1&1 Status Page

This is where you can find out whether any technical issues currently exist that could impact or cause the failure of your 1&1 Web Hosting products.
If you are experiencing problems accessing your 1&1 Web Hosting products, even though no technical issues are listed here, please contact us. For contact options, please see here.


Maintenance work Fault report

No maintenance work is planned currently.

Important security notice: Security vulnerability in content management system WordPress
Start:
11/04/2014 3:57 PM
Probable end:
Unknown
Last update:
11/04/2014 3:58 PM
Event:
Fault report
Affected products:
Website
Description:

A vulnerability in the popular Jetpack plugin of the WordPress content management system can allow attackers to publish posts on affected WordPress blogs.

Affected are all Jetpack plugins from October 2012 on, starting with version 1.9.

If you are using Jetpack to manage your homepage, please update your plugin as soon as possible. The update can be made through the plugin directory of your WordPress blog.

1&1 will run an update for all customers that have WordPress installed as part of the Click & Build application.

Please find further information at:

http://jetpack.me/2014/04/10/jetpack-security-update/
http://faq.1and1.co.uk/search/go.php?t=e792710

 

SSL weakness "Heartbleed" discovered - Update strongly recommended
Start:
09/04/2014 4:07 PM
Probable end:
Unknown
Last update:
09/04/2014 4:12 PM
Event:
Fault report
Affected products:
Website
Description:

This notification is important for customers with Dedicated Server, Virtual Server (VPS) or Dynamic Cloud Server packages.
Managed Server or Webhosting package customers are not affected.

 

We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library.

 

 

The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. The majority of the software systems already offer updates.
 
OpenSSL 1.0.1g to 0.9.8 are not affected.

 

When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.

 

For further information, please go to http://www.heartbleed.com/

OpenSSL Version Check

You are able to check your OpenSSL-Version with a Shell-Command on the Server:

  • root@s1234567:~# openssl version


It is very important to secure all systems which could potentially be affected!

GeoTrust Heartbleed-Test

A link to a Heartbleed-Test is provided in the GeoTrust mailing (this is a test created by GeoTrust):

https://ssltools.geotrust.com/checker/

The customer can either check his CSR (a key data for certificate requirements) or his URL.

Here is another test provided by an independent company: https://ssl-tools.net/heartbleed-test

Here is a list of common commands to patch the affected OpenSSL version:

 

CentOS
yum update openssl

Ubuntu/Deb
apt-get update
apt-get upgrade openssl

OpenSuse
zypper up openssl

 
Caution! Be aware of Scam!
Start:
01/04/2014 1:53 PM
Probable end:
Unknown
Last update:
01/04/2014 1:55 PM
Event:
Fault report
Affected products:
General
Description:

We are currently seeing some pishing emails which are being sent out in the name of 1&1 Internet.The emails include fake outgoing 1&1 email address and a fake invoice. Please ignore these Emails and do not respond!

The secure and official way to access your 1&1 contract and data is the 1&1 Control Center at https://www.1und1.co,uk/login
The phishing emails are sent automatically to randomly selected recipients. Due to the large amount of recipients some 1&1 customers have received those emails.