We continuously monitor the status of the 1&1 Web Hosting services. If there are any interruptions in service, a note will be posted here. If you experience problems accessing your 1&1 Web Hosting services which are not listed here, please contact us. For contact channels please click here.
A vulnerability in the popular Jetpack plugin of the WordPress content management system can allow attackers to publish posts on affected WordPress blogs.
Affected are all Jetpack plugins from October 2012 on, starting with version 1.9.
If you are using Jetpack to manage your homepage, please update your plugin as soon as possible. The update can be made through the plugin directory of your WordPress blog.
1&1 will run an update for all customers that have WordPress installed as part of the Click & Build application.
You can find further information at:
This notification is important for customers with Dedicated Server, Virtual Server (VPS) or Dynamic Cloud Server packages.
Managed Server or Webhosting package customers are not affected.
We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library.
The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. The majority of the software systems already offer updates.
When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
OpenSSL 1.0.1g to 0.9.8 are not affected.
For further information, please go to http://www.heartbleed.com/
OpenSSL Version Check
You are able to check your OpenSSL-Version with a Shell-Command on the Server:
It is very important to secure all systems which could potentially be affected!
A link to a Heartbleed-Test is provided in the GeoTrust mailing (this is a test created by GeoTrust):
The customer can either check his CSR (a key data for certificate requirements) or his URL.
Here is another test provided by an independent company: https://ssl-tools.net/heartbleed-test
Here is a list of common commands to patch the affected OpenSSL version:
yum update openssl
apt-get upgrade openssl
zypper up openssl