Notice Links:
| Posted | Mon, 1 Jun 2026 23:08 PM UTC
Mon, 1 Jun 2026 19:08 PM EDT |
|---|---|
| Last Update | Mon, 1 Jun 2026 23:08 PM UTC (50 hours ago)
Mon, 1 Jun 2026 19:08 PM EDT |
| Status | Open |
| Affected Location | Dallas (TX) |
As part of our ongoing infrastructure improvements, our team will perform a scheduled network change in our Dallas environment. Maintenance Window: Impact: Users may observe a route path change during the maintenance window, but services are otherwise expected to remain available. # | |
| Posted | Mon, 25 May 2026 04:21 AM UTC
Mon, 25 May 2026 00:21 AM EDT |
|---|---|
| Last Update | Wed, 3 Jun 2026 22:50 PM UTC (152 minutes ago)
Wed, 3 Jun 2026 18:50 PM EDT |
| Status | Closed |
We have recently scanned servers for potentially open NTP services on UDP port 123. Time synchronization is important and should remain enabled. However, most VPS, web, and mail servers only need client-side time sync and do not individually need to provide public NTP services. If you received an email with link to this notice, your server was highlighted in our check. Where appropriate, we may update the time setup so that the server continues to keep accurate time without exposing unnecessary ports. This may involve replacing the legacy 'ntp' daemon with a client-only time sync service such as 'systemd-timesyncd' or 'chrony', or otherwise restricting inbound access to UDP/123. No service impact is expected. At most, the local time synchronization service may be restarted briefly. # | |
| Posted | Fri, 22 May 2026 02:39 AM UTC
Thu, 21 May 2026 22:39 PM EDT |
|---|---|
| Last Update | Fri, 22 May 2026 02:48 AM UTC (13 days ago)
Thu, 21 May 2026 22:48 PM EDT |
| Status | Closed |
In October 2025 Adobe published a bug report APSB25-94 for Magento. We have been been made aware this bug has been used to actively exploit Magento based sites. It does not require any form of authentication. On vulnerable systems an agent can upload and use files with exploit payloads to gain remote code execution. A breakdown of the RCE can be found at https://sansec.io/research/magento-polyshell Adobe has included a fix in their 2.4.9 beta branch, but as of 22 May 2026 has not released that to any stable branches. We recomend keeping Magento instances (and any web application) up to date with the latest stable release. Additional mitigations: Ensure you have appropriate webserver protections against unintended access and operations for vulnerable parts of magento, especially the media and uploads folders, for example by disabling script exection on those. Audit your pub/media/custom_options and subfolders for existing unverified scripts or images embedded with executable PHP tags Consider using a plugin that helps protect your magento instance, for example this community provided option - https://github.com/aregowe/magento2-module-polyshell-protection Exact solutions may be dependant on your specific setup, If you have questions, please reach out to our support team for assistance at https://rimuhosting.com/contact.jsp # | |
RimuHosting: Server hosting service. A Rimu Hosting Ltd business. RimuHosting services include:
© RimuHosting Ltd 2002-2026. Rimuhosting, Launchtime and the Rimuhosting logo are RimuHosting™ trademarks.
