A critical security issue in the Xen virtualization software will become public on Tuesday, November 22nd 2016. The Xen team has already informed Gandi of the necessary patches.

Following this announcement, we have pre-emptively deployed the patches required to correct the issue. We have been monitoring the particular security flaw, and have determined that we will need to stop/start certain Xen VMs in order to assure that no further attack vector remains.

We will be contacting the affected customers by email in order to allow them to sufficiently prepare for this stop/start. Those of you who do not receive any message from us about needing to stop and start your VM are therefore unaffected.

 

 In order to minimize downtime and the impact in general, we advise all affected customers to perform a stop/start of their platforms sometime between now and November 22, 2016.

Warning: a simple "reboot" of the concerned servers is not enough. They must be stopped and started in order to apply the security measures.

Any affected VMs that you have not yet been stopped and started prior to the maintenance will be automatically stopped and started by us on November 22 at 3:00 AM PST (11:00 UTC). Please expect around 30 minutes of downtime per stop/start.

As always, if you have any questions or need of assistance, please do not hesitate to contact our Customer care team.


A critical security issue in the virtualization software Xen will become public July 26 and the Xen team has already informed Gandi of the necessary patches. 

Since this announcement, we have already preemptively deployed the patches required to correct the issue. We have been monitoring the particular security flaw and have determined we will need to stop/start certain Xen VMs in order to assure that no further possible attack vector will remain.

We will be contacting the affected customers directly in order to allow them to sufficiently prepare for this stop/start and those of you who have not received any message from us are therefore not affected.

In order to minimize downtime and also to help minimize the impact in general, we would advise all affected to schedule a stop/start of their platforms yourselves sometime between now and the cutoff date of July 26, 2016.

Any affected VMs that you have not yet stopped and started again by 12:00 AM PDT July 26, 2016 (07:00 UTC), we will stop/start at some point between then and July 28 at 9:00 AM PDT (16:00 UTC). Please expect around 30 minutes of downtime per stop/start.

As always, if you have any questions or have any difficulties, please do not hesitate to contact our Customer care team.

Edit 7/21/16: Previously we used the term "reboot" instead of "stop/start." Rebooting isn't sufficient to apply the security patch. Your VM(s) need to be stopped and then started again in order for the patch to take effect.


If you are the happy holder of a domain name or of a trademark, you might have received messages which look suspicious or seem to originate from dubious senders. One will, for instance, pretend your domain name is about to expire, but is not sent by the sponsoring Registrar. The other contacts you in your capacity as CEO and kindly informs you someone is trying to register domain names with Chinese top level tlds using your trademark and/or your company name.

After reading this message, you are left on your own, with many options ranging from ignoring the mail to forwarding the message to your attorney. You may be facing a slamming attempt, a common type of fraud which is perpetrated in various ways.

Last month, we warned our customers about a wave of slamming attempts and this article's goal is to provide an overview of the different frauds that go by the illustrious name  "slamming" and to provide you with advice as to what to do when you receive such messages.

 

1. The "Protect your trademarks" (for a high price) scam

While pretending to offer help protecting your trademarks, a "Registrar" contacts you telling you someone is trying to register these trademarks in Chinese and Asian top-level domains such as .cn, .asia or .tw. This generous sender is simply willing to allow you to oppose these registrations! If you are still interested in protecting your trademarks, of course.

Usually, trademark holders reply instantly: yes please! Block these people trying to steal my business!

The trademark holder just confirmed his order for a domain name registration he did not need in the first place. And it is usually really expensive.

We advise you to: not (ever) reply to these alleged warnings. Replying will confirm you are reading the message and that you're worried about your tradermarks and will be considered by the scammer as a sign of weakness and vulnerablability.

 

2. The "Someone registered your domain name as a keyword" scam

These messages are usually written in an urgent tone. They are very similar to those above, even if they indicate someone registered your trademarks or domain names as keywords instead of domain names.

Again, please disregard these offers: replying will only lead the scammer to put pressure on you and offer overpriced (compared to average) services that you do not even need.


3. The "Your domain name will expire soon" scam

You might have received emails in the past indicating your domain name would expire soon while, to your knowledge, it was due to expire much later.

This type of scam works the same way no matter the perpetrator: you are being told your domain name is about to expire within the next few days and you could lose it. A document is usually attached to facilitate renewal process.

This document is not a real renewal order. By replying and ticking the box or accepting the offer, you are instead accepting a transfer of your domain name from your current Registrar to another.

Not only is your domain name being transferred from your trusted Registrar to an unknown and not-so-trustworthy Registrar (they emailed you out of the blue, remember), but you are also charged four or five times the price usually charged for such transfers.

We advise you to: upon reception of these so-called "reminders", your first reaction should be to perform a Whois check on your domain name to compare the "reminder" information and the Registry's information.

If the expiration date does not match the one the message you received, you are most probably reading a fake notification.

Quick reminder: keep in mind that you can enable the "transfer lock" protection on your domain names directly from your GANDI account as well as two-factor authentication and, at last, IP restriction, to increase the protection level on your domain name(s).

And as we mentioned before, remember our anti-spam protection feature. When this feature is activated, anyone who culls your email address from the whois (as domain slammers often do) will only get a "hashed" version @contact.gandi.net. You can know that emails sent to such an address do not come from Gandi.

If you encounter such a situation our key recommendations are to check the email headers for suspicious addresses and to double check the information provided in those emails (expiration date, domain name holder). This will protect you from mistaking a scam with a legitimate notification. In any case, do not hesitate toreach out to GANDI's customer care teams, they will be glad to help you sort things out and make sure you are dealing with a legitimate reminder.


Following this announcement we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventative measure, we have decided that a reboot of KVM based VMs is required in order to ensure that all possible attack vectors have been mitigated.

We will contact affected customers directly via email to provide instructions on performing the reboot on their own. This preventive reboot will not affect customers we do not contact.

We will reboot the VMs of affected customers (who have not rebooted on their own) on November 19th. An outage of 30 minutes maximum is expected for each impacted VM.

If you have questions or encounter any problems regarding this issue, our support team is available to assist you.

Several phishing scams are currently in progress. They are targeting thousands of domain name owners who have registered domains through registrars around the world (including GANDI).

These emails claim that your domain name has been suspended, and asks you to click on a link to download a copy of the complaints.

DO NOT CLICK on the the link or download the document: it contains a virus!

It seems that those responsible for sending these emails use the information obtained from the public WHOIS domain name database, where they recover the name, email address, and name of the registrar associated with the domain.

The fraudulent emails can even appear to come directly from GANDI. Here is one example:

------------


Subject: Domain Name exemple.com have been suspended

From:      GANDI SAS

Message: Dear First Lastname,

The Domain Name example.com have been suspended for violation of the
GANDI SAS Abuse Policy.

Multiple warnings were sent by GANDI SAS Spam and Abuse Department to give
you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then
attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to
our attempts to contact you.

Click here and
download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,

GANDI SAS

Spam and Abuse Department

------------

You should ignore this email. It is not necessary to send it to us: we have recieved dozens over the past few days and our teams are already on it.

 

Thank you for your attention.


A new critical security vulnerability will be publicly announced Thursday, October 29. The Xen team has already communicated fixes to Gandi. This flaw is found in the Xen virtualization software.

Following this announcement we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventive measure, we have decided that a reboot of Xen-based VMs is required in order to ensure that all possible attack vectors have been mitigated.

We will contact affected customers directly via email to provide instructions on performing the reboot on their own. This preventive reboot will not affect customers we did not contact
We strongly recommend that customers concerned by this to restart their VMs themselves, in order for them to verify that all of their services have been correctly restarted.

We will reboot the VMs of affected customers (those which were not rebooted by their owner) from Thursday, October 22 until Wednesday, October 28. An outage of 30 minutes maximum is expected for each impacted VM.

Maintenance status page: http://status.gandi.net/timeline/events/226


We recommend making sure that automatic updates are enabled for your WordPress installation, or running a manual update. There's a lot to gain, and a lot to lose if you don't, since this release is mainly focused on security fixes.

Two of the corrected vulnerabilities are XSS (Cross Site Scripting), related to the processing of "shortcode" tags in versions 4.3 and earlier, and the user list page.

The other problem is a privilege escalation which in some cases allows an unauthorized user to post private items and mark them as "sticky".

Although this version does not add any new features, it corrects a total of 26 bugs that exist in version 4.3.

In all, 64 files have been modified, with improvements to various aspects of the web interface of the world's most popular CMS, as well as its backend functions.

So, log in to your admin console and get started!

Visit the official changelog for more details: https://codex.wordpress.org/Version_4.3.1


We have updated Linux kernel 3.12 (now 3.12.45) and published a new version (3.18) on our HVM platform. These new versions no longer support AUFS and might force some clients to take corrective measures for their services.

Starting today, every server that is created or rebooted on our HVM platform will automatically use version 3.12.45 of the Linux kernel, unless configured to use version 3.18 or a custom kernel.

Please note that these kernel versions do not include AUFS support. Docker users should take special notice, because AUFS has been the default storage driver for quite some time.

To continue to use Docker with this new kernel version, users must upgrade their docker client and images to use a different storage driver, such as btrfs or overlayfs (available for kernel version 3.18 only).

To use version 3.18, you can execute following Gandi CLI [4] command:

$ gandi disk update  --kernel "3.18-x86_64 (hvm)"

You can also change the kernel from the web interface by following these instructions [3].

After the operation is completed, make sure you reboot your server and update your software packages and kernel modules [1].

Clients wishing to use a custom kernel can access more information on our Wiki page [2]. You can also access more information
about kernel update history on our Changelog [5]

[1] http://wiki.gandi.net/iaas/references/server/kernel_modules

[2] https://wiki.gandi.net/fr/iaas/references/server/hvm

[3] http://wiki.gandi.net/en/iaas/references/disk/advanced-boot

[4] http://cli.gandi.net

[5] https://wiki.gandi.net/fr/iaas/references/server/kernel_changelog?&#section312


Our Gandi Site platform will be temporarily unavailable this week starting Tuesday July 21 at 1:00 AM PDT until 5:00 AM PDT (approximately), due to scheduled maintenance and improvements on the platform being made by our partner, BaseKit.

 

UPDATE: The maintenance has been extended by our partner, who has been unable to tell us when the maintenance should be over. We will keep you informed of all this in this news alert as soon as we have more information.

 

Additionally, it will not be possible to create a new Gandi Site until early morning Thursday July 23 (we will update this post with the exact time once we have it).

The reason for this downtime is to give us a window to upgrade our Gandi Site tool. Please excuse any inconvenience this may cause. This downtime will allow us to make the necessary changes to provide a more up-to-date and higher-quality site-building platform, that should be as exciting for you as it is for us. Stay tuned ...


Page 1 2 315 16 17
Change the news ticker size