October 2009

Welcome to the October edition of Nexology - our new monthly letter (will try and make it monthly). My hope is that this newsletter helps you stay connected to HN and keeps you informed about anything that might be happening here at HN.

The warm times are almost over for our northern hemisphere clients and just starting for our many clients down under. Hope you all had - or have - a great summer!

Looking Back

PION server had a bit of a meltdown at the beginning of September. A standard Plesk upgrade went fantastically wrong and it took some time to rebuild the server. My apologies once again for all PION clients that experienced that extended downtime event. Gluon had some CF issues which were fixed by the removal of a problematic domain and across the board we are reigning in high resource users on CF servers. Electron server was replaced with a brand new Dual Quad Core Raid 10 machine. VPSes on VPS nodes all had OS upgrades and perform enhancing tweaks which has seen excellent results.

	Blog Post: The Zen of SpamHaus I'd like to draw your attention to an important article on our blog about the fight against spam called The Zen of SpamHaus. SpamHaus is one of the relays we use to filter email but it also offers a higher level of antispam protection. In the post I talk about the difference levels the relay offers and also posted some stats from a test I did with zen.spamhaus and without. The results were an eye-opener! There is a discussion thread on our forum with a poll so go vote!
	Blog Post: Easy MySQL Backups I love backups! We backup all our shared and reseller servers to remote backup servers across a private network. It works really well. But everyone should also have a personal backup strategy - just in case. In this blog post I reveal my own personal database backup strategy for HostNexus. If you're on a linux server and always wanted to backup databases and have them download automatically to your computer then I hope you(ll enjoy that post.
	Special Offers - Halloween Server Special If you go to the home page of HostNexus you'll notice the eternally running Relaunch Special has been replaced with something new. If you've ever thought about upgrading your website to the awesome power of your own dedicated server then October is the time to do it! This month we are running a Halloween Server Special. If you order before October 31st we'll give you $100 cashback on any Standard Server. All our servers are fully managed and we also migrate your account seamlessly to your new server. Don't hesitate to contact me at sales [at] hostnexus [dot] com if you'd like to discuss this some more.
	Forum Round-Up Have you been to our Forum lately? Please drop by and introduce yourself in pats_fan's thread. Get a Gwave invite? Our tireless mod Susanna didn't either as she shares in Google, you have broken my heart. Know any great Premium Wordpress Themes? Participate in Social Media? Solve a problem or shoot the breeze, on our forum we are always good for a chinwag. :)
	NexusDomains and Domain Reseller Services I thought I'd draw your attention to a little known service we provide - Domain Reselling. HostNexus has been an Enom ETP since 2003 and our resellers have registered thousands of domains through us at Enom. All you need is a free NexusDomains account and then ask us to convert your account at Enom to reseller status. You can then start reselling using Enom's awesome tools (API and PDQ) with a base prce of $8.95/yr for standard .com, .net and .org. We also offer dozens of TLDs. Alternatively you can just register domains as normal via NexusDomains for $12.95. NexusDomains itself runs on PDQ.

Featured Article

How To Avoid Getting Hacked

2009 is The Year Of The Gumblar. You might not know the name but I'm sure you've experienced it either directly (hopefully not) or indirectly. Have you ever been surfing and come across a page with a big red sign warning against you entering the site? If you have then it's a good chance that site was hit with Gumblar or one its variants like Nine Ball, Martuz or a host of other weird and wonderful names. If you run a successful online business can you imagine the damage such an attack could do? I actually got hit with it on a personal site I just use for storing photos. But when I thought of the damage it would have done if it had hit HostNexus......it certainly got my attention.

So what is Gumblar and how does it work? These are things EVERY webmaster MUST know! The original Gumblar used a vulnerability in Adobe Acrobat and Flash player but subsequent variants use other exploitable software but all have the same end result. I won't go into the technicalities of how your computer gets infected but you need to know what it does. Once infected it listens in on any FTP connections and steals the connection information. Usually within minutes the virus uses your FTP account to modify files and insert some nasty code. This code is normally an iframe, javascript or some other code that triggers a malware download from another computer.

The virus will sometimes modify PHP code and insert phpshell scripts which in turn attempt to install the malware that other infected sites connect to to trigger malware downmloads to unsuspecting site visitors. This is a three-pronged nightmare that just grows exponentially. From local computer to FTP account to server infection and the wheel keeps on turning. So what's the defence?

The virus three-pronged and therefore everyone needs to cover as many of these vulnerabilities as posible.

1) Your Computer - a decent "On-Access" anti-virus program is all you need. When I got infected I was running a cheap AV program that wasn't On-Access. This simply means the AV program automatically scans anything that is downloaded to your computer or any file that you open on your computer. If your anti-virus just gives you a daily scan you are NOT protected. You could get infected, download some nasty stuff to your computer and proliferate the virus before you even get to your daily scan.

2) FTP over SSL. If you are on a linux server simply choose a connection option in your FTP program that is encrypted or just says "SSL". All of our shared servers should have this working. If you find it doesn't please contact Support and we will fix it! With this option your connection info is sent encrypted and not in plain text and the virus cannot sniff it out. We would love to implement this by default (forcing people to use it) but even though we could post about it in a newsletter, on a mail list, on our blog and on our forum we will still get hundreds of tickets asking via their FTP doesn't work. As awareness grows maybe we will implement slowly.

If you have a dedicated server and would like FTP over SSL activated please contact Support.

Bad news for Windows clients on this front. Our Windows servers don't currently support FTP over SSL as this is a feature included in the newer Windows 2008 OS with IIS7. It's a huge change and one that we aren't quite ready for. But you can still install a decent Anti-Virus program. :)

3) Server Infection - this is one area where Windows servers aren't as vulnerable. The virus uses PHP which needs to be running as a global user such as Apache. PHP on Windows has run under a user's FTP username as CGI for ages so even if files get infected the virus cannot break out of the user's home directory. On linux though PHP has ran as Apache for aeons and it's only with later versions of Plesk that we now have the option to run PHP as CGI or FastCGI. So if you're on Plesk 9 I encourage you to switch PHP to a Fast CGI application under Web Host Settings for the domain. Some scripts can break with it so if you are not sure please don't hesitate to contact support and we will advise you. Scripts tend to run faster under Fast CGI too so you are in fact doing yourself a service. :D

This year we've been dealing with Gumblar related issues almost on a weekly basis. It is very hard to convince someone that the server hasn't been hacked when their website is showing the Reported Attack Site page. In these cases the issue almost always lies with the user's computer being infected.

But we have also had cases where the virus has spread through Apache-owned PHP files causing malicious downloads and random page redirects to search results containing a list of infected sites. We can always track down the source but it is very frustrating for us as hosts and our users. In this case a solution would be force every domain using PHP to run as Fast CGI but as with the FTP solution there would be even more fallout. So it's a balancing tightrope act with a bit of a dodgy safety net. All we can do as hosts is raise our own community's awareness of this problem that doesn't seem to be going away any time soon and hope that in the future we can implement more stricter safeguards against this menace.

I just posted this on our blog so feel free to comment there. If you'd prefer to discuss any of this in our forum that would also be most welcome.

See you all next month. Have a fabulous October!

Navigate Our Site