Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

Website is not showing up

In spite of the DNS and Zone records have been filled in correctly, website is still showing the cPanel Default Page. This is usually caused by IP has been wrongly assigned on WHM during setup of the account.

  • If you 2 or more IP address on your VPS, check the domain name has been assigned to the correct one that has been used in your DNS Zone records.
  • If you have only been assigned with only 1 IP address, verify the IP address beside your domain name in WHM under List Accounts from the side menu. If the IP address is different with your assigned IP, this is likely you have a mis-configured cPanel or the shared IP has not been configured correctly. To correct this, find Basic WHM/ cPanel setup, scroll down to shared IP section [* The IP address (only one address) that will be used for setting up shared IP virtual hosts.], update the IP with the correctly assigned one and save changes. Next, select Change Site’s IP address from side menu and update the IP for the domain accordingly.

 

PLESK Subscription expiration

Since PLESK 10, I’ve observed that one of the most common mistake made on Plesk is the subscription expiration. This is usually neglected when PLESK is created under service provider view. Any subscription created with default settings has a 12 month validity period and will be automatically suspended by PLESK when it is expired. If you are seeing website returns a 503 page or service unavailable and this is likely the cause.

To verify your settings, sign in as admin, root or administrator to your Plesk Panel. From the menu on left hand side, select Subscription. Now, select the subscription highlighted in “RED” with an exclamation mark and choose “Customize”.

Scroll all the way down, you will find the expiration date section. To rectify, check on unlimited or select a later date and “Update”.

Remember to hit on the “Activate button” if your subscription has been suspended.

 

 

 

 

 

Why SAS Hard Drives are better

At Vastspace, we insist on only SAS Hard Drives or Enterprise SSDs for our servers. It’s because SAS Hard Drives are the most reliable, maintain their performance under more difficult conditions, and perform much better than compares to either Near Line SAS or SATA disks.

In reliability, SAS hard drives are an order of magnitude safer than either Near Line SAS or SATA disks. The metric is measured in bit error rate (BER), or how often bit errors may occur on the media. With SAS hard drives, the BER is generally 1 in 10^16 bits. Read differently, that means you may see one bit error out of every 10,000,000,000,000,000 (known as 10 quadrillion) bits. By comparison, SATA drives have a BER of 1 in 10^15 (1,000,000,000,000,000 or 1 quadrillion). Although this does make it seem that SATA disks are pretty reliable, when it comes to absolute data protection, that factor of 10 can be major.

SAS hard drives are also built to more exacting standards than other kind of hard drives. SAS hard drives have a mean time between failure (MTBF) of 1.4 million hours or higher compared to 1 million hours or lower for most SATA hard drives.

Here’s a good article on Choosing Between SAS vs. SATA Hard Disk for Your Server RAID System from Intel: http://download.intel.com/support/motherboards/server/sb/enterprise_class_versus_desktop_class_hard_drives_.pdf

If your computer is infected?

LastPass has created a Web tool that makes it easy to check to see if your computer is infected. You can check by simply clicking on this link. To manually check for the Superfish adware and uninstall it, head to the Windows Control Panel, select Programs and click Uninstall a Program. Search the list for VisualDiscovery. If it is there, click the program and select Uninstall.
 
You’re not finished yet, though, there is one more step. You must also uninstall the Superfish certificates. Start by clicking the Windows Start button and typing certmgr.msc in the search box.
 
Launch the certmgr.msc program, click on Trusted Root Certification Authorities, followed by Certificates. Search through the certificates for anything mentioning Superfish Inc. Once you have found the certificates, right-click them and select Delete. To make sure you have fully removed the program, restart your browser and revisit the LastPass web tool.

WHM/ cPanel Version 11.42 Now EOL

cPanel & WHM software version 11.42 has now reached End of Life.
In accordance with cPanel EOL policy [http://go.cpanel.net/longtermsupport], 11.42 will continue functioning on servers. The last release of cPanel & WHM 11.42, 11.42.1.31, will remain on cPanel mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 11.42. Older releases of cPanel & WHM 11.42 will be removed from their mirrors.
If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that cPanel knowledgeable support team can provide recommendations, migration assistance, and more.

Squid Proxy with multiple outgoing IP

1. SSH to your Linux Cloud Server or SSD Cloud Server

yum -y install squid
chkconfig squid on

2. mv /etc/squid/squid.conf /etc/squid/squid.conf.original

3. vi /etc/squid/squid.conf

4. add this into the configuration file

http_port 3128

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_access  # change to lib64 for 64bit Centos
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
forwarded_for off
acl ip1 myip 192.168.0.1
tcp_outgoing_address 192.168.0.1 ip1
acl ip2 myip 192.168.0.2
tcp_outgoing_address 192.168.0.2 ip2
acl ip3 myip 192.168.0.3
tcp_outgoing_address 192.168.0.3 ip3
acl ip4 myip 192.168.0.4
tcp_outgoing_address 192.168.0.4 ip4
acl ip5 myip 192.168.0.5
tcp_outgoing_address 192.168.0.5 ip5
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

5. Save squid.conf

6. chkconfig squid on

7. Restart Squid with “service squid restart”

Know the type of RAM used on your server

 

In general, many do not inquire about the type of RAM used on their server. What most really care is the “number”, like I’ve 32Gb RAM and blah blah blah…
Do you know there is a different type of RAM used on desktop computers, entry servers and high-performance servers? It is important to find out that your server is fitted with ECC or better RAM for stability, reliability as well as performance for your 247 online activities.

Most branded entry dedicated servers use ECC RAM. ECC is an extension to parity uses multiple parity bits assigned to larger chunks of data to not only detect single bit error but correct them automatically at the same time. Instead of the single parity bit for every 8 bits of data, ECC uses a 7-bit code that is automatically generated for every 64 bits of data stored in the RAM. When the 64 bits of data is read by the system, a second 7-bit code is generated, then compared to the original 7 bit code. If the codes match, the data is free of errors. If the codes don’t match, the system will be able to determine where the error is and fix them by comparing the two 7 bit codes.

Registered memory has registers or buffers included on the module for better flow of data which increases data reliability. It also allows for greater memory scalability and larger amounts of RAM can be installed. Because of this, registered memory is used mostly in servers with ECC functionality.

Fully buffered memory or also known as fully registered memory takes some of the functions from the memory controller. The communication between the memory controller and the module is serial, thus less number of wires is needed to connect the chipset to the RAM. With serial communication, fully buffered RAM is possible to have up to eight modules per channel and up to six memory channels, this greatly increasing RAM performance as well as memory scalability. Fully buffered memory cannot be used on a server that takes registered memory or vice verse. Fully buffered memory includes ECC functionality usually seen on high-performance workstation and server.

How often should you change your password?

 

Many organizations require mandatory password changes, consider this is best practice in security. However, this might not be the case anymore and there are many pros and cons to this practice. For those has been changing the password regularly, maybe it’s time for you to have a look having your password changed often makes sense and when it does not, and for who has done little on securing the password what should you do next.

Let’s get started with a strong password

Using a strong password is the most important thing you can do to help keep your account secure. Here are a few tips on how to create a strong password:

  • Use combination of letters, numbers and symbols if permitted
  • At least eight characters long.
  • Never use names of spouses, children, girlfriends/boyfriends or pets.
  • Never us your phone numbers, ID numbers or birth dates.
  • Never use the same word as your log-in, or any variation of it.
  • Never use dictionary words.
  • Avoid using the same password for all your accounts

Enforce Password duration policies but wait…

Many companies enforce their users to update their password every few months, it limits the usefulness of the stolen password. If your password has been stolen and you weren’t aware of it, the hacker could eavesdrop for an unlimited time and gather all sorts of information about you slowly or laboriously and cause damages to you. Thereby, for the last decades, many security policies have recommended frequent password updates.
But it might now be outdated policy to recommend and it’s highly debatable that updating password frequently does actually increase security.

Updating your passwords often has become a waste of time?

A study from Microsoft found that mandatory password updates cost billions in loss of productivity for little payoff insecurity and some other security resources point out that the security best practice is doing little security improvement but causing a lot of frustration. End of the day, users typically end up choosing or resorting to sticky notes and any form of easier and quicker ways to access their “secure” password but could actually increase “risk”.

Experts pointed out that in many cases today hackers or attackers won’t be passive.  If they get your account login, they probably won’t wait and hang around for months but likely they will access your account right away. In some cases, the hacker might be sticking around eavesdropping, not using your password but with installed backdoor access instead.

The next thing you would do to reduce your risk is to reduce the password update duration. But hold your horses, hackers have machines that can break 348 billion NTLM password hashes a password encryption algorithm used in Windows per second and any 8 character password could be broken in 5.5 hours,  and if your account is being targeted, what makes you think that reducing the password update duration would possibly reduce your risk? It’s not possible and not worth doing this crazy event that kills your brain cells on a daily basis.

Good reason to beef up your security with Two Factor Authentication

Two-factor authentication is one of the best things you can ensure your account doesn’t get hacked and invest less time and frequency updating your password, eventually less hassle and frustration. It’s more important and above that, you choose a unique and strong password for your accounts. Two-factor authentication is a simple feature that asks for more than just your password. It requires both something you know and something you have in personal belonging like a cell phone. After you enter your password, you will get a second code sent to your phone or an application like google authenticator generates 2-step verification codes on your phone, only after you enter it will get into your account and keeps unwanted snoopers out of your online accounts.

At Vastspace, apart from the encryption layers on all our web channels for communications with clients. Our client portal is installed with Two Factor Authentication if you have an account with us follow this guide to enable it now.

SSL v3 (POODLE) Vulnerability

Google researchers announced the discovery of a vulnerability that affects servers with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption).
The POODLE vulnerability does not affect your SSL Certificates and you do NOT need to reissue/reinstall your SSL Certificates.
DigiCert and other security experts recommend disabling SSL 3.0 or CBC-mode ciphers with SSL 3.0 to protect against this vulnerability.

You can use SSL Installation Diagnostics Tool from DigiCert to check if SSL 3.0 is enabled on your servers.
For servers that have SSL 3.0 enabled, Security experts are recommending that you disable SSL 3.0 for the time being and use TLS 1.1 or 1.2 instead. Most modern browsers will support TLS 1.1 and 1.2.

If you use a hosting provider, we recommend that you call them and request that they disable SSL 3.0 on your server.
Servers that do not have SSLv3 enabled are unaffected.