It’s been a long time since we’ve made any significant changes to our services, but over the last few months we have been working to improve things for our customers. We have made several changes that I am excited to share with you as follows:

Web Site

As you may have noticed, we recently updated our web site at www.edikon.com. The site is meant to be easier to navigate and understand, while emphasizing the powerful features we offer our customers. We have also included testimonials that many of our customers have shared with us in the past so that new customers can read what it’s like to host with us. We always welcome new testimonials, so please reach out if you also want to see your name in lights!

Help Center

We have updated the way you access and interact with our technical support, billing, and sales teams by reverting back to our helpdesk run by our friends at Tender. We are truly committed to offer the best support possible and after studying the results of several months worth of trouble tickets and communications we realized that Tender was allowing us to offer faster response times, better internal communication, and ultimately a better customer experience.

CloudLinux

We have installed a software called CloudLinux on all of our shared servers, which allows us to set real-time account limits on resources such as the CPU(s) and physical memory. The purpose of the software is to prevent a single account from causing performance issues on the server by consuming all of the resources, leaving none for everyone else. This should improve performance for all sites because more CPU and memory will be more equitably available to all.

Multiple PHP Versions

We have been contacted by users asking when we are going to provide support for PHP 5.4 or even 5.5 and higher. Because of the nature of shared hosting we try to avoid upgrading PHP to major versions as these could disrupt existing websites that rely on older versions, and may not be compatible with the changes made in newer revisions.

To combat this we have now deployed a PHP selector across all of our servers. This allows you within the control panel to choose the PHP version you want to use for your account or particular domain. No longer are you restricted by the PHP version we run by default. You can now choose from between PHP 5.2, 5.3, 5.4, and 5.5!

Global SSH Access

All users on shared and enterprise hosting plans have the ability to request SSH access by default. Simply login to your control panel and access the FTP Manager tool. There you will be able to request SSH and one of our support engineers will quickly enable your account.

There is one caveat: we have disabled password-based logins via SSH and will strictly require that you provide us with a public SSH key in order to login.

In the future, we plan to also limit FTP access to our servers using SFTP. We will notify you of this change when the time comes.

Increased Security

We have implemented a Cage File System “CageFS” which works to further isolate accounts from each other. This provides a significant layer of security on shared hosting and can help reduce cross-account attacks.

Conclusion

We have more changes planned for the near future, but for now we hope the above will prove beneficial and advantageous to you all. We try to take all feedback we receive and where possible change our service for the better.

Please stay tuned for knowledge base entries explaining each one of the above items in detail.

If you are experiencing any issues with any of the above new features, or wish to discuss anything contained within this post, please get in touch with us via support ticket or give us feedback.

Thank you very much for choosing Edikon.

Heartbleed is the nickname for a critical vulnerability discovered in some versions of OpenSSL, one of the most popular SSL libraries used in a number of open source products.

The heartbleed.com website has been setup to provide more information about this bug and its affects.

If you are concerned about whether you, or a site you use is affected, there are a number of 3rd party sites that are offering testing services including: https://filippo.io/Heartbleed.

Important Facts

• Our website and hosting services were unaffected by this vulnerability.
• OpenSSL version 1.0.1 through 1.0.1f with the heartbeat extension enabled are affected.
• OpenSSL version 1.0.1g addresses the vulnerability.  Versions of OpenSSL prior to 1.0.1 were unaffected.
• SSL/TLS is not broken.

Q. How does this affect Edikon customers?

A.  While Edikon was unaffected by the Heartbleed vulnerability, we are, as a precaution, suggesting Edikon customers change their account passwords as it is not uncommon for people to use the same password with multiple service providers.

Q. How did Edikon avoid being vulnerable to this bug?

 A. Edikon takes security serious and always makes every effort to keep our systems patched and up-to-date. In this particular case, Edikon was unaffected because our systems either didn’t use OpenSSL at all or, in a few cases, do use OpenSSL but were using a version unaffected by the vulnerability.

Q. Does this impact my Edikon hosting account?

A.  No, our hosting service was unaffected by the Heartbleed vulnerability.

Q. Does this impact my SSL Certificate?

A. The answer here is a bit more complicated. If you have a SSL certificate purchased through Edikon and use it on hosted services provided by Edikon, then you are unaffected.

Q. I used my a SSL Certificate purchased at Edikon with another service or on my own servers.  Am I affected?

A. That depends on the third party service provider. If that service was affected by the Heartbleed bug, then you should be concerned. Hopefully, the service has been patched already but even then, as a precaution, you should consider re-issuing our SSL Certificate, installing it, and then revoking the old one. Instructions for that are below for Symantec and Comodo brands.

Q. What is the difference between OpenSSL and an SSL Certificate?  Why is only one affected by this bug?

A.  OpenSSL is an open source library that implements the SSL protocol. An SSL Certificate is, essentially, the digital lock used by SSL to secure internet communications. It contains, amongst other things, the identity of the certificate’s owner and some indication of who verified the certificate’s creation (the Certificate Authority or CA). The Heartbleed vulnerability affected websites or systems that used the OpenSSL library not the certificates themselves.

Q.  If the certificates were not affected, why are hosting companies suggesting they be reissued?

A.   Security researchers discovered that the Heartbleed vulnerability made it  possible to recover both the public and private keys that are used to create the SSL Certificate. Even after the OpenSSL vulnerability was patched, the private key could be used to decrypt future messages; revoking and reissuing the SSL certificates makes that impossible.