1&1 Status Page

We continuously monitor the status of the 1&1 Web Hosting services. If there are any interruptions in service, a note will be posted here.
If you experience problems accessing your 1&1 Web Hosting services which are not listed here, please contact us. For contact channels please click here.


Maintenance Incident

No planned maintenance scheduled.

Important security notice: Security vulnerability in content management system WordPress
Start:
04/11/2014 10:57 AM
Estimated end:
Unknown
Last update:
04/11/2014 10:58 AM
Type:
Incident
Affected services:
Website
Description:

A vulnerability in the popular Jetpack plugin of the WordPress content management system can allow attackers to publish posts on affected WordPress blogs.

Affected are all Jetpack plugins from October 2012 on, starting with version 1.9.

If you are using Jetpack to manage your homepage, please update your plugin as soon as possible. The update can be made through the plugin directory of your WordPress blog.

1&1 will run an update for all customers that have WordPress installed as part of the Click & Build application.

You can find further information at:

http://jetpack.me/2014/04/10/jetpack-security-update/

 

SSL weakness "Heartbleed" discovered - Update strongly recommended
Start:
04/09/2014 11:07 AM
Estimated end:
Unknown
Last update:
04/09/2014 11:12 AM
Type:
Incident
Affected services:
Website
Description:

This notification is important for customers with Dedicated Server, Virtual Server (VPS) or Dynamic Cloud Server packages.
Managed Server or Webhosting package customers are not affected.

 

We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library.

 

The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. The majority of the software systems already offer updates.

 

When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
 
OpenSSL 1.0.1g to 0.9.8 are not affected.

For further information, please go to http://www.heartbleed.com/

 

OpenSSL Version Check

You are able to check your OpenSSL-Version with a Shell-Command on the Server:

  • root@s1234567:~# openssl version


It is very important to secure all systems which could potentially be affected!

GeoTrust Heartbleed-Test

A link to a Heartbleed-Test is provided in the GeoTrust mailing (this is a test created by GeoTrust):

https://ssltools.geotrust.com/checker/

The customer can either check his CSR (a key data for certificate requirements) or his URL.

Here is another test provided by an independent company: https://ssl-tools.net/heartbleed-test

Here is a list of common commands to patch the affected OpenSSL version:

 

CentOS
yum update openssl

Ubuntu/Deb
apt-get update
apt-get upgrade openssl

OpenSuse
zypper up openssl