Hosting Forum - Hostek.com

CFSCHEDULE Task Stopped Working at Midnight

wyseguy79 — Sun, 05 Sep 2010 09:31:35 GMT

Just curious if anyone has had a similar problem or knows a quick fix to the problem I have having with a scheduled task stopping at the stroke of midnight the next day.

In my code i have the following

action="update"
task="AutomatedMessage"
interval="1800"
url="URL"
startdate="9/4/10"
starttime="10:00 am"
operation="httprequest">

The code worked flawlessly all day until midnight hit and I got the last automated message. It sends me an email every 30 min with some simple information, so this is how I was able to determine that it stopped. Just wanted to see if there had been any similar results or a solution out there.

Thanks guys!

WCP - Enhancement List

Brian — Mon, 30 Aug 2010 18:12:18 GMT

Click here for a demo of our WCP if you are not familiar with it.

Here is a list of enhancements that we are working on. The enhancements will be completed in this order, subject to change at any time :)

File Manager (COMPLETED Aug 30, 2010)
Resellers - ClientExec billing integration (COMPLETED Aug 31, 2010)
MIME Types (COMPLETED Sep 2, 2010)
Default documents (ie, which page loads first like index.php) (COMPLETED Sep 3, 2010)
Virtual Directories
Application Pack for Mura
ASP.NET Permissions
More Site Information, ie, IP, versions, etc.
Rename domain
SSL Certs
SubDomain - option to "inherit" domain's Virtual Directories
FoxPro Driver DSN
Allow creation of DSN while setting up database for MS SQL (MySQL already completed)
Resellers - own holding (coming soon) page
Resellers - ability to suspend a site
Enable / Disable IIS compression
allow enabling/disabling of php, perl, asp
more to come...

Very slow message processing

drdwilcox — Mon, 30 Aug 2010 16:33:37 GMT

I have noticed that my email through hostek is very slow. For example, I just registered for the forums, and the confirmation message took 30 minutes to arrive. At other times, I am sent emails through 2 different accounts. From the other account, the message arrives almost immediately. Through my hostek account, the message may take 15-20 minutes.

Is this experience common? I have had this domain for a couple of years, and it has been this way from the beginning.

Thankis,

Don

ASP.net forms

lutherandj — Fri, 27 Aug 2010 21:04:20 GMT

I'm just starting to use expression web and need to know where I can find out how to do the following

I need to create a asp.net form that works with Expression Web where the users will submit an inquiry. What server information do I need for this form?

After I do that; I'd like to create a form where my users can login and submit announcements and they would automatically get published to their web page. i'm guessing I might need to synchrononize some type of database with this.

I'd like to create a forum where users will submit a form and it will publish to the forum. I'm guessing all this can be done using asp.net but a little lost where to start and where do I find any necessary server information I might need to configure these forms.

Do you support Silverlight SDK 4?

Brian — Thu, 26 Aug 2010 19:41:24 GMT

Yes. For using the Silverlight SDK 4, you would simply need to include the "System.Web.Silverlight.dll" within the /bin folder when you upload your Silverlight application.

Do you support WCF RIA Service 1.0?

Brian — Thu, 26 Aug 2010 19:39:42 GMT

Yes, we do support WCF RIA Service 1.0.

This may not be installed on all servers, so if this is not working for you, contact support with your domain name and request the WCF RIA Service be installed on the server for you.

Smartermail 7

Lagaffe — Thu, 26 Aug 2010 07:20:27 GMT

What are Hostek's plans on upgrading Smartermail to version 7?

Mura - Permission denied for creating Java object: coldfusion.server.ServiceFactory

Brian — Mon, 23 Aug 2010 17:01:10 GMT

If you are using Mura and you get this error, Permission denied for creating Java object: coldfusion.server.ServiceFactory, you are likely using an outdated version of Mura and also are probably on a ColdFusion 9 server. There is a quick fix though, which I'll explain below.

Find the file named CFMLVersion.cfc which may be at \wwwroot\requirements\transfer\com\factory

Edit that file and find the line that has:

Code:

if(server.coldfusion.productversion.startsWith("8"))

And change that to:

Code:

if(server.coldfusion.productversion.startsWith("8") OR server.coldfusion.productversion.startsWith("9"))

Save the file and it should now work.

NOTE: Since this is likely running an outdated version of Mura, I would strongly suggest installing the latest version, as there has been changes to the framework which makes it load faster too.

Common items found in PCI report... and solutions

Brian — Thu, 19 Aug 2010 22:05:43 GMT

To make this information readable, I will put just the heading info in here, and not the full details.

Microsoft IIS ISM.DLL HTR Request Remote Overflow
This is related to mappings for .HTR, .STM, and .IDC files. By default, we don't have .htr mapped for security. Contact support to have mappings for .stm and .idc removed if you are not using these extensions. The use of .stm is rare and the use of .idc is almost unheard of. We will be removing the .idc mapping from the servers shortly by default.

IIS Authorization Method Disclosed
07/01/08
CVE 2002-0419
IIS is vulnerable to information gathering as to which form of authentication is being
used due to the results of attempted connections with incorrect user ids and passwords.
**Contact support with your domain name and request All Authentication options to be unchecked for your domain.

FTP Server Remote Buffer Overflow
10/13/09 CVE 2009-2521 CVE 2009-3023 Two vulnerabilities exist in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
**False Positive. This is related to patch KB 975254 which is installed.

File change notification privilege elevation
02/14/08 CVE 2008-0074 IIS is vulnerable in the way that it handles file change notifications in the FTPRoot, NNTPFile\Root, and WWWRoot folders. A local attacker would have to be able to create or modify a file in one of these directories. A remote attacker would have to be able to upload a script to an affected IIS server, and be able to run the script. This uploaded script would need write access to the FTPRoot, NNTPFile\Root, or WWWRoot folders. An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of local system. Unpatched versions of IIS are vulnerable on: Windows 2000 with IIS web server, FTP or NNTP services enabled; Windows XP with IIS web server or FTP services enabled; Windows Server 2003 with FTP or NNTP services enabled; and Vista with FTP service enabled.
**False Positive. Related to KB 975254 referenced above.

FTP Services - 110086 - TCP 21 - WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure
The suggested solution is: Upgrade your FTP server to the latest version.
This is a false positive, as we do have the FTP server upgraded to the latest version on all of the servers. One scanner wanted more detail, so I will include that here:
"OS: Depending on the server, it will be either Windows Server 2008 SP2 or Windows Server 2003 SP2, with all current security updates. The version of FTP is IIS 7.5 for Windows 2008 or IIS 6.0 for Windows 2003 SP2. We do not run WU-FTPD on any of our servers, which is referenced by Threat 110086".

Web Services - 131657 - TCP 80 - Web Server Uses Non Random Session IDs
Generally related to ColdFusion sites. The solution can be found here.

ASP Upload Command Execution
07/12/06 CVE 2006-0026 IIS 5.0, 5.1, and 6.0 are affected by a buffer overflow when processing ASP files. A remote attacker could execute arbitrary commands by uploading a specially crafted ASP file onto the web server, and then causing IIS to process it. An attacker would need to have valid login credentials in order to exploit this vulnerability unless the web server has been configured to allow anonymous uploads to the web site.
**False Positive: This is related to patch KB 917537 and also is not applicable to Windows Server 2003

Web Services - 500033 - TCP 443 - Possible Vulnerabilities in IIS 5
This is a false positive, as we do not run IIS 5 on any of our servers. Your PCI scanning company should be able to determine this and not report this to you.

Multiple Vulnerabilities in IIS 4.0 - 5.1
This is a false positive, as we do not run IIS 4 nor IIS5 on any of our servers. Your PCI scanning company should be able to determine this and not report this to you.

Cross-Site Scripting
This is something you need to fix in your code. Basically you need to sanitize your form input when using it after the form is submitted. You need to remove any of the following characters minimally:
% ( ) = < >

Here is a sample of how to do this, based on ASP. I would suggest placing this function in an include page:

Code:

Function CleanFormInput(aField)

  aTempField = Replace(aField, "<", "")

  aTempField = Replace(aTempField, ">", "")

  aTempField = Replace(aTempField, "%", "")

  aTempField = Replace(aTempField, "=", "")

  aTempField = Replace(aTempField, "(", "")

  aTempField = Replace(aTempField, ")", "")

  aTempField = Replace(aTempField, "'", "")

  aTempField = Replace(aTempField, "|", "")

  aTempField = Replace(aTempField, ";", "")

  aTempField = Replace(aTempField, "-", "")

  aTempField = Replace(aTempField, """", "")

  CleanFormInput = aTempField

End Function

Then in your code where you are processing the input you could do something like (after including the include file mentioned above):

Code:

aCleanVar = CleanFormInput(Request("myFormField"))

Details: A cookie without the HTTPOnly attribute could be
susceptible to theft by cross-site scripting attacks.
** See this link for the fix to this issue.

CF Admin vulnerability fix - ColdFusion Servers only

Brian — Thu, 19 Aug 2010 19:08:38 GMT

To our dedicated customers that are using ColdFusion. If you are not using ColdFusion, you can ignore this notice.

NOTE: I know some of you also have ColdFusion shared hosting accounts with us also, and yes, we have already taken care of all of our shared hosting servers.

There is security vulnerability related to CF Admin when accessible publicly. There is a patch that Adobe released, which you can install to fix this, however, a possible better solution is outlined below, as that will prevent this and other future issues related.

Here is how you should have the /CFIDE mapping handled if not done so already.

A normal install has the /CFIDE folder at:
c:\inetpub\wwwroot\CFIDE

This location is needed, however, it should not be your default /CFIDE mapping for domains added to the server.
We suggest copying the /scripts and /classes folder from this location and placing them at:
d:\home\CFIDE

Then make sure that everyone has only read/execute permissions on the d:\home\CFIDE folder.

In your IIS, make sure any sites using a virtual CFIDE folder is changed to use the d:\home\CFIDE folder and NOT the c:\inetpub\wwwroot\CFIDE folder.

Now, in IIS, edit the Host Headers for the WWW item that is used for your CF Admin and remove 127.0.0.1 from the list, assuming that entry is there. Then add an IIS item named CFAdmin pointed to the same directory as the IIS item that you currently use for the CFAdmin access, and set it to use 127.0.0.1 and port 80. Next, create a Virtual Directory for this CFAdmin iis item and name it CFIDE and set it to the c:\inetpub\wwwroot\CFIDE folder.

Now, you can access CF Admin from the server via the http://127.0.0.1 address, removing the CF Admin access from the public.

Remember, in the future when you need to create any virtual /CFIDE folders, to use the new d:\home\CFIDE folder.

Migrating WebMail to SmarterMail

Doug — Wed, 18 Aug 2010 04:14:47 GMT

I am in the process of moving two websites from a different provider to Hostek. One is a regular html site and the other is a Coldfusion 9 site. The sticking point right now is how to move the emails from a WebMail account to SmarterMail Enterprise 4.3 which is what is currently running on my Coldfusion site.

So, two questions...

1. My current site (a Coldfusion 9 Silver account) on Hostek is running SmarterMail 4.3, not version 6.x. How would I move WebMail over?

2. If I set up a new Windows Bronze account for my client , would I get SmarterMail 6.x?

Thanks,
Doug