Maintenance On Fpn Server

April 10, 2014

In a few hours time some necessary maintenance will take place on our server.

Exact down time is not known yet, but should not be more than 2 hours. Start of this maintenance is between 17:00 and 19:00 UTC, or 12:00 and 14:00 EST.

Warm regards, WIm

April 10, 2014

As we have had a few questions on the OpenSSL issue and the Heartbleed virus, a few answers:

- Our server was patched on April 8 already, by our host provider.

- We do not (and never did) store any credit card information on our server.

- Our server is only accessible from a non-standard port, from just 2 ip-addresses, with a private key only, which is not stored on the server.

In short: we were (and are) safe.

However, it is always wise to change one's password every so often, so if you do feel the need to do so, by all means, do .

HTH, warm regards, Wim

April 11, 2014

Figured just that.

Was in the middle of resetting all passwords to get this old machine locked down, (may see new life with ubuntu later on, but who knows when/if I'll have the time to tinker with it). Next, have to get new router up and set for new pc. FPN pw was reset, and poof > maintenance notice. Thanks for waiting until I was done ; )

Was surprised how many passwords had accumulated.

Thanks for letting Us know, and keeping the ink well Prairie safe : )

April 11, 2014

Figured just that.

Was in the middle of resetting all passwords to get this old machine locked down, (may see new life with ubuntu later on, but who knows when/if I'll have the time to tinker with it). Next, have to get new router up and set for new pc. FPN pw was reset, and poof > maintenance notice. Thanks for waiting until I was done ; )

Was surprised how many passwords had accumulated.

Thanks for letting Us know, and keeping the ink well Prairie safe : )

Be careful about resetting passwords if the OpenSSL patch hasn't been released to that website.

If you do, and it is still vulnerable to Heartbleed, it could make it easier for potential hackers to get your password, as the Heartbleed vulnerability is to do with what servers cache in their memory. If the website hasn't been patched and you reset your password, it could potentially be worse than just leaving it.

Of course, sites that have been patched (like FPN) are fine to change your password on, and it's probably a very good idea to do so.

Hope that helps anyone

April 11, 2014

In addition: passwords here are not stored in memory, a hash code is, which changes with every login.

Also, we do use encryption for our store (ionCube) in order to preserve privacy.

@P2P: Sorry, but that is the eternal dilemma - when to do maintenance . Some people will suffer, unfortunately.

Warm regards, Wim

April 11, 2014

Be careful about resetting passwords if the OpenSSL patch hasn't been released to that website.
If you do, and it is still vulnerable to Heartbleed, it could make it easier for potential hackers to get your password, as the Heartbleed vulnerability is to do with what servers cache in their memory. If the website hasn't been patched and you reset your password, it could potentially be worse than just leaving it.

Of course, sites that have been patched (like FPN) are fine to change your password on, and it's probably a very good idea to do so.

Hope that helps anyone

Thanks for responding. You answered the specific question I couldn't find online, before I did the resets.

That said, announcement to all the evil hackers who now have my Everything. ; ) I lead such a boring life, with no funds to steal, they've wasted their wasteful time on me.. lol Besides, I don't do banking online, (hmm... now why wouldn't I trust that??? most things are on auto-pay. So unless they tap my brick and mortar bank, should be ok.

The one thing the Did get was valuable time yesterday. My taxes would be ready, set, go. (need a scowl y face emotie).

Yay, good practices Wim! Thanks to both.

p2p