Due to recent updates across the industry, security has been increased, which is good, but this has affected some of our Shared Hosting and Dedicated Hosting customers’ ability to log in and send/receive emails. Our Plesk Hosting Software and possibly your Windows Operating System have both updated their systems resulting in what you might notice as “Unable to connect” messages or just no mail sending out or being received. The resolution we have found, is to remove and add the mail account in the settings for your email client. This will regenerate the password cache and reissue the signature certificate that gets stored in your system. Please feel free to open a ticket if this does not work for you at https://portal.dynamic.com

For L2TP or IPSEC using the native Windows VPN Connections that have authentication issues, please see this article for an explanation and how to fix it: https://www.windowscentral.com/windows-update-introduces-vpn-issue-forcing-admins-pick-between-security-or-functionality

NOTE: Not everyone is affected, but for those who are we are already in the process of patching individual servers manually and will likely reach out to schedule a reboot of your server if necessary.

If you haven’t been following tech industry news lately then allow us to inform you about this pressing matter affecting millions of servers worldwide. Log4j is a very commonly used logging library in the Java programming language. Programmers use this to help indicate the state of various parts of their program.

Generally speaking, when processing inputs from the user, you always want to treat the input as just normal text, and not code that the program should execute. You do this due to the fact that if an attacker can inject their own code into a program, then the possibilities are endless for hacks/breaches. Now unfortunately if you construct a specific string of text, and are able to get the log4j library to log that string (which is pretty trivial because most programs will log user inputs), you are able to get the log4j library to reach out to other servers and execute any code that is returned.

This allows the attacker to execute code that they wrote on a remote server. This kind of breach is called remote code execution, and can lead to all kinds of issues.

Now that you understand what is at play here please let us know if you have any questions that this hasn’t already answered and be aware that a fix is either already implemented on those machines who are affected, or will be very shortly.

Further information: https://time.com/6128795/log4j-security-flaw/

Sincerely,
Your DCI support team