SHARED HOSTING ACCOUNTS ONLY:

This is a courtesy reminder; to improve web server security, legacy versions of the following Content Management Systems (CMS) will no longer be supported by our shared web hosting servers. As of November 17th we will start to place any websites still running outdated software OFFLINE until repaired.

**Please login to your content management system and upgrade the core files and the plugins AS SOON AS POSSIBLE. If needed, please contract with your web developer to help upgrade your CMS to the latest version. **

Here is the list of the most popular legacy CMS systems and the minimum version we will support November 17th. We have also included a link to the documentation on how to upgrade the CMS.


WordPress ~ Newest Version 4.2.4

https://codex.wordpress.org/Updating_WordPress

Joomla ~ Newest Version 3.4

https://docs.joomla.org/Portal:Upgrading_Versions

MuraCMS ~ Newest Version 6.2.6365

http://docs.getmura.com/v6/installation-setup/upgrading-mura/

Opencart ~ Newest Version 2.0.3.1

http://docs.opencart.com/upgrading/

Drupal ~ Newest Version 7.38

https://www.drupal.org/upgrade

 

Special Notes:

1) This is not limited to the software listed. If your website, of any kind, is found to be actively infected it will be disabled immediately. If it is unpatched, you will need to patch it too.

2) It is important to understand that, regardless of who built your website, it is your responsibility to maintain your website software or contract with your developer to do this for you.

3) The problem of security has been an ongoing issue. For instance, WordPress has released 5 major security patches this year. Hackers and virus infections are on the rise- please consider your website visitors should your website be infected. The hacker goal is to infect your website visitors in most cases.

4) Those running outdated ecommerce software in conjunction of their need to consider the potential impact on their business and take immediate action to resolve. We have reached out to many people in advance of this notice.

5) If you need help, we are available to help at no charge where/when possible (at our sole discretion). For the best service, our web development team is available to assist on an hourly basis.

 

This move is being made to provide better service and security to our clients. Thank you for your understanding.

The following is a notification from PaPal, an online payment gateway. It is being re-posted for the benefit of EPhost customers who may use their service for their ecommerce website. Please direct support inquires and questions to PayPal directly.

PayPal recently implemented some changes to their SSL certificate to use the SHA-256 algorithm. If you are experiencing issues making connections to their API, specifically the Instant Payment Notification API, this may be why.  

https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766&expand=true&locale=en_US

EPhost, has already completed the required modifications to import the new Verisign G5 SSL certificate into trusted keystores and enabled the SHA-256 algorithm. However, if you continue to have issues please open a support ticket.

The following is a notification from AuthorizeNet, an online payment gateway. It is being re-posted for the benefit of EPhost customers who may use their service for their ecommerce website. Please direct support inquires and questions to AuthorizeNet directly.

Important Authorize.Net Technical Updates

Over the next few months, there are several updates and enhancements we are making to our systems that you need to be aware of. They are all technical in nature and may require the assistance of your web developer or shopping cart/payment solution provider.

Please read this notice carefully, and if you need to find a developer to help you, please check out our Certified Developer Directory at www.authorize.net/cdd.

Security Certificate Upgrades to api.authorize.net

 As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.

 These upgrades were already completed on secure.authorize.net in May. If your website or payment solution connects to api.authorize.net and any updates are necessary to use the new certificates, please refer to this blog post in our Developer Community, which has all of the certificate information you and your developer will need for this update. Our sandbox environment has already been updated so that you can validate that your solution will continue to work using SHA-2 signed certificates, prior to September 21st.

 After the update is complete on September 21st, any website or payment solution that connects via api.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net's servers.

Transaction ID Changes

 In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.

 Currently, if you receive a Transaction ID of "1000," you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one you previously received.

 If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions to your solution.

 Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.

TLS Remediation for PCI DSS Compliance

 As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible.

 For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post. We will also send another email about TLS once we have a final date in place.

Akamai Reminder

 Last, but not least, we previously announced our Akamai implementation plan and timelines. Using Akamai's technology will provide Authorize.Net a superior level of reliability, as it helps safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar issues.

 If you have not already, please review the announcement and the Akamai FAQs to determine what action you should take for your particular solution.

Type of Work: Network Modification

Location: EPhost Datacenter, San Diego, CA 92123

Purpose: EPhost Web Administrators will be working on the EPhost Network performing an upgrade to significantly increase bandwidth capacity in anticipation of a busier-than-normal holiday season.

Window Start: 09/28/2015 - 5:00 pm PST
Window End: 09/28/2015 - 9:00 pm PST

Service Impact: This work is expected to take approximately 15 minutes, though we have allocated 4 hours. You may experience intermittent access to the EPhost Network as the new link is brought online. The work is being performed at the end of the business day, rather than late night, for the availability of our uplink engineers.

Schedule: The window for Network Maintenance is scheduled to begin at 5:00 pm PST on Monday, September 28th, 2015, and end at 9:00 pm PST on Monday, September 28th, 2015. Should additional time be required, notice will be provided and the work window will be expanded.

Testing & Planning: All testing and planning being conducted during this window is part of a pre-defined checklist designed by the EPhost Web Administrator team.

Regression Planning: The EPhost Web Administrator team will be on-site managing this window. As with any Network Maintenance, while highly unlikely, there is a possibility that something unexpected may occur during the work process. Should any issues arise, all equipment will be placed back into standard operation and the work will be postponed until the issue is resolved.

The following is a notification from AuthorizeNet, an online payment gateway. It is being re-posted for the benefit of EPhost customers who may use their service for their ecommerce website. Please direct support inquires and questions to AuthorizeNet directly.

Dear Authorize.Net Developer:
      
This email is to let you know of changes being made to improve the Authorize.Net-generated email receipt that is sent to your merchants and your merchants' customers after a purchase. These changes will provide better receipt content and help increase email deliverability. The new emails will be effective on August 11, 2015.
 
No action on your merchants' part is required. We will begin emailing your merchants who have opted to receive email receipts about these changes beginning tomorrow.
 
"From" Email Address Changing
 
A list of changes is below, however, the biggest change to be aware of is that the email address listed in the "From" field of the receipt email will no longer be your merchants' email address. Instead, the "From" field will now display "noreply@mail.authorize.net" as the sending email address. This change will also apply to ARB summary and settlement-related emails.
 
If a customer replies to the email receipt, the email address that will populate in the "To" field will still be the email address that your merchant currently has configured as the Email Sender in the Merchant Interface.
 
To review the current email address configured as the Email Sender, please have your merchants follow these steps:
 
Log into the Merchant Interface at https://account.authorize.net .
Click Account from the main toolbar.
Click User Administration from the main menu on the left.
Click a user's name.
Click Edit Profile Information.
In the Specify Email Sender section, check to see if the checkbox next to Use this email address as sender is checked.
Click here for further information on reviewing or updating the email address currently configured as the Email Sender on an account.
 
Additional Improvements
 
The other email receipt changes that you will see as of August 11th are as follows:
 
Your Merchants' Email Receipt

Masked card number and last 4 digits will be viewable in the Payment Method section.
Example: Visa xxxx1234
Line item details will now be on the email receipt.
The Customer's Email Receipt

Subject line will display in this format: "Transaction receipt from [merchant name] for [X.XX][(Currency code)]"
Example: Transaction receipt from Merchant for 500.00 (USD)
"Thank you for your order" will be removed from the receipt.
Description field: If no description has been provided, "Goods or Services" will display by default.
Amount format change: Transaction amount will display as [X.XX][(Currency code)]
Example: 500.00 (USD)
Payment Information section updated to include:
- Payment Method/Masked Card Number
- Transaction Type
- Authorization Code
New Merchant Contact Information section added, which will include:
- Merchant Name
- Merchant City, State and Country
- Merchant Email Address
These changes will provide more information to your merchants' customers and provide a better overall purchasing experience. Thanks for being an Authorize.Net developer.
 
Sincerely,
Authorize.Net

SHARED HOSTING ACCOUNTS ONLY:

To improve web server security, legacy versions of the following Content Management Systems (CMS) will no longer be supported by our shared web hosting servers. In 90 days, we will place any websites still running outdated software OFFLINE until repaired. While everyone should update their software- dedicated, managed and collocated server customers are EXCLUDED from this notice.

**Please login to your content management system and upgrade the core files and the plugins AS SOON AS POSSIBLE. If needed, please contract with your web developer to help upgrade your CMS to the latest version.**

Here is the list of the most popular legacy CMS systems and the minimum version we will support in 90 days. We have also included a link to the documentation on how to upgrade the CMS.

WordPress ~ Newest Version 4.2.4

https://codex.wordpress.org/Updating_WordPress

Joomla ~ Newest Version 3.4

https://docs.joomla.org/Portal:Upgrading_Versions

MuraCMS ~ Newest Version 6.2.6365

http://docs.getmura.com/v6/installation-setup/upgrading-mura/

Opencart ~ Newest Version 2.0.3.1

http://docs.opencart.com/upgrading/

Drupal ~ Newest Version 7.38

https://www.drupal.org/upgrade

Special Notes:

1) This is not limited to the software listed. If your website, of any kind, is found to be actively infected it will be disabled immediately. If it is unpatched, you will need to patch it too.

2) It is important to understand that, regardless of who built your website, it is your responsibility to maintain your website software or contract with your developer to do this for you.

3) The problem of security has been an ongoing issue. For instance, WordPress has released 5 major security patches this year. Hackers and virus infections are on the rise- please consider your website visitors should your website be infected. The hacker goal is to infect your website visitors in most cases.

4) Those running outdated ecommerce software in conjunction of their need to consider the potential impact on their business and take immediate action to resolve. We have reached out to many people in advance of this notice.

5) If you need help, we are available to help at no charge where/when possible (at our sole discretion). For the best service, our web development team is available to assist on an hourly basis.

This move is being made to provide better service and security to our clients. Thank you for your understanding.