Positive Fusion

We do not offer refunds for service periods. A client contracts with us for set period of time, be that monthly or quarterly. The client is entitled to hosting services for that contracted period of time, unless cancelled by us for violations of our policies or by client choosing. A client that cancels their hosting account previous to the end of their contracted term is not entitled to a refund for any unused portion of time. Cancelling service previous to the end of the term results in forfeiting funds paid for that term. This has always been our policy and has always been part of our terms of service and as such has been and must be agreed to during the signup process.

Our Terms of Service document has been updated in green to reflect this clarification.

Jack’s Formmail php has been found to be exploitable and can be used to send out unsolicited email (UCE/SPAM).

If you are using this script, we ask that you please replace it immediately. As an alternative option, we recommend using NMS Formmail Replacement, which can be found at http://nms-cgi.sourceforge.net/scripts.shtml. Do not replace the script with Matt Wright’s formmail script, as it is even more exploitable.

On May 5th our network provider will begin an audit of all servers, any scripts that have not been replaced will be disabled.

Additionally, we will be removing all instances of any files labeled as formmail.cgi, formmail.pl, and variations, to further secure and guarantee the integrity of our services.

The purge of client accounts for which account restoration was not requested is now complete. We will no longer restore accounts from backup. Any accounts not restored previous to today will be treated as new.

Due to potential security concerns the included formmail script that is setup from within CPanel and called via the cgi-sys directory has been removed for the time being. We hope this will not negatively affect clients, but due to the rising instances of exploit attempts, it was viewed to be the most reasonable course of action. This ‘default’ install of the formmail script could be called from any hosted domain, even if it was never setup and has resulted in a rising number of concerns regarding emails bounced back to the domain owner because of attempted exploits. The messages sent to the domain owner from our email server indicate that the exploits have not been successful; however, the removal of these scripts is warranted to protect the integrity of all hosted domains. We do not wish for a domain to be associated with spamming (should an exploit prove effective) when the owner was doing nothing of the sort.

For those in need of a formmail script, we recommend Jack’s PHP formmail, available via http://www.dtheatre.com/scripts/, we also recommend that it be renamed to something other than formmail, this will provide security through obscurity, helping to eliminate potential spam bots from finding it.

This does not affect client installed versions of the formmail script, but as with any script, it is strongly urged that you check back with the script’s author for updates and security fixes if applicable on a regular basis. If you are running a formmail script of any kind, please be sure that it is the most updated version available. Formmail scripts are rather notorious for having security flaws and allowing spam to be sent through your domain; obviously this is quite unwelcome, so again, make sure your scripts are secure.

This morning subscription requests were sent, as copies of previous invoices, for any pending invoices within our billing system that indicate no automatic subscription exists. This is not an additional invoice, but only a copy to provide accurate information regarding your account. If you should have any questions please contact support through standard methods. These subscription requests are part of the ongoing process to return all aspects of service to normal operating conditions. Thank you for your cooperation.