This is where you can find out whether any technical issues currently exist that could impact or cause the failure of your 1&1 Web Hosting products.If you are experiencing problems accessing your 1&1 Web Hosting products, even though no technical issues are listed here, please contact us. For contact options, please see here.
A vulnerability in the popular Jetpack plugin of the WordPress content management system can allow attackers to publish posts on affected WordPress blogs.
Affected are all Jetpack plugins from October 2012 on, starting with version 1.9.
If you are using Jetpack to manage your homepage, please update your plugin as soon as possible. The update can be made through the plugin directory of your WordPress blog.
1&1 will run an update for all customers that have WordPress installed as part of the Click & Build application.
Please find further information at:
This notification is important for customers with Dedicated Server, Virtual Server (VPS) or Dynamic Cloud Server packages.
Managed Server or Webhosting package customers are not affected.
We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library.
The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. The majority of the software systems already offer updates.
OpenSSL 1.0.1g to 0.9.8 are not affected.
When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
For further information, please go to http://www.heartbleed.com/
OpenSSL Version Check
You are able to check your OpenSSL-Version with a Shell-Command on the Server:
It is very important to secure all systems which could potentially be affected!
A link to a Heartbleed-Test is provided in the GeoTrust mailing (this is a test created by GeoTrust):
The customer can either check his CSR (a key data for certificate requirements) or his URL.
Here is another test provided by an independent company: https://ssl-tools.net/heartbleed-test
Here is a list of common commands to patch the affected OpenSSL version:
yum update openssl
apt-get upgrade openssl
zypper up openssl
We are currently seeing some pishing emails which are being sent out in the name of 1&1 Internet.The emails include fake outgoing 1&1 email address and a fake invoice. Please ignore these Emails and do not respond!
The secure and official way to access your 1&1 contract and data is the 1&1 Control Center at https://www.1und1.co,uk/login
The phishing emails are sent automatically to randomly selected recipients. Due to the large amount of recipients some 1&1 customers have received those emails.