Check your contact email addresses!

Our Security Reports are sent to you using the email address stored in your cPanel account under the Update Contact Info icon at the top in the Preferences section.

Important: This is completely independent from the email address you use to login to your Krystal Client area.

This allows us to send Security Reports to someone other than the billing contact (who might not know what to do with them!).

It is important to choose an email address that is NOT managed by us. Think about it - if we have to suspend an exploited cPanel account for yourdomain.com and your contact email address is steve@yourdomain.com, then you will never get our Security Report! So, it's always a good idea to use something like a gmail/hotmail/yahoo etc. address.

Our new security systems are now scanning your cpanel accounts on a weekly basis, and we will be emailing you a Security Report on our findings. We now also scan uploaded files in real-time, and act on anything that matches our extensive virus and malware signature databases. This might result in the affected files being CHMOD 000 (to prevent access), or it might even mean your account is temporarily suspended to protect your web content from further unauthorised access.

Thank you for helping us!

Secondly, we would like to give a huge thank you to all the users who helped us after our most recent security sweep. It has helped us to eliminate several false positives from our database, and uncovered a few nasties that had been lurking in clients' websites. Clearly, security is of paramount importance to Krystal - but then, so is performance and availability. Balancing the two successfully is a tricky business. A small number of our customers have had a less than enjoyable experience in the past 2 weeks, mainly due to unforeseen configurations, but we're confident we have elimitated all of the issues that tripped us up.

We now have a system that strikes what we believe to be the best balance in terms of availability, and we will continue to improve and develop the system as time allows.

In addition to our recent enhancements, we will (until further notice) be generating weekly reports of all of the infections and suspect files that we find in our clients' home directories. You have probably already received one or two of these during our testing phase. The subject of the email will be something like

Security Report - Krystal cpanel account - [your username]

(the first batch of emails were called Malware Report, but this seemed to alarm everyone for some reason) - Don't Panic! If your account is clean, then the worst that will happen is that you may receive a report containing a list of files that "might", and we mean "might", contain code that is not suposed to be there. We feel that it's better to let you know about scan results we are not entirely sure about, than just bury them. It gives you the opportunity to check your files to make sure that things are as they should be.

NOT EVERY FILE IN THE REPORT IS MALWARE - SO DON'T JUST GO DELETING EVERYTHING!

These reports will continue until we develop the system to allow improved exclusion of known good files (it might be easy to cobble together something to provide this, but when we are scanning literally millions of files, it has to be very efficient!).

For more information on what these emails mean, and how to interpret them, please read:

I've received a Security Report email - What does it mean?

As some of you may be aware, we have disabled a number of PHP functions across our platforms. For the longest time, Krystal were one of the few hosting providers that offered these functions in a shared environment. We were able to do this as we were a small company, and could just about keep on top of the problems these functions caused. In recent days we have been swamped by a sharp increase in the number of exploitations of customer's websites, resulting in injected files and code that makes use of these functions.

So what? Well, these PHP functions allow the PHP script to enjoy just about all of the benefits and privileges of a full shell enabled account. It allows a malicious script to delete, create, or modify files anywhere in your home directory, and beyond in certain directories, all under the umbrella of your username. Not good.

We were going to plan the withdrawl of these functions this spring, but our hand has been forced. We do not enjoy doing this, and realise that it will inconvenience some users. If you are affected, and cannot survive without it, let us know and we will assess your case, and may enable specific functions for you for a limited period.

Help for WordPress users

If you are using Wordpress, and and see an error related to one of these functions, it is most likely due to a plugin that uses one of these functions that is now failing to run. Just rename or remove the plugin from the wp-content/plugins directory in your WordPress installation (using FTP or cPanel FileManager).

Since the release of WordPress 3.3 we have seen a slew of clients who have fallen foul of various issues related to incompatibilities in their themes or plugins that have effectively broken the upgrade, leaving websites in an unusable state.

Whether you are upgrading WordPress, Joomla, Drupal, phpBB or any other application that supports automatic updates...

Backup your website BEFORE upgrading

As much as we would like to fix everybody's site, it's simply impossible for us to devote time to this. It's all we can do to keep up with requests to restore entire accounts.

Automatic updates might sound warm, cosy and safe, but would you consider upgrading your operating system without taking a single backup beforehand? Websites are such a rich landscape of third party addons, plugins, and themes, it's impossible for the developers to account for everything. So please, remember to backup your account BEFORE upgrading!

Read how to backup your cpanel account

We've been busy adding more video tutorials to our knowledgebase library. We've also created a couple of our own (well, Steve has), to help with the more technical topics such as SFTP using pubilc/private keys.

Please don't forget to search our video library in addition to our normal knowledgebase articles - a picture paints a thousand words!

Help us improve our video articles

Our videos weren't all recorded by us (we're not going to pretend otherwise), but hopefully they will get you on the right track - However, if you are still left wondering how to achieve your objectives, then please leave a comment on the video for us, telling us why it didn't help you, and we'll try to add more information to the article to help others.