Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

SPF, DKIM & DMARC

A few years back, I still telling many to use SPF to prevent outgoing email domain spoofing. For today, it is more than SPK record, DKIM & DMARC have become a must to prevent email domain spoofing and enhance your email delivery.

However, many still do not have these in their DNS records or just SPF. I personally think this is the moment to have all these 3 if you have not published them for your domain.

There are just too many spam, scam and phishing emails out there. Many email server administrators have tightened their email security, while this filtering rule is tighter, missing records on your domain DNS can be caused delivery failure if they are verifying, also receiving more spam emails.

Thus, it is important to implement all these three items. Modern control panels like cPanel or Plesk is just a few clicks away to seitch on SPF and DKIM. For DMARC, just Google and it is not difficult to have one too.

Fail2Ban in your Plesk

Bruteforce logins attack is common nowadays. If the ports are opened to the internet, they are prone to such attempts to gain access to the services. Using a strong password can reduce your risk but you cannot stop this kind of attack.

To stop totally unless you can limit or restrict access to certain IP addresses. This is not likely possible with the email service. So Fail2Ban can reduce and stop such attempts but it can too block a genuine use from accessing the service in some situations. However, if you are able to understand and fine tweak the module, false-positive can be reduced.

Today, we take a look at this module and neglected it by many Plesk users. One of the reason, this module is not adopted by many Plesk users, it is because this module is not set up by default.

Fail2BanIf you do not see this module in your Plesk under ‘Tools & Settings’ you can install from updates and upgrades under Plesk further down your screen. You will see this module after successfully installed. Likely you have to login again to see the just installed module.

Once it has installed successfully, we need to configure and turn on the module. I recommend placing your current IP address in the trusted IP section. This will avoid if you are blocked accidentally after you switched on the module.

fail2banNext, we will tell the module which are the services I want to use Fail2Ban. You might not need all but the important one like ssh, Plesk-proftpd. Plesk-panel, Plesk-postfix & Plesk-dovecot. These are the common services we have observed, receive most brute-force attacks. After you have decided which services, switch on and make sure they are active.

fail2banThe final step is the settings. Define how long you want to ban an IP, the number of failed logins within how long each interval. The default is 5 failed logins within 10 minutes and banned for 10 minutes if violated. I felt that the ban period can be longer, 3600 seconds is an hour. Lastly, we check the box to Enable intrusion detection and apply.

Congratulation, we have set up Fail2Ban on Plesk.

 

VEPP ~ Things don’t stop here

Yesterday, I have spoken to Artem, the business development manager for ISPsystem. Apparently, what we are seeing at VEPP is more like a SaaS model, we are expecting a provider’s version.

Why am I paid attention to VEPP? There are two reasons actually, the unconventional control panel layout and the security addon I have yet to try out. Website security has been important to the website owner.

They advertise

  • Use the built-in antivirus
  • Firewall settings
  • Enable spam and fishing protection
  • Configure an external backup storage

If this is true, this can be a little better than 2 existing renown control panels, added the user-friendliess. At this moment, the info has given to me is little. So, I’m looking forward to deploying the provider’s version and share more with the readers.

What is VEPP?

It is a simplified control panel for WordPress mainly developed by ISPsystem. They advertise “With Vepp you can easily install WordPress, assign a domain, and get a free SSL. You’ll be sure your website is stable and secure.”

I was asked to try. The installation is untraditional. You prepare a server instance and assign it to your account at my.vepp.com to get started. Apparently, if you want to change to other server or server details, you have to write in. I do not like the idea that this is not self-serviced. Maybe there is a reason for that, let me dive deeper and probably I will find the reasons.

Anyway, the installation started at my.vepp.com because I’m further it has taken me 30 minutes than the advertised 10 minutes to install VEPP. I assume providers will have this “my.vepp.com” set up in their infra. This will get closer to the users and significantly cut down the installation time.

Before we are going to the 2nd part of this review, I have asked myself a few questions. Do I still need to update my server OS? If the updates will break my previous installation? If kernelcare is compatible? Can I install other libraries and components in my server? How about another website and web application?

I will address these in my 2nd round of review on VEPP.

Woe using server-side statistics

Woe using server-side statistics

Server-side stats like Awstat uses web server log files to determine access from, date and time etc. Most control panels come with server-side stats.

You might not be using them but web statistics are important. You will never know if you ever need it. If you have a website, you make sure they are working. However, I recommend you to use free analytics tools from Google for example.

Why? It is about accuracy.  Do you mean the server-side stats is not accurate? Not exactly until you are using …A proxy service like Cloudflare, Sucuri or similar.

If you need web analytics I suggest you start using external service like Google analytics, As soon as your website uses a proxy service like Sucuri or similar, your visitors hit the proxy instead come directly to the web server.

Some worst situation. you forget to configure ‘x-forward’ to the web server configuration. Your web server is collecting your firewall or proxy IP addresses and not your visitors.

These proxies, they cache your content, in other words, your visitors did come to you but your web server will not able to detect them.

Basically, try not using the server-side web stats even you are not using any web application firewall. But we never know as web security has become very important for websites. I’m sure you do not want to read data from two different places.

About Plesk Onyx

About Plesk Onyx

Not long ago, we have briefly spoken on Plesk Onyx vs cPanel. There are pros and cons of these control panels. However, I like Plesk Onyx a little more.

In Chinese, we call it 先入为主 means the first impression. Honestly speaking, it’s easier to navigate on Plesk as compare to its competitors.

Recent years, Plesk Onyx is stable and reliable, it is not bug-free, actually, I haven’t seen anything like that. When I have encountered an issue, at most times I’m able to get a solution or at least a workaround from the knowledge base.

I felt that the support team has done a very good job. People like us prefer looking into the KB than writing an email to the support team. Basically, we want to solve the issue fast.

Other things I want to mention, it is their extensions. I’m overwhelmed by the extensions available. They do not cost a lot and there are many for different purposes.

If you are a Plesk Onyx user, I can see a few of them are useful. Like the Kernelcare, imunify360 and anti-spam from SpamExperts and MagicSpam. There are a few free extensions are useful too like the watchdog, Pagespeed etc.

In Plesk Onyx, you can switch on HTTP/2 when your Nginx is enabled. HTTP/2 is faster and more secure if you are not aware. I also suggest you use PHP-FPM for better performance, the PHP website performs better in FPM.

A few things to do on your control panel

A few things to do on your control panel

What do you do when you first received your hosting with Plesk or cPanel? It is common for you to set up a user account and uploads a website. I’m sure you do that. It’s nothing wrong if you are a shared hosting user. Actually, you are a tenant, is using part of the control panel, not the entire server.

However, things are different on a VPS and dedicated server. But most times, I’m still seeing the client neglected some of the settings I’m going to mention later.

Since VPS and the dedicated server is entire own by you, so as well the control panel if you are using Plesk or cPanel. The settings you will be doing it in prior to setting up your websites. Please take mote cPanel known as WHM for the server administrator, the root user.

a. Whether you are using WHM (cPanel) or Plesk Onyx, update your admin & root user’s default password. Do not use the default password.

b. Check the server hostname, make sure they are resolvable and PTR (rDNS) is set up.

c. Server time is correct where it is tallied to your time zone.

d. Your update is turned on and its frequency.

e. The RBL on your email service for anti-spam filtering.

f. Mod_security is switched on.

g, The strength of the password is set to ‘strong’ or above.

h. Monitor the space left on this server.

Actually, there are other things you might consider to go through and set them up. However, the above is the important task I suggest you do prior to start using your server.

 

 

 

 

 

 

Plesk Onyx or cPanel?

Plesk Onyx or cPanel?

I would say this is a question for you when you are subscribing a web hosting. Some may have been using cPanel and some use Plesk. Whatever the case do you actually need them? The control panels are not free, they are selling in monthly or paid upfront yearly for a discount.

So, the question is do you need them? And which one? I have been dealing with many Linux and Windows servers, and my answer is yes. However, cPanel is limited to Linux only. If you have a Windows server, a control panel might not be necessary but it is making your life easier and save time on a Linux server.

It has to do with the operating system. In my opinion, this is the reason why you need it on a Linux server and it is not a must or you simply forget about it. So what to do with the operating system? On a Windows server, it offers a GUI and most items are manageable through the administrator’s interface.

Unlike a Linux server, you can operate a Windows server with little understanding. Just Google searches and navigate on a Windows server, you might find setting up your website is pretty straight forward, Thanks to the GUI, it is easy to understand the steps and what to execute.

Linux server uses a SHELL, and commands can be compleated. You might need customization for some hosted situation and these adjustments done on configuration are in text format. Any mistyped or misconfiguration can cause the service related refuse to start.

Each time you have made any changes to a configuration you need to reload to take effect. To set up a website like WordPress and install the required services and components, you will take more time on a Linux server than Windows server.

Especially to a novice, it is difficult to set up on a Linux server but the success rate is high on a Windows server. So that’s mean to say it a good idea to have a control panel on Linux server but you can dave if it a Windows server.

Now, we know high chance we will need a control panel if you own a Linux server, However, cPanel or Plesk Onyx works best for you? Actually, this control panel has targetted a different type of customers in my opinion. If you are a beginner and do not spend much time to understand each function, I suggest Plesk. However, if you want to dive deeper and better control on the server, goes with cPanel.

I personally like Plesk but sometimes I hate it when I want to do a bit more like changing the behaviour of my mail service, I always ended up in SHELL but it might not be the case for cPanel. One thing I’m sure is you will save plenty of time and it is much easier working with a control panel on a Linux server.

Most control panels work well with CentOS Linux distribution, thus it is popular.

All Support for version 11.30 Ends April 2, 2019

All Support for version 11.30 Ends April 2, 2019

Today cPanel told us; As of April 2, 2019, cPanel L.L.C. is dropping all support for cPanel & WHM version 11.30.

According to cPanel, there are still some servers running cPanel & WHM version 11.30 in use today! Version 11.30 reached End Of Life status back in January 2013 and has not received updates since that time.

cPanel wants you to know that with this action of ending support for 11.30, they will also end support for BSD, and anything not CentOS or RHEL. Please review these documents for more information:
cPanel & WHM End of Life Policy
cPanel & WHM Upgrade Blockers

Please also note that support for cPanel & WHM version 11.32, which reached End Of Life status back in August 2013, will be dropped, next. Our data tells us that there are servers still running on that tier as well.

So, if you are still using 11.30, need to act fast. Vastspace is cPanel NOC Partner.