A majority of our customers utilize Centos 5.5. It was released today.
It is currnetly in a testing phase, we expect to roll all management customers out to 5.5 by next weekend.
Centos 5.5 is released.
May 15th, 2010Hacked? – Don’t reboot
May 15th, 2010Rebooting is commonly one of the first thing’s we see someone to when they find out they were compromised. We don’t know why, it doesn’t matter. Don’t do it 
Here is why:
1.) Any files the attacker uploads to /dev/shm will be removed on boot, which can make the investigation difficult.
2.) Depending if the attacker inserted a rootkit, your server may not come back up on reboot – Binaries may segmentation fault
3.) If the kernel is modified in memory, important forensic data will be removed on boot.
4.) Last but not least – We have seen attackers remove partition tables. On reboot your drive will appear to be wiped clean. We can often recover partition tables, but it will make it appear that worst has happened.
Your best course of action is to have Rack911 investigate your compromise as soon as it becomes known to you.
Logrotate or statistic problems may rotate important logs such as your apache access log, which can make finding the root cause difficult. Cpanel for instance can be configured to delete access logs after web statistics are ran, this happens daily.
Nginx Kohana Php Framework Rewrite
May 13th, 2010We recently migrated a website developed using the kohana framework to a new infrastructure. Originally they were using Rackspace CloudSites and we moved them to a load balanced platform at Rackspace CloudServers. During the transition we migrated them from Apache to Nginx which resulted in an significant performance increase.
During the process of creating their rewrite rules, we had to do some research to find the variable to append the query string to. For your enjoyment, here is the required rewrite:
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?kohana_uri=$1 last;
}
Another gotcha you may run into involves SSL. Kohana may not recongize SSL correctly without this set in your fastcgi configuration:
fastcgi_param HTTPS on;
Couple recent security vulnerabilities
May 13th, 2010There has been a couple recent vulnerabilities that you should patch, if your running the affected software:
Rfxn BFD – Brute Force Detection
http://www.rfxn.com/bfd-1-4-important-security-fix/
Change Log:
[Fix] properly sanitized vars passed to the command line
[Fix] ignore.hosts is now updated with system addresses on each bfd run
Installatron
Several serious security holes
Info: http://webhostsecurity.com/bugs/installatron/index.shtml
Red Hat Enterprise 3: End of Life Notice
May 13th, 2010The life-cycle for RHEL 3 will end October 31, 2010. After this date, support from Red Hat will stop, this includes potential critical security updates.
How will end of life affect you?
NO future bugfix or improvements
If a critical security bug is found, your server will be at risk
There will be no support for RHEL3 by datacenters and consultants (we will support it)
What can I do?
You have several options:
Rack911 can migrate your server to a new server running a newer version of redhat or centos.
Rack911 can perform a distrubution upgrade from Redhat/Centos 3 to Centos 4 which will buy you some time.
I am ready to move to Redhat 5, what do I need to know?
Redhat 5 has newer versions of apache, php, and mysql. Your applications will have to be compatible.
Most control panels will support Redhat 5, Redhat 5 or Centos 5 is cPanel’s recommended operating system.
Redhat 5 will be supported until 2014.
Regardless of your decision, Rack911 can assist with your migration. We can also assist with modifying your applications to work on the newer operating system.
Mail Deliverability Important? Use Sendgrid
May 13th, 2010Ensuring your mail gets delivered to its recipient can be a challenging task. Email providers such as Yahoo can be picky on the mail they receive, your mail may be temporarily deferred for a number of reasons. There are many things that come into play when you start to deal with the deliverability of email: Rate limiting, Domain keys, SenderID, SPF, etc.
Your providers netblock may become listed in an RBL due to repeat offenders. All of this you or your system administration team must handle.
Introducing SendGrid, the solution to these problems.
Sendgrid also offers you analytics to track track email clicks, opens, unsubscribes, spam reports, and bounces.
Their pricing is reasonable. I have not contacted them on extremely large bulk orders, but I would assume it would follow a similar pattern to the prices listed on their website.
We have several customers (our self included) utilizing their services, and they couldn’t be happier.
$150.00 is our management base – Here’s why
May 5th, 2010Quite often I get a sales inquiry for server management, where the potential customer dislikes our rate. They often compare us to other management firms which cost a fraction of what we charge.
When you are looking for server management, what are you priorities? It seems then number one priority of most customers is excellent server uptime.
What is required for server uptime?
Proactive Security Upgrades - Something a trivial as a unpatched kernel can lead to a complete loss of all of your data including backups. What would that do to your business?
Proactive Monitoring – If your server is not serving content, then your you lose potential business. If your server is down for 6 hour’s while you sleep, how much income will you lose?
Experience – Anybody can read a few web page’s explaining how to configure your server software, but does your administration team really have the low-down on the gotchas that come up?
Rack911 opened it’s doors in the Summer of 2003. Since then I have watched the rise and fall of several administration companies. I have seen work done, and had to correct past work. There is a trend I see with almost every new customer: Lack of security upgrades.
Some management firms only offer reactive updates – Which means you have to personally ask for the upgrades. These management firms base their reactive approach on the fact that new upgrades may break existing services. While this is true, experience comes into play here. Most problems can be worked around if you have inner knowledge on how things work and coexist, unless there is a serious bug in the update.
With Rack911 every management customer gets proactive security updates, proactive monitoring, and the experience of seasoned administrators. We are innovative and create solutions to problems.
If the customers server is supported by ksplice, they will receive ksplice upgrades free of charge for all of their servers. Ksplice allows rebootless kernel upgrading. Read more here: Ksplice.
On top of the already mentioned, we support most open source software and many closed source software (example: control panels, r1soft, etc).
To sum it up, with Rack911 we care about your business stability and we do everything we can to keep you online. Depending on your needs the price may be adjusted, but $150.00 is our base price.
Implementing Junkemail Filter’s Hostkarma RBL on Cpanel Servers
May 5th, 2010Cpanel by default come’s with two really good RBL’s, which are zen.spamhaus.org and rbl.spamcop.net. Junkemail filter provide’s their Hostkarma rbl for public use for non-commercial purposes. You may also use it if you are a small business. Most of Rack911’s customers are web masters with medium to large websites (such as forums), so it is extremely beneficial to them.
They offer multiple blocklist’s to choose from:
- 127.0.0.1 – whilelist – trusted nonspam
- 127.0.0.2 – blacklist – block spam
- 127.0.0.3 – yellowlist – mix of spam and nonspam
- 127.0.0.4 – brownlist – all spam – but not yet enough to blacklist
- 127.0.0.5 – NOBL – This IP is not a spam only source and no blacklists need to be tested
For the scope of this entry, we are going to show you how to utilize the 127.0.0.2 spam blacklist on cpanel servers.
Login to your cpanel machine and gain root access, and run the following commands:
cd /usr/local/cpanel/etc/exim/acls/
wget http://layer1.rack911.com/hostkarma_rbl
/scripts/buildeximconf
service exim restart
Your server now has zen.spamhaus.org, rbl.spamcop.net and hostkarma rbl’s running.
To remove the rbl, just remove the /usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK/hostkarma_rbl file and rebuild the exim configuration file again.