Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Blog

Blog

, Fail2Ban in your Plesk

Improve anti-virus and anti-spam in Plesk & cPanel

Recently, we have noticed an increase in unwanted emails attached to infected documents. These are things you can do on your Plesk and cPanel control panels

But I still reinstate that local protection on your computers and devices like smartphones are extremely important. Most malware remains inactive until users intervention. Thus, these protections are your last defense.

For Plesk, I suggest you buy the extension known as Premium anti-virus.  After you have obtained the addon license you need to install through your ‘updates & upgrades’. The add-on license is not too expensive and it is worthy especially you are in business and many mailboxes.

For cPanel, installing ClamAV is a must. However, if you are running a VPS with a Gb memory or below, you might want to think twice as ClamAV uses resources especially during updates ad you have plenty of emails.

You can enhance the ClamAV by using 3rd party rules, but again you will need memory. The next solution you might want to consider is the MailScanner from Configserver. I recommend the Front-End costs USD 55, one-tine fee for its license. Useful and it makes your jobs so much easier.

, Fail2Ban in your Plesk

DKIM exempted you as Spammer?

A while ago someone came to me, asked if I can add DKIM so his company is not identified as a spammer. In a way, yes but in another way is a no. Why do I say so?

DKIM is easy to advertise in the zone records nowadays. Many popular control panels have such ability to publish whether your DNS is hosted on the same server or just copy them into your DNS hosted elsewhere. Whichever the case, DKIM allows you to sign an outgoing email is to match with the public key you have advertised in the public DNS, to tell others it is sent by real me.

DKIM is one of the best methods to identify email is spoofed, impersonating a person in the organization. Here’s the catch, only the authorized mail server signed that email. If you are using another email server signed with different keys, it will cause a failure if DKIM of your recipient mail server is validating DKIM.

2 things, if your recipient mail server is not checking on DKIM or no action is taken. The real sender email account has been compromised. For these cases, how can DKIM protect your organization?

, Fail2Ban in your Plesk

Have you heard about Mailspring?

Malspring was formerly known as Nylas Mail, ok, I like the name ‘Mailspring’ better. Sound alien to you? Most I have spoken like if you are dealing email, you use Outlook. Apparently, there are many other mail applications, like Thunderbird is one of the popular too.

But why I want to mention Mailspring today? Read on to know why. If you have a big inbox and you are reading a lot of emails every day, you want something fast, does not hang when they are syncing with the mail server while downloading right?

Apparently, Mailspring is the fastest email application I have tried. Every click on Mailspring is instant. The RAM usage is so much lower. I don’t do fancy stuff on my emails so I can stick to the free version.  They have a PRO version, it is a monthly subscription type you can check the detail on their website https://getmailspring.com/pro.

However, there is one major problem for me otherwise it is perfect.  Mailspring does not have a ready-made addon like Thunderbird. I use the sort and alert plugins, they are important to me. Never know if I will need others but Thunderbird will give me that option.

, Fail2Ban in your Plesk

ConfigServer MailScanner Front-End

Today, I want to mention a product or rather an installation for cPanel users is the ConfigServer MailScanner Front-End. Do not mix up with the Configserver MailScanner, even they are the same in the backend, MailScanner’s front end made your life easier and made anti-spam effectively. I recommend to cPanel users if they are looking for a cost-effective antispam solution.

, Fail2Ban in your PleskMost anti-spam is not integrated. They use MX to help you filter spam emails. If it is injected to the mail server, it is local delivery though LMTP, this kind of solution is not effective. However, the integrated means you need resources, and there is on overhead especially to those have a high volume of email traffic.

, Fail2Ban in your PleskIf anti-spam is your top priority, Configserver MailScanner with the Front End is worth considering. With my past experience, you are safe to quarantine emails with a score as low as 2. In addition, the front end gives you the ability on how you want to keep the quarantined emails.

Anti-spam is not 100%, users unwanted email considered to a user as spam might not be the case for antispam. Antispam a few rules and gives a score of each rule to add them up should the email’s score is more than the threshold. There are cases, spam or unwanted emails have slipped through your anti-spam, MailScanner Front End allows you to click on the button to learn, to learn and port as spam, or blacklist sender and its domain.

Configserver charges USD 55 onetime fee for MailScanner front end, I personally think it is affordable and cPanel users should install if they want effective antispam.

, Fail2Ban in your Plesk

What is HPMVPS?

HPMVPS stands for High-Performance Managed VPS, it is a fully managed service for businesses on their websites and email hostings.

We have observed many business owners have spent plenty of time choosing their web hosting and yet many have not met the expectation. Nowadays, due to the malicious traffic on the internet, many business owners of how their data is protected.

Thus, HPMVPS is a total solution to it. The business owner will find Vastspace’s HPMVPS is a complete solution and an answer to all these. They need not hunt high and low for their websites and email hosting services.

HPMVPS is a one-stop hosting solution for businesses. As t is fully managed, you do not employ a server admin to take care of your hosted environment. This aspect is being taken care too, we will deploy the necessary personnel and monitoring tools to ensure smooth operation. We bring down to service failure near zero  is our objective for HPMVPS, it is about business continuity.

, Fail2Ban in your Plesk

Why Premium Shared Hosting?

Many asked why Vastspace has premium shared hosting? Basically, this is how we have differentiated the ordinary shared hosting with the premium one. Why premium?

The ideal of marketing shared hosting is affordable. We see 2 groups of customers have chosen shared hosting. The beginners or the first-timers and the budget users. However, we decided to break the tradition and give more in shared hosting are things like protection and anti-spam.

Today, users are smarter and they know the cyberworld s vulnerable. Attacks come in many ways. They can penetrate from your website, the server, and the most via emails. There are the 3 areas are publicly accessible and it could be vulnerable to outdated software or codes.

Thus, protection in these areas is important. If you do not protects these places, it is like opening the doors to someone and asking them to steal things from you. When you have realized your belonging is stolen, it might be too late.

We have understood the reasons, we designed the premium shared hosting with adequate protection at a reasonable price. So, customers can enjoy the protections at a smaller price tag. In the past, they might be spending a few thousand dollars to enjoy the same but with the premium shared hosting, we change things. 

 

, Fail2Ban in your Plesk

SPF, DKIM & DMARC

A few years back, I still telling many to use SPF to prevent outgoing email domain spoofing. For today, it is more than SPK record, DKIM & DMARC have become a must to prevent email domain spoofing and enhance your email delivery.

However, many still do not have these in their DNS records or just SPF. I personally think this is the moment to have all these 3 if you have not published them for your domain.

There are just too many spam, scam and phishing emails out there. Many email server administrators have tightened their email security, while this filtering rule is tighter, missing records on your domain DNS can be caused delivery failure if they are verifying, also receiving more spam emails.

Thus, it is important to implement all these three items. Modern control panels like cPanel or Plesk is just a few clicks away to seitch on SPF and DKIM. For DMARC, just Google and it is not difficult to have one too.

, Fail2Ban in your Plesk

Using a Linux desktop computer

Not long ago, I have bought this cheap china laptop for US299. It was so cheap but have a backlighted keyboard, 256Gb SSD storage, a brilliant 1920 x 1080, 2.4/5Ghz band WIFI, Bluetooth 5 and it is a Windows 10 Pro. It is an N4100 Intel Celeron CPU with 8Gb RAM. It is not fast but with US 299, it is a steal.

I have raised the TDP power from 7 watts to 14 watts, it has generated more heat but still doable. My action is like overclocking the CPU, hopefully, it performs better. Unfortunately, for an i7 CPU users the overclocked N4100 laptop has performed much slower than expected on Windows 10. This is the first time I get an alert when I’m installing Bitdefender anti-virus.

It is asking me if I’d like to proceed while my notebook has not met the 1500Mhz CPU requirement. I did and it is even slower than before. I have realized on my mistake that I have overestimated a budget CPU laptop.

60% or more of my works is affected by the slowness of this budget laptop. For that money, you probably can do some word processing, internet surfing and couples of the youtube video, simply not amazing, I almost wanted to shelve it.

At a 2nd thought, I installed Ubuntu desktop Linux on this laptop. Guess what? It is alive and most applications I use come in Linux installer too. Now, I have ESET anti-virus, Whatsapp, Thunderbird, Chrome browser writing this article and listening musics on Spotify playing through a pair of bluethood earhphone.

It is definitely not as responsive as my i7 CPU laptop but nether it is slow. Next time you can install a Linux desktop on a slower computer too. I always have the impression that the Linux desktop is borng. It was in the past but it is not the case anymore, I simply love it.

These are a few advantages to use a Linux desktop for me;

a. Better security, as there are much lesser viruses and malware. Even for that reason, I install ESET real-time anti-virus protection.

b. Cheaper ownership. I have paid much lesser to get the same jobs done.

c. Useful out of the box functions have given me the convenient of my works like the terminal, the Linux CLI command, the snapshots, etc.

Moving to a Linux desktop is easier now. The learning curve is not steep than before as there are more ralated articles n the internet and more users.

, Fail2Ban in your Plesk

Using weak password

If you are reading this, it is not too late to update your weak password to a stronger one. What is a strong password? Why there is a need to use a strong password? Ai https://passwordsgenerator.net/ 16 characters and above is considered a strong password.

A strong password, I personally reckon that it must be 10 characters long, comprises of upper letters, lower letters, numbers, and at least one symbol. If your current passwords have not met this requirement, they are weak.

I have seen 123456, abc123, p@ssword and similar. They are an extremely weak password, they should be prohibited and updated immediately.

In today’s internet, access to the internet is easy, brute-force login attacks are common. Thus, you should refrain yourselves using a weak password. A strong password is difficult to remember, the introduction of 2FA will help with this situation. But strong password is the most effective defense from any authorized access.

, Fail2Ban in your Plesk

Fail2Ban in your Plesk

Bruteforce logins attack is common nowadays. If the ports are opened to the internet, they are prone to such attempts to gain access to the services. Using a strong password can reduce your risk but you cannot stop this kind of attack.

To stop totally unless you can limit or restrict access to certain IP addresses. This is not likely possible with the email service. So Fail2Ban can reduce and stop such attempts but it can too block a genuine use from accessing the service in some situations. However, if you are able to understand and fine tweak the module, false-positive can be reduced.

Today, we take a look at this module and neglected it by many Plesk users. One of the reason, this module is not adopted by many Plesk users, it is because this module is not set up by default.

, Fail2Ban in your PleskIf you do not see this module in your Plesk under ‘Tools & Settings’ you can install from updates and upgrades under Plesk further down your screen. You will see this module after successfully installed. Likely you have to login again to see the just installed module.

Once it has installed successfully, we need to configure and turn on the module. I recommend placing your current IP address in the trusted IP section. This will avoid if you are blocked accidentally after you switched on the module.

, Fail2Ban in your PleskNext, we will tell the module which are the services I want to use Fail2Ban. You might not need all but the important one like ssh, Plesk-proftpd. Plesk-panel, Plesk-postfix & Plesk-dovecot. These are the common services we have observed, receive most brute-force attacks. After you have decided which services, switch on and make sure they are active.

, Fail2Ban in your PleskThe final step is the settings. Define how long you want to ban an IP, the number of failed logins within how long each interval. The default is 5 failed logins within 10 minutes and banned for 10 minutes if violated. I felt that the ban period can be longer, 3600 seconds is an hour. Lastly, we check the box to Enable intrusion detection and apply.

Congratulation, we have set up Fail2Ban on Plesk.