On 1/27/2015 we were notified by our software vendors of a critical flaw in the Linux glibc library CVE-2015-0235 affecting all Centos, Redhat and Cloudlinux servers. After our vendors released OS patches we patched all servers immediately after. This includes all clients on our bi monthly patching service. What is glibc? The glibc library is a core part of…
WordPress brute force attacks have started cripling servers all over the internet. Our cloudlinux servers have managed to stay up which higher then normal cpu and ram usage. Other servers without cloudlinux haven’t faired so well. We started investigating these attacks on April 9th 2013, captured packets immediately to get the payload of these brute…
We receive a number of phone calls and emails for requests for quotes and for proposals as a SoftLayer Certified Partner.
One may ask what does a SoftLayer Certified Partner do?
While SoftLayer has a variety of Certified Partners, Dynamic Net, Inc. is a SoftLayer Certified Partner that specializes in server security and server administration.
In the 1972 movie, The Godfather, we hear Tom stating, “This is business, not personal!”
I lost track of how many times I’ve heard that phrase or variations like it to justify business decisions whether it be employer vs. employee or business vs. customer.
If your focus is building and maintaining relationships, the “vs” should always be a red flag. If your focus is on the dollar, then you might miss the “vs.” part of the equation.
Author: Peter Abraham; Published: Dec 10, 2012; Category: Customer Support, Managed Hosting, Managed Services, PCI Compliance, Reseller Hosting, Security, Small Business; Tags: hosting, service; No Comments
Imagine reading Service Suspension – Ongoing unanswered abuse complaints thinking to yourself, the person is in a jamb…. I hope they get someone who can really help them (maybe we could, not sure), then later on reading the person who initiated the post also runs a “All you can Eat” (i.e. unlimited support tickets, unlimited labor time) server administration business where they advertise a long list of what they can do for you for just $15.00 per month. I guess, they are so packed with work they could not solve their own problems.
Imagine, for just $15.00 per month you “24/7/365 USA-Based Technical Support” plus “24/7/365 Server Monitoring (5 Minute Intervals)” of your servers plus “Guaranteed 15 Minute Response On Monitoring Alerts” and so much more… sounds like a great deal? Right?
CloudLinux is an operating system based on CentOS and OpenVZ bringing a more secure, out of the box, operating system which allows a shared hosting environment to mimic a VPS-like environment for each hosting customer.
if you could imagine a refrigerator whose contents were a complete mess or even a room that was an organizational disaster, then open the door, through in a magic ball of yarn, close the door, and then open the door again… only to be amazed about how well everything is organized and clutter free, you would get a visual of the what CloudLinux allows you to do on the server level.
Repeat after me, “hackers most often target vulnerabilities, not specific people or companies.” Now, say that over and over again.. and shortly you should come to the conclusion that every single device and application typically has vulnerabilities which makes everyone a target. That’s right, everyone is a potential target — not just the big names,…
Most small business stewards provide customer service as well as receive customer service as part of wearing many hats. I really appreciate being on both ends of giving and receiving as each encounter is an opportunity to learn, to adapt, to change, and to improve. Part of that picture is hearing and seeing something you…
Linux Socket Monitor by R-fx Networks is a good, automated, tool to let you know if an application is creating TCP and UDP sockets.
The caveat we’ve experienced over the years is that when you receive an LSM alert that might involve malicious malware or hacker activity on the server running LSM, you sometimes have milliseconds to log onto the server to hopefully catch the application opening sockets red handed. If you are delayed or the application just runs that fast, by the time you are on the server, the port closed and the application is now in hiding.
I often agree necessity is the mother of invention, and I would like to share what we’ve done to extend the Linux Socket Monitor (LSM) to provide running process information, not just the netstat lines.
If the Internet is the super information highway, then what other analogies can we make?
What if your PCI Compliance authorized scanning vendor wants you to only allow RC4-SHA as a SSL CipherSuite in order to pass PCI Compliance against the SSL BEAST Attack? Here are the tested settings.
Author: Peter Abraham; Published: Sep 10, 2012; Category: Customer Support, Managed Hosting, Managed Services, PCI Compliance, Reseller Hosting, Security, Small Business; Tags: documentation; 2 Comments
I would like to share with a recent, real life, story of what happens to small businesses when there is little to no documentation.
I’m hoping to encourage you to review the documentation standards you have set forth for your small business; and potentially to do an in-house audit to ensure critical areas are covered.