All Servers Protected Against Shellshock Bug

September 26, 2014

With the Shellshock bug receiving widespread media attention this week, many customers have contacted us asking how this security vulnerability will affect their service.

All Varial Hosting servers were patched against vulnerability CVE-2014-6271 upon the immediate release of an updated version of Bash which addressed this issue on Wednesday afternoon. When the fix in this updated version of Bash was deemed to be incomplete we applied web application firewall rules to mitigate against vulnerability CVE-2014-7169 until a new version of Bash was released and applied to all of our servers early Friday morning.

With all known vulnerabilities patched you can rest assured that Varial Hosting is protected against the Shellshock bug.

PHP 5.6 Now Available

September 9, 2014

Like to be on the cutting edge of PHP development?

We are pleased to announce that PHP 5.6 is now available as an alternate installation of PHP across all of our servers!

To switch to PHP 5.6 customers may log into their cPanel and click on the "Select PHP Version" icon. Next, select PHP 5.6 and click on the "Set as current" button. Finally, click on the "Use defaults" button to select our recommended PHP modules and then hit "Save".

PHP 5.6.0 has just been released as a stable build and more information on it can be found at:

Incident Report on Recent DDOS Attacks

September 5, 2014

Over the past week and a half Varial Hosting has been the victim of two extremely large denial of service (DDOS) attacks that have targeted our DNS name servers in an attempt to overwhelm and take them offline. These attacks have caused outages and intermittent connectivity issues for many users.

It is unknown if the attacks were targeting a particular website hosted on our network as the attackers directed the attacks at our name server IPs to take down its underlying architecture rather than limiting it to a specific website.

Due to the volume of the attacks our network providers were forced to null route and drop all connections to affected IPs to protect our servers and network from damage. The null routes were lifted after roughly six hours during each incident when the attacks were confirmed to have ceased.

During the first attack we were able to restore service to the majority of our servers that were not under direct attack by temporarily changing the IP of our NS1 name server. This limited the attack to just our shared IPs on our Apollo and Luna servers and restored service to our own website so we could better communicate with our customers on the issue.

Our attempts to restore partial service during the second attack were unsuccessful as the attackers quickly began targeting the alternate IPs we assigned to our name servers. To prevent extended downtime of our own website and email we activated CloudFlare's security service on our own domain to bring it back online so we could continue to answer questions sent to us regarding the incident. CloudFlare is a free content delivery network and cloud security layer that our clients may activate through their control panels.

We are currently working hard to investigate and impliment additional measures to limit the impact of denial of service attacks on our network. We are starting by fully separating our DNS name servers from our web hosting servers. Our name servers are currently being moved to new servers that we have setup and spread across the globe on IPs that feature automated DDOS mitigation. This will limit the impact of DDOS attacks targeted at our name servers and will help to keep all other servers online if specific servers or IPs are ever targeted by an attack in the future.

We would like to sincerely thank you for your patience and understanding during these incidents. In our 11 years in business we have never seen attacks of this magnitude or suffered such lengthy outages. We understand that any amount of downtime is just as damaging for your business as it is for our own.

We will continue to explore all options to further protect and secure our customers.

Thank you,

Ryan Smith, CEO
Varial Hosting

  1. First time? Let us make your life really easy.

    We help make it easy to setup your website starting with the most important information.

    Start Here
  2. Looking for information on our Reseller Program?

    For web development companies that need to give their clients the service of direct account access.

    Reseller Info
  3. Our servers are beasts. Here's their current status.

    99.9% uptime is great but more important is the current status of our servers. We show you.

    Server Status