Coupons & Discounts
Following the announcement of the SSL Poodle vulnerability most webmasters have been hard at work securing their servers. Alas while doing some of these updates myself I had discovered that while it is possible to disable SSLv3 for cPanel services on ports 2083, 2087, 2096 – this breaks connections to cPanel from all current versions of Firefox, on any operating system, because Firefox does not support TLS connections to ports other than 443.
It is a serious bug with Firefox, which will be resolved permanently in the November update. For now however you need to decide what to do. If you’re the only one on your server it probably wouldn’t kill you to use Google Chrome for a month until the Firefox update.
Otherwise if there’s more than just you on the server accessing cPanel and you disable SSLv3 for cPanel, your clients will not be able to connect to it with Firefox causing quiet the frustration. That means WHM, cPanel, Webmail – are all down for everyone using Firefox. Then you’ll be going through a pile of support tickets asking everyone to switch browsers for a little bit.
Surely you’ve heard the term Shellshock exploit be mentioned everyone across the internet these last couple of days, however what is it exactly and what does it really mean for you? Well, Shellshock is the name for a brand new exploit which targets a vulnerability in Bash. Bash, an acronym for Bourne Again Shell, is a command-line shell used by many UNIX computers. In-fact I feature several tutorials regarding working with Bash here. UNIX is an operating system on which many others are built, such as Linux and Mac OS. So if your utilizing a Linux based web server for your website, or a Mac OS computer at the office – your system could very well be vulnerable.
Bash is a key component of the web servers that run at least half of the websites on the internet, in-fact your probably running your very own website on a Linux based server utilizing Bash. Even if you don’t use any aspect of Linux yourself, a huge proportion of the Internet runs on the “backbone” of Apache, which uses Bash heavily. Bash is also used in the background by web browsers, email apps, FTP (website upload) apps and all kinds of other applications. One way or another you are, or you have, used the Bash shell.
So what exactly does Shellshock do? Shellshock allows anyone to run any program via text commands through the use of Bash, or Terminal as you’re used to calling it in Mac OS. That means one can run key-logging software, steal personal information, etc. There’s an even bigger problem to Shellshock however. Every single version of Bash up to 4.3 is vulnerable – and that leaves ALOT of patching to be done.
Patches for the main bug – designated CVE-2014-6271 – are available for most Linux distributions. However, there are reports that the patch is NOT a complete fix and so a further vulnerability, CVE-2014-7169, is being tracked. Fixes against this second vulnerability have not yet been widely distributed.
Apple is also hard at work patching MAC OS – however there is some good news for Apple owners. There is a chance you may not be vulnerable at all. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. So long as you’ve never configured those services – you’re good to go. If you have however – Apple is working on a fix for you – right along with figuring out how to make your phone not bend in your back pocket.
Microsoft researchers and colleagues from Bing have been collaborating with others from industry and academia to examine datacenter hardware alternatives, and their work, a project known as Catapult, was presented in Minneapolis on June 16 during the 41st International Symposium on Computer Architecture (ISCA). Confused yet? Hold on. Their paper, titled A Reconfigurable Fabric for Accelerating Large-Scale Datacenter Services, describes an effort to combine programmable hardware and software that uses field-programmable gate arrays (FPGAs) to deliver performance improvements of as much as 95 percent.
Now I know you’re confused – so what exactly does this mean? What Bing, Microsoft, and a group of others are trying to do is figure out how to use the same amount of servers to do double the work, or use half the amount of servers to do the same amount of work that is being done currently. Finally how do you accomplish all of that without exponentially increasing your overhead costs (as you would with a traditional cloud platform).
In the evaluation deployment outlined within the paper, the reconfigurable fabric—interconnected nodes linked by high-bandwidth connections—was tested on a collection of 1,632 servers to measure its efficacy in accelerating the workload of a production web-search service. The results were impressive: a 95 percent improvement in throughput at a latency comparable to a software-only solution. With an increase in power consumption and total per-server cost increase of less than 30 percent, the net results deliver substantial savings and efficiency.
So while this all might sound completely irrelevant to you – it’s really not. See if Bing has 40x more time to compile a relevant search result for you than they currently do – you can be fairly confident that the success of this technology will bring about some new ranking algorithms to Bing search results.
As a webmaster chances are you will wind up managing a Linux box or two in your time – and when you do you’ll be happy you learned these tricks.
Discover how to use pipelines to string together a series of commands. This means that the output from the first command in the pipeline is used as the input for the second command in the pipeline. The output from the second command in the pipeline is used as the input to the third command in the pipeline, and so on, and so on.
Learn how Bash keeps track of a certain number of previous commands that you have entered into the shell via the History; and see how Bash makes life easier for you is by supporting command aliases – commands that the user can specify.
Learn how to use wildcards and command line completion to make your life programming within Bash that much easier.
The rwhod daemon is a process that allows a remote user to see who is logged into your system. The client program is rwho. It has many of the same security problems as the finger daemon. For a cracker use of rwho could allow him to watch for times on your system when nobody is logged in and begin his attacks. Learn how to turn off RWHOD on your server.
A detailed list which shows the majority of the more popular known trojans, and the ports they normally use.
Learn how to be able to view all the running processes, or stop a program if it hits a bug or a flaw.
WiredTree, one of our affiliate hosting partners, have announced the addition of new features pertinent to R1Soft backups, Parallels optimization and SSD caching – something the company hopes will provide it with “unparalleled performance.” In a press release, WiredTree President Zac Cogswell discussed how the company goes about implementing the process, noting that WiredTree annually upgrades its VPS and hybrid server platforms.
“Our annual Level Up guarantees our customers can take advantage of the most recent developments in the web hosting industry as they become available. Often, this means adding RAM and disk space across our hardware, but this year, we are not adding RAM or disk space to our plans. Instead, we have done what many considered impossible — made huge performance boosts to disk I/O for hosting services that are faster than ever before.”
WiredTree went so far as to testing the SSD Caching platform – something it says cuts load times in half. The testing was performed on live client websites. If you haven’t yet checked them out, WiredTree offers a range of hosting services including managed VPS, servers and hybrid.
A few months ago the team at SpeedySparrow had submitted a feature request to the cPanel development team asking for support for wildcard SSL certificates. Natural support, support that doesn’t require jumping through hoops and performing hacks on your server. The response to this request came in just a few minutes ago from Kenneth Power, one of the cPanel development team staff members. He responds:
We rewrote the SSL Management functionality for cPanel & WHM 11.38. In part this change will deliver the following:
New SSL Management system with full support for SNI allows hosting multiple SSL Certificates, for different domains, on the same IP addressThe ability for server owners and users to determine the primary virtual host for an IP address means incompatible systems will see helpful content. Improved support for Wildcard, and UCC/SAN, certificates allows users to use the same certificate for multiple subdomainsUCC/SAN certificates allow for simplified certificate sharing across multiple domainsImproved user interfaces provide guidance through the various workflows of managing certificates and their assets.
In a nutshell - they’ve decided the feature will be introduced in the next release cPanel, version 11.38. They’re also implementing SNI, which will allow multiple SSL certificates to be installed on a single IP address. I’m looking forward to testing these new features!
A client of mine recently contacted me, and frantically proceeded to explain to me how his hosting company contacted him stating their server had been hacked through an out-dated WordPress install they had kept on it. To make matters worse, the host did not have a recent file backup available – great. I was in for a long night. However this got me thinking as to just how often this happens. A lot of people wrongly assume that their personal online projects, if never advertised, can never be found. So I wanted to take a moment and write up this post, and hopefully help someone prevent themselves from being in a similar situation.
First off, touching base on the host’s lack of a recent file backup, I want to bring up an article I wrote a while back: “Always Keep Your Own Backups“. It applies to a lot more than just hosting if you really think about it. Maintaining a recent backup is something every website owner should be doing, and with the majority of control panels out there – such as Hepsia and cPanel – generating and downloading backups is fairly simple. Read through the article, even if you have in the past, and make sure you’re following through with your responsibilities.
Moving on we come to this out-dated WordPress install – which provided the loophole the hacker needed to get in. This is something else that you, as a website owner, have to stay on top of. You have to make sure that all your script installs are always up to date. When using script installers such as Softaculous, Elefante, and Fantastico – this task also becomes fairly simple as each one of the script installers will automatically notify you of new versions of your installed scripts.
For those that own a server with several different accounts on it, you can automate this process by utilizing some scripts. For example techsware.in has a great script posted up that will located out-dated WordPress installs on any system running cPanel, Plesk, or really any Linux box. You can also utilize a full-featured premium script like OldScriptFinder.
The point is that even if you have to do it manually – you want to make sure you do keep all of your script installs up to date. It doesn’t take much, but it does a lot for you in the long run. Apart from just server security, out-dated scripts can have broken loops – causing a severe drag on system resources – thus hurting the performance of the entire hosting account/server.
cPanel Inc. just recently spoke about the release of a Stable version 11.34, and a few short days later – it’s finally here. Announced yesterday the release of version 11.34 Stable of cPanel & WHM software brings many improvements and upgrades to the package.
As per cPanel CEO, J. Nick Koston’s Keynote speech at the 7th annual cPanel Conference, some of the new features include:
Take note that upon updating or installing cPanel & WHM version 11.34, you will no longer be able to downgrade to a previous version. For full details regarding version 11.34, such as the User Guide, Release Notes, Change Log & FAQ’s, please visit: http://docs.cpanel.net.
Hivelocity announced earlier in the week that they are now including a free 60GB Intel 520 series Solid State Hard Drive with all new servers. The free SSD is included as an extra drive and not a replacement for the SATA or SAS drives already included with the standard server configurations. Customers have the choice of having the free SSD mounted as the primary drive for their operating system or as a secondary drive for whatever use they choose.
“We have been offering solid state drives with our servers for the last year or two and every month they gain more traction. The speed benefits our customers with SSD have realized is fantastic and we figured a super fast server equates to a super happy customer so lets give them away for free,” said Hivelocity USA Sales Manager Drew Adams.
Never before has the general public been given an open look at the inside of Google’s datacenters – until now. True Google has shared many of their designs and best practices, and they have been publishing their efficiency data since 2008, however only a small handful of employees have access to the server floor itself. Yesterday Google announced the launch of a new site – Where The Internet Lives - featuring beautiful photographs by Connie Zhou, where you’ll get a never-before-seen look at the technology, the people and the places that keep Google running. In addition, you can also explore Googles’ Lenoir, NC data center using Street View. Walk in the front door, head up the stairs, turn right at the ping-pong table and head down the hall to the data center floor. If you’d like you can also watch a video tour to learn more about what you’re viewing in Street View and see some of the equipment in action.