Important - Changes to Email, FTP and Database Access (PCI Compliance)

Spiral Hosting are committed to providing the latest software on our web servers for optimum performance and security. Today we emailed all our clients important information on changes to email, FTP and database access. It is essential that clients read the full information and take action.

To comply with PCI (payment card industry) requirements, which are important for hosting clients with e-commerce websites that process credit cards, we are making three significant changes to email access, FTP access and remote MySQL database access.

 

1) We are disabling plaintext authentication for email access (checking your email without encryption). It's important all clients take steps to implement SSL/TLS (implicit encryption) or STARTTLS (explicit encryption) as soon as possible. All email access (POP3, IMAP, SMTP) will require an encrypted connection. Your connection to our email server will soon stop working if you do not implement these steps!

 

2) We are disabling plaintext authentication for FTP access (connecting to File Transfer Protocol without encryption). FTP access is normally used by a webmaster to upload/download files from a hosting account. It's important your webmaster take steps to implement FTP-SSL (explicit FTP over TLS [FTPES]) as soon as possible. All FTP access will require an encrypted connection.

 

3) We are restricting incoming MySQL database connections. Access to MySQL port 3306 will only be permitted from remote IP addresses on our access list. Remote IPs must be granted access both in the cPanel hosting control panel and on our server firewall. Please email your requirements to our support team as soon as possible.

These requirements have been best practices for a number of years and many clients will already fulfill them, but they will now become compulsory. If you do not understand the technicalities of these changes, it's important you discuss them with your IT manager, website developer or email our support helpdesk.

 

When is it happening?

For clients on Enterprise hosting plans, the changes will take effect on THURSDAY 4 AUGUST 2016. For all other clients on our normal shared/reseller hosting plans, the changes will take effect on THURSDAY 18 AUGUST 2016. We strongly encourage you to re-configure your email clients much earlier.

 

Checklist

1) Encrypted email access
We recommend all clients make a list of all email programs (MS Outlook, Thunderbird, Apple Mail etc) and also any email devices (iPhone, iPad, Android etc) and review their email configurations. This is particularly important for business clients who might have an office with lots of desktop computers, laptops and phones that need re-configured. Don't forget the office scanner or photocopier! (if it sends email).

 

We have created a guide on how to check MS Outlook, Thunderbird, Apple and iPad/iPhone email applications: https://secure.spiralhosting.com/knowledgebase.php?action=displayarticle&id=159

Your connection to our email server will soon stop working if you do not implement these steps!

 

2) Encrypted FTP access
Make sure your IT person or web developer knows about these changes so they can update their FTP client settings to use SSL/TLS. If they use an FTP client like FileZilla, they must make sure "Explicit FTP over TLS" is selected as the encryption type. "Plain FTP" will no longer work.

 

3) Restricted MySQL access
If you have computer software that requires an incoming connection to our MySQL database, it's important your IP address has the correct access. Remote IPs must be granted access both in the cPanel hosting control panel and server firewall. It's important all clients whose websites have remote incoming database connections discuss their requirements with our support team as soon as possible.

We're gradually rolling out some changes and we're making sure our web servers have the latest software for both security and ease of use. It's important to keep your site up to date so please make sure you check your site after the update has been completed at the time above.

 

As always, any questions, get in touch via support ticket and our team will be happy to assist you.

Important Info on Current Promotions

‡ Promotion "1 Free Domain Name": Shared & Enterprise hosting plans include 1 free domain name, which can be a new registration or a transfer from another provider. The free domain name is limited to specific extensions, including .com, .com.au, .eu, .ie, .uk, .co.uk, us, .org, .net. The full list of current extensions is on the order page. We reserve the right to add/remove extensions to the list at any time and without notice. Promotion is on-going.

* Promotion on .ie extension (Ireland): Our standard price for .ie domain names is €15.95+vat per year, including transfers and renewals. We have reduced the price to €4.95+vat (registrations) and €5.95+vat (transfers). Only on orders of 1 year duration. A fair usage limit of 3 .ie names per client applies. Also available to clients paying in UK Pounds (£4.95 registrations / £5.95 transfers). Excludes other currencies. For more info and eligibility requirements please check our blog post. Promotion ends 31/08/2021.
After reaching the fair usage limit, clients will benefit from our reseller price of €14.95+vat per .ie domain name until 30/01/2022. To maintain the €14.95+vat reseller price, a client must maintain 10 active .ie domain names on their account, otherwise future renewals will revert to the standard price €15.95+vat.

** Promotion on .eu extension (Europe): The 1st year price for new .eu names is reduced to €3.95 EUR. Also available to clients paying in UK Pounds (£3.95 GBP). Excludes other currencies. Promotion ends 30/09/2021.
Promotion on .eu extension (Europe). Very limited time 7-12 May 2021. New registrations with a 10-year duration are available for a reduced price of €20 EUR. Also available to clients paying in UK Pounds (£20 GBP). Excludes other currencies. For more info and eligibility requirements please check our blog post. Promotion ends 12/05/2021.
** Promotion on .eu extension (Europe). Limited days Thursdays and Fridays only. Every Thursday and Friday between 19 May 2021 and 16 December 2021 (inclusive), the 1st year price for new .eu names is reduced to €2.00 EUR. Also available to clients paying in UK Pounds (£2.00 GBP). Excludes other currencies. Promotion ends 30/09/2021.