Aspiration Hosting 3.0

Three years ago we introduced Aspiration Hosting 2.0, which includes a complete redesign of our website and a host of other changes.

Today we are introducing Aspiration Hosting 3.0, which include the biggest changes to our company to date.

New Responsive Designs

As the last website design is becoming dated and uninteresting, we decided that it is time to do a complete redesign. We enlisted the help of an excellent designer, Jordan Owen to work on a new design and after a few months of hard work, our new website design is now ready to go live.

The new design is responsive, which means that you can access our website from any devices (Desktops, Laptops/Notebooks, Tablets, Smartphones) and the website layout will automatically adjust to match the screen size of your device. This extends to our Company Blog and Client Area as well so you can read our announcements, pay your invoices, submit and read your support tickets from any devices.

We are in the process of working on a new cPanel design which matches the new website design and it will be responsive as well, allowing you to manage your hosting accounts easily from any devices. You will see a pleasant new design when logging in to your cPanel as soon as the design is ready to go live.

Cloud Servers

Along with the new design, we are introducing our latest solution to help you grow your business with peace of mind – The Cloud Server with Auto Failover.

The main features of our Cloud Servers include High Availability, Pure SSD Storage, Guaranteed Resources and Easy Scaling.

All Cloud Servers are genuinely 100% Fully Managed and we are responsible for all server administration matters. You will not need knowledge about server management or worry about security as we will handle them all for you.

It took us many months to create the perfect formula for our Cloud Servers and we hope you will like it as much as we do!

Rewards Program

We work with partners across multiple industries to draw up a Rewards Program specially for you, our valued client.

Our Rewards Program offers you with Freebies, Special Deals and Perks by our partners including aheadWorks, Stripe, Google, Sucuri, LastPass, Extendware and many more.

We are constantly working with multiple partners to bring more value to you so do stay tuned for more partners who will be joining our Rewards Program.

Uptime, Twitter, Feedback and Reviews

As with our announcements three years ago, the Uptime Report for our servers (monitored by Pingdom) are still viewable publicly.

We are still active in Twitter and if you haven’t follow us, now is the time to do so!

Our Feedback Department is still available where you can reach our Management team directly for any complaints, feedbacks or suggestions.

Finally, we still collect reviews with ShopperApproved and if you love our services, we do hope you can take some time to write an honest review about your experience with us.

Thank you for taking the time out of your hectic schedule to read this, we really appreciate it!

SSLv3 Disabled Due to POODLE Bug

Engineers at Google found a new vulnerability in SSL version 3.0 (SSLv3) and they call it POODLE (Padding Oracle On Downgraded Legacy Encryption). The vulnerability allows an attacker to add padding to a request in order to then calculate the plaintext of encryption using the SSLv3 protocol. Effectively, this allows an attacker to compromise the encryption when using the SSLv3 protocol. Full details have been published by Google in a paper.

Who does this affect?

SSLv3 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

However, the only group of users who will be seriously affected by this bug is those who are still using Internet Explorer 6 on Windows XP (both are already at their End of Life).

According to CloudFlare, 0.09% of all traffic across their network is SSLv3. For HTTPS traffic, 0.65% across their network uses SSLv3. The good news is most of that traffic is actually attack traffic and some minor crawlers. For real visitor traffic, today 3.12% of CloudFlare’s total SSL traffic comes from Windows XP users. Of that, 1.12% Windows XP users connected using SSLv3. In other words, even on an out-of-date operating system, 98.88% Windows XP users connected using TLSv1.0+ — which is not vulnerable to this vulnerability.

Our Response

We will be disabling SSLv3 across all of our servers as this is a serious vulnerability with no patch in sight (as SSLv3 is very old) and most web browsers will be dropping support for SSLv3 after this POODLE incident anyway.

If you receive any complaints from your website visitors who are affected by the decision to disable SSLv3, we highly recommend that you suggest them to stop using Internet Explorer 6 and switch to a modern browser like Google Chrome, Mozilla Firefox, Safari and Opera.

For those of you who are not aware, even Microsoft is discouraging Windows XP users from using Internet Explorer 6 with their IE 6 Countdown website since the year 2011.

(Poodle image via Flickr, CC license.)

Domain Name Price Update 2014

Due to multiple price increases by our upstream registrars and registries for the past year, we are announcing an update to the price of our domain registration, transfer and renewal services which will affect all current and future domains with us. 

As of today, all domain names will have their price increased by $3.00/year. If you have a domain registered with us, the price increase will be reflected during your next domain renewal. 

Free ID Protection / Privacy Protection

While many registrars are starting to charge for ID Protection / Privacy Protection recently (many of them charge an extra $5.00 to $10.00 per year), we have decided to continue offering this service without any extra charge. 

ID Protection / Privacy Protection will help protect your personal information in your domain's public WHOIS record and will reduce the amount of unsolicited emails (SPAM) to your email address and also snail mail's mailbox. 

If you haven't enabled ID Protection / Privacy Protection, you can do so in our Client Area –> Domains –> My Domains –> Manage Domain –> Addons. 

Free Anycast DNS

We are also offering our new Anycast DNS service (Usual Price: $10.00/year) for free along with every domain name registration. 

With our Anycast DNS, you will be able to manage your domain's DNS even if your website is not hosted with us. 

Besides that, the Anycast DNS will also bring improvements to your DNS performance around the world as our Anycast DNS servers are spread throughout 18 cities across five continents (every continent except Africa and Antartica)! 

If you already have a domain registered with us, you can order the Anycast DNS at this link:-
https://my.aspirationhosting.com/cart.php?a=add&pid=120&promocode=DNS

If prompted, you can use the promo code “DNS” to receive 100% discount for the product. 

If you have any questions, feel free to contact our Billing Department

Thank you. 

SSL Transition: SHA-1 to SHA-2

Hilbert Map of Hashing Algorithms

Hilbert Map of Hashing Algorithms, by Ian Boyd

Most, if not all SSL Certificates today are running the SHA-1 cryptographic hash algorithm, which is getting weaker and easier to be attacked. 

Google and Microsoft announced SHA-1 deprecation plans that may affect websites with SHA-1 SSL Certificates expiring as early as the end of the year. 

Google

Google is gradually sunsetting SHA-1 with their Chrome browser by changing it's HTTPS security indicator step by step. 

When Chrome 39 is being released around November 2014, any SHA-1 SSL Certificates that expire on or after 1 January 2017 will be treated as “secure, but with minor errors” as shown in Pic 1 below.



Pic 1: Secure, but with minor errors

When Chrome 40 is being released around January 2015, any SHA-1 SSL Certificates that expire between 1 June 2016 to 31 December 2016 will be treated as “secure, but with minor errors” (as shown in Pic 1 above).

SHA-1 SSL Certificates that expire on or after 1 January 2017 will be treated as “neutral, lacking security” as shown in Pic 2 below.



Pic 2: Neutral, lacking security

When Chrome 41 is being released in Q1 2015, any SHA-1 SSL Certificates that expire between 1 January 2016 and 31 December 2016 will be treated as “secure, but with minor errors” (as shown in Pic 1).

SHA-1 SSL Certificates that expire on or after 1 January 2017 will be treated as “affirmatively insecure” as shown in Pic 3 below.



Pic 3: Affirmatively insecure

Microsoft

Microsoft’s SHA-1 deprecation plan differs in the activation time and browser behavior. Microsoft’s security advisory on “Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program” informed us that Windows will cease accepting SHA-1 SSL certificates on January 1, 2017. To continue to work with Microsoft platforms, all SHA-1 SSL certificates issued before or after this announcement must be replaced with a SHA-2 equivalent by January 1, 2017.

Transition to SHA-2 

In order to prevent online users on Chrome version 39 and later from experiencing these indicators, SHA-1 SSL Certificates expiring after December 31, 2016 must be replaced with SHA-256 (SHA-2) SSL Certificates.

To transition to SHA-2 SSL Certificates, you will need to contact your SSL vendor to re-issue your SSL Certificates to one which is based on SHA-2. 

For clients who purchased your SSL Certificates from us, we will contact each of you individually to re-issue your SSL Certificates to SHA-2 over the next few months.

As there are a lot of clients that we will need to contact, we will prioritize those who are affected by the Chrome 39 update first so please do be patient if we have not got to you yet. 

October 6th Update: All SSL Certificates purchased from us has been re-issued to SHA-2.

WordPress 4.0 Now Available

WordPress 4.0 is now available for download and upgrade. This release brings you a smoother writing and management experience.

WordPress Hosting

Manage your media with style

gallery

Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.


Working with embeds has never been easier

Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.


Focus on your content

Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.


Finding the right plugin

gallery

There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.