Latest Announcements from the Forums

2021-10-24: Due to Upgrade, Password Updates Required Soon
Starting next week (November 1st) there will be an upgrade to some of the core system software on the server. This will obsolete old passwords (set before around 2008) which are stored using weaker md5 hashes. Support for those is going away in the cryptography library used by service pieces of software (including SFTP.) Everyone who hasn't changed their password in the past few years will need to do so, or potentially be locked out of some services until they do.

To change your password, go to https://xepher.net/user-services/ and login with your old/current password, then change it. Note that if you use MySQL for things like wordpress, this will change your database password as well, so you may need to update your wordpress (or other software) configs. For wordpress, that typically just means editing wp-config.php. This would also be a good time to make sure that file is secure (it does contain your password after all) so click the properties for that file and set the permissions so ONLY user (you) have read/write access (for you nerd types, "chmod 600 wp-config.php".) Remove the access from group and other/world so no one else can view it. You should do this for any other web software you may be using... any file where you have your own password stored.

If you have any questions or problems, just let me know!


2019-02-23: Bounced Servers
So the VM host we were currently assigned to at Linode was shared with other servers that were major IO hogs, causing major slowdowns to service here. I've upgraded/downgraded servers, effectively causing us to "bounce" to a new VM host with much lower IO demands, and this should vastly improve performance. So far, I'm getting astoundingly better benchmarks and results. That said, it may be necessary to do this again in the next day or three to explore other profiles. It takes an hour or two each time, so if you find xepher.net down, I ask for your patience. If it's down more than three hours though, something may be wrong, and please feel free to contact me. Try my xepher42 gmail address or any other way you know to contact me.


2018-02-25: PHP upgraded to 7.2
PHP 5.6 is approaching its end of life, and is no longer receiving regular updates from upstream. That means it's time to move on to the next version, which is PHP 7 (6 was experimental and doesn't count.) I've updated the server to PHP 7.2, and if you're using older PHP software, you may notice errors appearing on your site. If you see messages about mysql (specifically mysql_connect being an "undefined function") then there's a temporary workaround you can add. In any PHP file you need to still use the old MySQL functions, you can add this line right at the start of the PHP section (just after the <?php tag ideally):

include_once("mysql-shim.php");

Ideally, if you didn't write the code, you should just update to a newer version that supports php 7 and not use this. But until this, this workaround might help. If you have other problems (or notice errors on any of the main xepher.net pages) please let me know. My own code is using this shim, as it's ANCIENT, and I don't have the patience to rewrite it quite yet.


2018-01-03: Update Your WordPress Installs!
:UPDATE:

Well, it's more than a year later, and a lot of accounts have fallen out of date again. I've disabled these. If your site has a notice that your Wordpress was out of date, email me and I'll unlock it, so that you can upgrade.

Note that the current version of Wordpress is now 5.6.2.


:UPDATE:
Just as everyone seems to have finally been updated, Wordpress goes and breaks their auto-update process.

https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/

Everyone (in the world) needs to update manually and then make sure auto-updates are enabled again!


----
Over the New Year we had an account compromised (almost certainly through a MILDLY out of date WordPress install) and it was used to attack other servers, leading to a warning from my VM provider.

Going forward, I'm going to be requiring that all WordPress installs be maintained and kept up to date. To enforce this, I've written a scanner that will automatically find and check the version of any WP installs, and it will be emailing me any time someone is out of date. If you have WP on your site, please go update it NOW to at least version 4.9.1.

As WP is a very popular target, even an install a week out of date can be vulnerable, and so I will be disabling accounts if/when that happens. I've already disabled several, and sent emails of warning to many others. If your account was one that was disabled, email me, and I can release it and allow you to update things. Also, please make sure your offsite contact email is kept up to date so that I can contact you in cases like this. Too many times I have to resort to disabling accounts to get the owners attention, and I'd prefer to avoid that.

Sorry to have to be so strict about this, but with the potential to leverage this server to attack remote targets, the threat is serious enough that I have no choice. If you have any questions or thoughts though, feel free to ask below, or contact me directly if you prefer.

Thank you all for understanding!


2016-03-10: Major Email Changes
So, spam hit again, and I'm moving to a new mail server. As such, it required a lot of work to reconfigure from the old system. I think I've got most things back to working, but if you have trouble with email here, please let me know. The most likely remaining problems are related to people with custom email domains hosted here.

If you're using your own email client, you need to use SMTP authentication with STARTTLS on port 587 (the "submission" port) to send mail now.

Also note, as email is what's being weird, please feel free to post here on the forums if you're having problems.

EDIT: Your ~/.esmtprc file should look something like this now:

identity = user@xepher.net
        hostname = mail.xepher.net:587
        username = "user"
        password = "mypass"
        starttls = enabled

All code, images, and content in this page are licensed under a
Creative Commons Attribution-ShareAlike 3.0 Unported License.