Today I got a email from Register365, saying that for security reason they are disabling the online web folder manager. The sneakily make it sound like they are just disabling it until it’s fixed. But in reading this it also sounds strange that they don’t disable it straight away if it is such a threat. Here is the email I just got :
Dear paul savage,
Thank you for choosing Register365 as your hosting provider of choice.
IMPORTANT SERVICE NOTICE
At Register365 we take the security of our customers’ hosting services
very seriously and as such we would like to inform you that our
engineers have discovered a potential security flaw in the WebShell file
manager. In order to preempt any risk of a security breach that may
affect our customers’ websites the WebShell feature will be turned off
as of Midday on Tuesday 9th February 2010 .
Please note this is a precautionary measure and FTP will continue to
work as normal and your websites should not be affected in any way by
If you need any support on how to use FTP clients to upload files to
your site please refer to our knowledge base articles located at
At Register365 we strive to provide the best quality of service and
infrastructure to all our customers and as you may already know, we have
been working hard to deploy a new shared hosting cluster based on state
of the art technology and delivering the most stable and secure hosting
environment on the Irish market. If you would like to find out more
about the new hosting cluster available with Register365 and how you
could migrate to the new platform for FREE, please contact
If you have any further questions, please do not hesitate to contact our
support teams through the usual channels.
Namesco Ireland Limited (trading as Register365)
To that I submitted a support case as the service email came from “firstname.lastname@example.org” .
You are disabling it indefinitely ? or just until you can patch the service ?
This is unclear in the email I got from you.
and to that I got the updated report that they are not fixing it, with some extra padding about saying it’s too difficult.
Good afternoon Paul,
Thank you for your email.
It’s being disabled indefinitely I’m afraid as it would be too prohibitive to have a patch developed, tested and deployed at this late stage in our H-Sphere platform’s life cycle.
We haven’t taken this decision lightly but the issue that has been identified could potentially be quite serious so urgent pre-emptive action was needed. Disabling the webshell feature for the foreseeable future seemed the most expeditious and safest solution.
We apologise again for any inconvenience caused.
Namesco Ireland Limited
An unconvinced customer
Somehow I am not convinced here, if it’s a security issue why not disable straight away, and why no provide an alternative ? It really doesn’t sound like any level of customer support or attention to security. If it’s a security hole, disable straight away. You are now suddenly not providing a method for people to edit their files outside FTP’ing them, this for many people is not an option because of company firewalls. All in all it seems like Namesco Ireland Limited / Register365 couldn’t give a toss about their customers.