1&1 Status Page

We continuously monitor the status of the 1&1 Web Hosting services. If there are any interruptions in service, a note will be posted here.
If you experience problems accessing your 1&1 Web Hosting services which are not listed here, please contact us. For contact channels please click here.


Maintenance Incident

No planned maintenance scheduled.

New security vulnerability is published
Start:
09/25/2014 9:55 AM
Estimated end:
Unknown
Last update:
09/25/2014 10:04 AM
Type:
Incident
Affected services:
All
Description:

The press and the community has published the news about the bash vulnerability called "Shell Shock" ("CVE-2014-6271") on 09/24/2014. Bash is most commonly used on the Linux level as so-called "Unix Shell". Due to this vulnerability, it may happen that under certain conditions, arbitrary shell code is executed. This occurs when the server service running system commands from a bash shell.

We currently have patched the vulnerability on our managed servers and shared hosting, where the security is managed by 1&1. Due to our preexisting security measurements that were in place before the exploit, running the following exploit test code on our managed and shared platforms will return a false positive, but currently it is not possible to exploit our managed systems via an external attack.

An important note on our part: Do you own a root server on which you yourself are the administrator? If so, please perform a security update of your bash shell on your server. For all major operating systems affected updates are already available.

How do you know if you are affected? - Open the Shell, and type the following code:

env = x '() {:;}; echo vulnerable 'bash-c "echo this is a test"

If your terminal returns the word "vulnerable", then you are affected.

Please take note that systems running the Parallels Plesk or Small Business panel depend on certain versions of PHP and MySQL, and a complete yum or apt update is not recommended as this may break Plesk.

Commands to Update Only Bash in Debian:

apt-get update

apt-get install --only-upgrade bash

Commands to Update Only Bash in CentOS

yum update bash