1&1 Status Page

This is where you can find out whether any technical issues currently exist that could impact or cause the failure of your 1&1 Web Hosting products.
If you are experiencing problems accessing your 1&1 Web Hosting products, even though no technical issues are listed here, please contact us. For contact options, please see here.


Maintenance work Fault report

No maintenance work is planned currently.

New security vulnerability is published
Start:
25/09/2014 2:55 PM
Probable end:
Unknown
Last update:
26/09/2014 2:24 PM
Event:
Fault report
Affected products:
General
Description:

The press and the community has published the news about the bash vulnerability called "Shell Shock" ("CVE-2014-6271") on 09/24/2014. Bash is most commonly used on the Linux level as so-called "Unix Shell". Due to this vulnerability, it may happen that under certain conditions, arbitrary shell code is executed. This occurs when the server service running system commands from a bash shell.

We currently have patched the vulnerability on our managed servers and shared hosting, where the security is managed by 1&1. Due to our preexisting security measurements that were in place before the exploit, running the following exploit test code on our managed and shared platforms will return a false positive, but currently it is not possible to exploit our managed systems via an external attack.

An important note on our part: Do you own a root server on which you yourself are the administrator? If so, please perform a security update of your bash shell on your server. For all major operating systems affected updates are already available.

How do you know if you are affected? - Open the Shell, and type the following code:

env = x '() {:;}; echo vulnerable 'bash-c "echo this is a test"

If your terminal returns the word "vulnerable", then you are affected.

Please take note that systems running the Parallels Plesk or Small Business panel depend on certain versions of PHP and MySQL, and a complete yum or apt update is not recommended as this may break Plesk.

Commands to Update Only Bash in Debian:

apt-get update

apt-get install --only-upgrade bash

Commands to Update Only Bash in CentOS

yum update bash

 

Updates:
26/09/2014 2:23 PM

The security patch has been applied to our Managed Servers and Shared Hosting. Thank you for your patience