Important Service Update – cPanel Security Incident
This incident relates to a global vulnerability affecting cPanel servers, which has been widely reported in the news. Millions of servers worldwide have been put at risk. If you search for “cPanel Vulnerability 2026” on google you will find extensive coverage from third party sources.
We want to highlight this context as we understand the concerns raised, including by clients who have asked why their services were impacted and whether their server was secure. This was not an isolated issue but part of a widespread vulnerability affecting providers globally. Please read from the bottom up to get the correct timeframe for the incident.
Update 11am - Thursday 7 May 2026
Sites where we control the DNS are now actively being migrated across to the new server as we work to reduce the load on the Web609 virtual machine. This process should complete relatively quickly. Once done we will leave Web609 online as the Virtual Machine. Moving sites off should stabilise the load.
All sites have been loading correctly for some time now, however if you are experiencing any issues or notice a site not loading correctly, please let the team know via live chat or by submitting a support ticket.
Update 11am - Thursday 7 May 2026
Web609 is more stable and loading sites but load is higher than we would like. We've reprovisioned the old bare metal web609 server as a new server. The team are currently doing a quick DNS Audit to find those domains who use our name servers and we are going to move sites to the new server. That in turn will lower load on the web609 Virtual Machine.
Update 8am - Thursday 7 May 2026
Web609 was one of the servers affected by the initial vulnerability (copy fail) last week. It was originally hosted on a large dedicated bare metal server, however in order to speed up recovery we temporarily restored sites to a newly built VPS machine.
That VPS appears not to be coping this morning and is under load. A staff member is currently en route to the data centre to re-provision the old web 609 bare metal box.
In the meantime, we sincerely thank you for bearing with us and appreciate your patience while we work through the aftermath of these issues. We know this not ideal - it is only affecting web609 at this time.
Update 3pm - Wednesday 6 May 2026
Due to the ongoing workload created by the recent cPanel, Apache and Copy.Fail related vulnerabilities, our support team is currently prioritising server security, incident response and existing support tickets.
As a result, for the next few days we will be unable to provide extended live chat support for configuring email clients on local devices such as Outlook, Apple Mail, mobile phones or tablets.
We are still happy to assist with:
Password resets
Providing webmail access
IMAP / SMTP server details and ports
Basic mail connectivity checks
If you require hands-on assistance configuring a local device or troubleshooting a third-party mail application, we recommend contacting a local IT support provider or an experienced IT contact.
As many of our clients know, we always try to help wherever possible, however we are a web hosting provider rather than a dedicated IT support company. At present we need to ensure our support team remains available for hosting, server and security-related issues.
We appreciate your understanding and patience while we work through the current backlog.
Update 5pm - Tuesday 5 May 2026
We wanted to make you aware of some additional background activity that is unrelated to the current cPanel security incident.
Our team has also been addressing this recently disclosed additional vulnerability:
https://support.cpanel.net/hc/en-us/articles/40229402602519-Security-CVE-2026-23918
Alongside this, a separate team has been working on the recent “Copy Fail Vulnerability,” for which Ubuntu has just recently updated new Kernel patches.
As a result, some of our resources have been temporarily redirected toward patching and securing affected systems. This has had a knock-on effect on our helpdesk, leading to some delays in support ticket responses.
It’s been an unusually busy period, with multiple high-severity vulnerabilities emerging in quick succession. We appreciate your patience and apologise for any temporary dip in service levels while we prioritise system security.
If you have any urgent concerns, please do let us know and we will do our best to prioritise accordingly.
Update 2.30pm - Tuesday 5 May 2026
We are continuing to work through the issues and are actively responsing to clients on tickets. Average ticket response time are much better than yesterday but still not what we would like. Live chat is back on line and if you need urgent help please come on chat on our website and we will do our best to expedite your ticket.
We're extremely thankful to all our clients who need help with non service impacting general queries who are being so patient with us. It means a lot to the team.
Update 8am - Monday 4 May 2026
We are continuing to work through the issue and are pleased to report that, while support ticket volumes remain higher than usual today, they are now much more manageable. As today is a UK holiday, a number of staff had pre-booked annual leave. As a result, our focus remains on processing tickets, and live chat will remain offline for the rest of today. For context, one of our team members handled 140 tickets during a 12-hour shift yesterday, reflecting the increased demand we are currently managing.
Live chat will be re-enabled at 9:00am on Tuesday 5 May. We will have dedicated team members available and will limit the number of concurrent conversations to ensure a consistent level of service. If you are unable to connect immediately, we apologise in advance and appreciate your patience while waiting to be connected.
During the restoration process, we have identified that, in a very small number of cases on a single affected server, some emails were not recoverable from backups. We are contacting any impacted clients directly as we respond to their tickets. These particular restores are more complex and therefore taking longer, as they involve recovery from archived disaster recovery backups rather than standard account restores.
Finally, in light of this incident, we will be sending an email to all clients early this week with further guidance and options to help enhance data protection alongside our existing backup systems.
We appreciate your continued patience and understanding while we work through this.
Update 12noon - Sunday 3 May 2026
We've got a number of clients with email issues from the affected compromised server. We are working through these tickets as quickly as we can. If you do not get a reply please be patient your data is likely syncing to the server.
Here is an interesting statistic in case you are interested: https://x.com/i/status/2050702969167806882
Update 9.30pm - Saturday 2 May 2026
We are currently focusing on email issues following the compromise of one server (cpmail1). At present, there are 18 active support tickets related to this on the helpdesk, and our team is working through them as quickly as possible. We appreciate your continued patience while we resolve these issues. To help manage demand, we will be restricting live chat again tomorrow (Sunday). Live chat will resume on Monday morning at 9am for routine support. In the meantime, please contact our helpdesk at support@bigwetfish.co.uk for any support requests. Please note that response times are currently longer than usual.
Rest assured, our team is working as quickly as possible to assist everyone.
Update 7pm - Saturday 2 May 2026
Our first priority today was to resolve all remaining DNS issues, which we believe has now been completed. All domains pointing to our DNS cluster should now be resolving exactly as they were before the compromise. Our team is continuing to work through the remaining issues, and we appreciate your patience while we resolve them.
We are currently addressing a number of email-related issues on a single server that was affected by this vulnerability.
This is a time-consuming process because we are manually verifying data integrity for every account to ensure the best possible recovery outcome. Affected clients will receive a direct email as soon as their mailbox is live, detailing the specific status of their historical data. We are sorry that some clients are waiting longer than we would like for a reply.
Please be assured that our team is working around the clock to resolve this as quickly as possible.
Update 11am - Saturday 2 May 2026
The team is still actively working through the remaining issues. Thank you for your patience while we resolve them.
As it is a UK Bank Holiday weekend and some staff have worked extended 24-hour shifts, we have temporarily disabled live chat today. We still have additional staff in the office, but we are operating on a help-desk ticket basis only.
Live chat will remain off today. We will review the situation tomorrow morning and it will definitely be back on at 9:00 AM on Monday.
We are continuing to see a small number of issues (including some specific DNS-related problems). These DNS isues are minor and usually quick to fix once reported.
Update 5.30pm
The DNS cluster has now been rebuilt and the vast majority of websites are resolving correctly. We are seeing a small number of domains where the zone exists on the cluster and appears correct, but the domain is not resolving. In these cases, updating the zone serial and reloading the zone has resolved the issue
There should now only be a handful of domains still not resolving. If you come across one, please let us know by opening a support ticket.
The team is also continuing to work on two server restores from last night related to the identified vulnerabilities. For this reason, live chat will remain offline for now, but please be assured that the helpdesk is still fully operational.
At one point today there were 359 open tickets related to this. At the time of writing, this has been reduced to 28 related to this. We appreciate your patience while the team works through the remaining requests as quickly as possible under the circumstances.
Update 12.30pm
DNS1 is now back online and serving sites. All DNS zones have been successfully restored from the daily backup.
We are currently rebuilding DNS2 to restore redundancy, and will then move on to DNS3. You should begin to see services resolving normally again. We have already tested ten websites linked to support tickets, and all are loading correctly.
Our team is now working through open tickets to test services and respond to clients individually. If you still see an outage please reply to or open a support ticket by emailing support@bigwetfish.co.uk
There is still some follow-up work required on the servers we restored overnight, so Live Chat will remain offline for the rest of today. This has allowed the team to focus fully and resolve the issue much faster.
Thank you for your patience and understanding.
Update 11am
The team are now building a new DNS Server and that should be ready in 30 minutes we then need to install software (30 mins) and copy the zones (30 mins). If anything changes we will post an update at the top of this page. We do have access to the DNS Cluster backups if anyone needs a copy of their DNS Zone to move to a third party DNS provider just reply to a support ticket.
Important Service Update – cPanel Security Incident
A critical vulnerability affecting cPanel & WHM installations worldwide (CVE-2026-41940) was recently disclosed. While we applied all available security patches immediately, a small percentage of our infrastructure was impacted. Affected systems have been actively restored overnight by our team.
Industry reports indicate this vulnerability was being exploited in the wild before it was made public, meaning some services may have been impacted prior to the release of official patches.
Current Situation: DNS Cluster
A secondary issue related to this vulnerability is currently affecting our DNS cluster. If your domain name uses our Cluster Name Servers (ns1, ns2, and ns3.bigwetfish.co.uk), your DNS will appear to be offline, which will cause your websites and mail services to appear unreachable.
Support Availability & "Room to Work"
To ensure our team can focus 100% of their efforts on technical restoration and cluster recovery, we are implementing the following changes effective 9:00 AM today:
* Live Chat: Disabled. This allows our support staff to assist the engineering team in service recovery.
* Phone Lines: All calls will be directed to this announcement to keep lines clear for outgoing emergency coordination.
* Support Tickets: All staff are being centralized to support@bigwetfish.co.uk.
To help us move faster, please do not submit multiple tickets or "follow-up" emails. Every duplicate inquiry requires manual sorting and directly delays our ability to reach your original request. We are operating a strict "one-ticket-per-customer" policy to keep the queue moving as quickly as possible.
Staff Status
Our team has been working around the clock; half of our staff worked through the night until 5:00 AM and are now resting. They will be back online later today to rejoin the recovery effort. We appreciate your patience as response times may be longer than usual in the meantime.
Immediate Actions You Can Take
If you need your website online urgently, we recommend temporarily moving your DNS to an external provider such as Cloudflare (free accounts available). Our team is available to assist with manual DNS migrations via support ticket on a case-by-case basis.
If you have access to an external IT provider, they may be able to assist you with this DNS move more quickly in the short term while we work on the cluster restoration.
Next Steps
Our immediate priority is restoring the DNS cluster. We will provide periodic updates at the top of this page as significant information becomes available and relevant to the restoration process.
Thank you for your patience and for giving our team the room they need to work through this critical issue.
