I am writing to update all customers who have sites hosted on our primary dedicated box (dev.awebserver.co.uk) regarding two service interruptions over the christmas period. Although these issues are resolved, I wish to advise what happened, what caused it and how it can be avoided in future.

On Christmas Day, three websites were exploited (all Joomla websites) due to a recently identified vulnerability. The /tmp directory of these websites were abused and in one case, over 40 rogue spam sending scripts were uploaded which generated over 100,000 spam emails. This was identified and resolved quickly but it caused a blacklist of the servers mail IP. To avoid further disruption, our server admins patched the problem sites and adjusted the mail IP so no mail issues would occur. *Note: Over 95% of clients on this server use Google Business Apps, so mail interruption would NOT have been an issue.

One of the sites (with 40 rogue scripts) was 7 incremental versions out of date and no maintenance package is in place. If you don't have maintenance on your website, you are responsible for patching it. It is vital to keep open source applications like Joomla and WordPress up to date. Un-maintained websites will be moved onto lower spec VPS in the new year to ensure optimum performance of the primary servers.

Updated Server Environment and Security

A decision was made to move away from DSO PHP and update all client sites with SU PHP. This allows us to control security more effectively and identify issues faster. This change required global permissions changes on the server and all websites have been updated with new permissions.

If you notice any permissions errors in your website(s), please raise a support ticket and it will be fixed swiftly

WordPress Users

The main server is now running SU PHP and permissions will be much easier to manage. No longer do you need to configure FTP settings in wp-config and we advise your remove these settings from existing sites. The SU PHP environment will allow WordPress (and Joomla) to install components, modules and plugins without the need for FTP. If you try and patch any WordPress website which has FTP settings configured in wp-config, it will fail and generate errors until you remove the FTP details. If you are unsure ask us (or your website developer).

New Clam AV Security Scanner

Every CPanel user on the server has been issued with a new Virus Scanner. This scanner allows you to scan mail directories, website files or the entire /home directory. Any malicious files found can be deleted or quarantined.

Password Security

The password security level has been increased to 75. This means that any auto-generated passwords will be more complex and any manually entered ones will be rejected unless they include a mix of upper case, lower case and characters. This makes it harder for hackers to obtain your login details. We advise that you change your passwords regularly also. 

Backed Up Websites

As mentioned before, we protect ALL websites with R1 Enterprise as standard but only hold a 5 day archive. The tools to download your own backups for safe keeping are provided in Cpanel and I recently created a walk through video guide which can be found here. For those with no experience or time spare, please consider the new Amazon S3 Safe Scheme which automatically backs up and holds your website data for 3 months. Prices are from £25 and provide peace of mind in the event of needing to recover a website from a hack or problem beyond the 5 day archive limit.

Sunday, January 3, 2016

« Back