Hi,
We've had reports that the password reset feature of the panel is
broken at the moment.
Some new code was pushed live a few days ago and this obviously got
past testing. I am working on fixing this as a top priority, but in
the mean time if you do require a password reset please:
1. Check to see if we've fixed it yet
2. If not, contact support@ requesting reset
3. Use phone if urgent and you haven't received confirmation that
it's been done yet
I do expect it to be fixed today.
https://tools.bitfolk.com/redmine/issues/80
Apologies for the inconvenience.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
From announce-bounces+users=lists.bitfolk.com@??? Fri Aug 12 15:29:30 2011
Received: from localhost ([127.0.0.1] helo=bitfolk.com)
by bitfolk.com with esmtp (Exim 4.72) (envelope-from
<announce-bounces+users=lists.bitfolk.com@???>)
id 1Qrtfu-0000Lp-JD
for users@???; Fri, 12 Aug 2011 15:29:30 +0000
Received: from andy by bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1Qrtfr-0000Li-Nj
for announce@???; Fri, 12 Aug 2011 15:29:27 +0000
Date: Fri, 12 Aug 2011 15:29:27 +0000
From: Andy Smith <andy@???>
To: announce@???
Message-ID: <20110812152927.GJ19219@???>
References: <20110812151557.GI19219@???>
MIME-Version: 1.0
In-Reply-To: <20110812151557.GI19219@???>
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Fri,
12 Aug 2011 15:29:27 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd2.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-BeenThere: announce@???
X-Mailman-Version: 2.1.11
Precedence: list
Content-Type: multipart/mixed; boundary="===============0530520420=="
Sender: announce-bounces+users=lists.bitfolk.com@???
Errors-To: announce-bounces+users=lists.bitfolk.com@???
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Fri,
12 Aug 2011 15:29:30 +0000
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: announce-bounces+users=lists.bitfolk.com@???
X-SA-Exim-Scanned: No (on bitfolk.com); SAEximRunCond expanded to false
Subject: Re: [bitfolk] https://panel.bitfolk.com/ password reset
feature broken at the moment
X-BeenThere: users@???
Reply-To: users@???
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2011 15:29:30 -0000
--===============0530520420==
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6"
Content-Disposition: inline
--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Fri, Aug 12, 2011 at 03:15:57PM +0000, Andy Smith wrote:
> We've had reports that the password reset feature of the panel is
> broken at the moment.
Fixed now.
Cheers,
Andy
--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk5FRtcACgkQIJm2TL8VSQs+agCffbrXxdzIXYiSxF8BKJV1872c
le8An3xHiG0cqSX44fvpDKqdyorXAjcc
=3nHP
-----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--
--===============0530520420==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
--===============0530520420==--
From announce-bounces+users=lists.bitfolk.com@??? Thu Aug 25 16:06:15 2011
Received: from localhost ([127.0.0.1] helo=bitfolk.com)
by bitfolk.com with esmtp (Exim 4.72) (envelope-from
<announce-bounces+users=lists.bitfolk.com@???>)
id 1QwcRa-0004a6-Ux
for users@???; Thu, 25 Aug 2011 16:06:14 +0000
Received: from andy by bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1QwcRW-0004Zw-NT
for announce@???; Thu, 25 Aug 2011 16:06:11 +0000
Date: Thu, 25 Aug 2011 16:06:10 +0000
From: Andy Smith <andy@???>
To: announce@???
Message-ID: <20110825160610.GX19219@???>
MIME-Version: 1.0
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Thu,
25 Aug 2011 16:06:10 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd2.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-BeenThere: announce@???
X-Mailman-Version: 2.1.11
Precedence: list
Content-Type: multipart/mixed; boundary="===============1643597500=="
Sender: announce-bounces+users=lists.bitfolk.com@???
Errors-To: announce-bounces+users=lists.bitfolk.com@???
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Thu,
25 Aug 2011 16:06:14 +0000
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: announce-bounces+users=lists.bitfolk.com@???
X-SA-Exim-Scanned: No (on bitfolk.com); SAEximRunCond expanded to false
Subject: [bitfolk] [Fwd: Apache 1.* and 2.* vulnerability]
X-BeenThere: users@???
Reply-To: users@???
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 16:06:15 -0000
--===============1643597500==
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="/Uq4LBwYP4y1W6pO"
Content-Disposition: inline
--/Uq4LBwYP4y1W6pO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In case you haven't already heard:
----- Forwarded message from Jan Henkins -----
Hello there,
Forwarding this to official support due to it's importance (should have
done this earlier!). Please pass this on to the Bitfolk list!
Since I've sent the below message, I have found a mitigation strategy for
Debian:
1) Create /etc/apache2/conf.d/setenvif with the following content:
---star---
<IfModule mod_setenvif.c>
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=3D1
RequestHeader unset Range env=3Dbad-range
# optional logging.
CustomLog /var/log/apache2/range-CVE-2011-3192.log common
env=3Dbad-range
</IfModule>
---end---
Be advised that the above should not work out of the box, since "headers"
module was not enabled by default (this could be the actual Debian and
Ubuntu standard).
2) Enable the headers and rewrite modules:
a2enmod headers
a2enmod rewrite
3) Restart apache
---------------------------- Original Message ----------------------------
Subject: Apache 1.* and 2.* vulnerability
=46rom: "Jan Henkins"
Date: Thu, August 25, 2011 11:00
--------------------------------------------------------------------------
Hello Andy,
