Read more »