Update - We have now sent emails to our managed Windows Server customers with their scheduled maintenance details. We have also prepared blog posts outlining our recommended steps for Windows - https://sitehost.nz/blog/2018/meltdown-how-to-protect-your-windows-server - and Linux - https://sitehost.nz/blog/2018/meltdown-how-to-protect-your-linux-server - for those customers who manage their own servers. Preparing a Windows Server 2008 image without a sizeable performance impact is proving difficult and while we continue to work on this, we would recommend looking at upgrading to a newer Windows Server version where possible.
Jan 24, 18:05 NZDT
Update - We have now completed the rollout of updated Windows Server 2012 and Windows Server 2016 images, so any new provisions will be protected out of the box. Work continues on Windows Server 2008 with new images in final testing now, ahead of a targeted rollout tomorrow.

It is worth noting that the patches do have a performance impact for Windows servers. In our testing, performance remains mostly unchanged for Windows Server 2012 with the exception of storage, with a performance drop of 17% compared to the unpatched version. The performance impact on Windows Server 2016 is lower than that of Windows Server 2012, with again the only noticeable difference relating to storage - a 6% performance drop compared to before the patch.
Jan 22, 19:30 NZDT
Update - Another quick update on Meltdown and Spectre - we have rolled out images for Ubuntu, Debian and CentOS 7 which include updated kernels relevant to the vulnerabilites. We are still waiting on an updated CentOS 6 image but for other distributions, any new provisions will be updated out of the box. It is also worth noting that our testing has shown that within our infrastructure individual Linux virtual servers are not vulnerable to the Meltdown exploit. With our Windows images, Server 2012 and 2016 are in final internal testing with a view to being rolled out on Monday next week at which time we will also post more details about the impact of these patches.

For existing managed servers, we'll be in contact with customers directly on Tuesday next week with regard to our maintenance plans. We'll do our best to schedule these maintenances for off-peak times however the impact of these vulnerabilities means we may need to act quickly to ensure security for our customers.

Unmanaged customers: we recommend that you update as soon as you can, based on your OS vendor's recommendations. We've noted problems with the latest (at the time of writing) CentOS 6 kernels and don't recommend upgrading to it just yet, but outside of that we're not aware of any issues with the updates currently available. We will be preparing some knowledge base articles outlining the steps you need to take to be secure based on what we've learned over the last two weeks and hope to have those available for you early next week.

We will continue to update our status page with detail as more news becomes available.
Jan 19, 17:26 NZDT
Update - It’s time for another update about Meltdown and Spectre. Like almost every cloud service provider we have been learning more about these vulnerabilities every day as more information comes to light and more patches are made available.

One of the unique aspects of Meltdown and Spectre is that different hardware, virtualisation software, and guest operating systems are vulnerable in different ways. That means there’s no silver bullet across our entire fleet or product range.

That being said, we are currently testing updated images for Ubuntu, Debian, CentOS, CoreOS and Windows. Our goal is to release these early/mid next week once we’re confident in their stability and understand any potential performance impact they may have. From there we’ll be looking at if and when we need to apply these updates to managed servers.

If your server is unmanaged but a patch is available you can update to the latest kernel or OS version when ready by following the vendors documentation. Please do note that we cannot vouch for the stability or potential performance impact of any of these patches.

Patching customer servers is only part of the picture though. The underlying hardware nodes also need patching which is where our hardware and virtualisation vendors come in. In most cases we are still waiting on patches, but we are using this time to investigate our options to ensure our infrastructure is safe and secure in as timely fashion as possible while having minimal impact to reliability and performance.

We’ll post another update as soon as we have more news.
Jan 12, 16:18 NZDT
Update - Some key upstream vendors are still working on patches for these flaws and we're continuing to work with them. We expect to have more news later this week.
Jan 9, 10:43 NZDT
Investigating - Due to two severe vulnerabilities released today that impact almost all computers and cloud providers there will be some short notice critical maintenance that will require downtime in the coming days. We are currently investigating patches and as soon as we have them verified and tested we will confirm the exact timing of the outage windows on this site and via email. At this stage we believe this very likely affects all customers, but we believe our Dedicated and Private Cloud customers to be at a much lower risk.

– https://meltdownattack.com/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

We will provide updates as we learn more.
Jan 4, 12:18 NZDT
API   Operational
Cloud Containers   Operational
Control Panel   Operational
IPv6 Network   Operational
DNS Operational
Name Server 1   Operational
Name Server 2   Operational
Name Server 3   Operational
Mail Operational
IMAP   Operational
POP3   Operational
Webmail   Operational
Website   Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Past Incidents
Feb 21, 2018

No incidents reported today.

Feb 20, 2018

No incidents reported.

Feb 19, 2018
Resolved - We have seen no further issues related to this incident so we are marking it as resolved.
Feb 19, 10:54 NZDT
Monitoring - Our testing has indicated that Cloud Container actions are back to normal, and we are monitoring for any further issues.
Feb 19, 08:54 NZDT
Identified - We believe that we have identified the issue and are currently testing to confirm that all actions are available and functioning correctly.
Feb 19, 08:35 NZDT
Investigating - We are currently investigating issues we are seeing with our Cloud Container product affecting provisioning and configuration of containers via the control panel. Servers and sites are unaffected at this time.
Feb 19, 08:22 NZDT
Feb 18, 2018

No incidents reported.

Feb 17, 2018

No incidents reported.

Feb 16, 2018

No incidents reported.

Feb 15, 2018

No incidents reported.

Feb 14, 2018

No incidents reported.

Feb 13, 2018

No incidents reported.

Feb 12, 2018

No incidents reported.

Feb 11, 2018

No incidents reported.

Feb 10, 2018

No incidents reported.

Feb 9, 2018
Completed - The scheduled maintenance has been completed.
Feb 9, 04:00 NZDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Feb 9, 01:00 NZDT
Scheduled - We will be performing scheduled maintenance on managed Linux servers in our North Shore and Sydney data centres to help protect against the Meltdown vulnerabilities. We expect individual servers to be unavailable for up to 30 minutes within the maintenance window.
Jan 31, 18:47 NZDT
Feb 8, 2018
Completed - The scheduled maintenance has been completed.
Feb 8, 03:52 NZDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Feb 8, 01:00 NZDT
Scheduled - We will be performing scheduled maintenance on managed Linux servers in our Auckland City data centre to help protect against the Meltdown vulnerabilities. We expect individual servers to be unavailable for up to 30 minutes within the maintenance window.
Jan 31, 18:45 NZDT
Feb 7, 2018

No incidents reported.