DRAAL-V24 Server Schedule Maintenance

Hello,

 

We will be installing some much-required security updates on one of our hypervisor servers. This will necessitate a restart after completion. Unfortunately, this also means that servers and services hosted on the server will also be affected. We would not be performing this exercise unless absolutely necessary.

 

This will be taking place on Saturday 5:30 PM (GMT) and services will be down or show intermittent errors for 3 to 4 hours after.

 

We appreciate your patience and we will update further if there are any issues.

 

Hello,

A required security updates have been installed on one of our hypervisor servers. The services and servers hosted on the server were online. The servers and services hosted on the server being down for approximately 30-45 minutes.

We appreciate your patience.

Babcom Post gets the Gold Watch

Retiring

 

The end of the month is looming for HELM customers (another post coming on this) but I also wanted to remind you that during this process the babcom-post servers are being retired at the end of this month too and we will no longer be providing a free bulk smtp service.

The reasons have been explained in the past in loads of other posts but put simply, its a very difficult and costly service to manage as our customers requirements continue to increase and quite frankly there are other service providers out there who will offer an SMTP service only which is better geared up for the job than we can provide.

For most these service providers will be able to provide the service also for FREE as the volume of mail sent is less than their monthly quota’s. For some you may need to pay a few pennies for a dedicated (supported) service which costs thousands to run so it really is a good alternative. The bottom line is that anyone using Babcom post servers will need to start relaying email through an alternate service provider asap to avoid disruption to your websites messaging from 31st December 2014.

We recommend mandrill.com which gives 12,000 free emails per month per user, or sendgrid.com for a more advanced (paid for) service. Both of these companies will help you to do the essential housekeeping by keeping your mailing lists clean and stoping the invalid email addresses bouncing, which will help to improve your user experience as mail is delivered faster from a load balanced global network of servers.


 

Planned downtime of DDOS’d shared servers

Tonight there will be a planned outage of servers vorlon-h9 (62.197.38.70) and vorlon-w3 (62.197.38.199).

These are the 2 servers which are primarily being affected by the DDOS attack, to further mitigate the effect this attack is having on our network we are moving them to another network where the traffic can be isolated.

Please note that this will not reduce the affect the attack is having on these servers, we are simply taking this action to remove the traffic from our core network where it is affecting other customers.

As we have explained in our previous blog posts, the end result of a DDOS attack causes the network to be flooded so that legitimate traffic cannot get through, we realise that most customers are having a hard time understanding what this means and why this is not our fault, so we found this video which makes DDOS easier to understand: https://www.youtube.com/watch?v=OhA9PAfkJ10

Why is my website slow or not responding ?

Our DDOS mitigation has to filter every single request for every single webpage on every single website that is pointing to the attacked IP address to determine if it is a malicious request or not, and if so, the source IP address of the attacker is blocked.

Scanning thousands of requests per second takes a lot of processing power, but this attack is worse than a regular DDOS attack as it has a morphing signature, this means that the pattern of the attack is constantly changing, so that our blocking filters ncan suddenly stop working and we have to keep trying new ones each time the attack changes.

As a result this also slows down all legitimate traffic as well and sometimes legitimate traffic can get flagged as malicious and your IP address gets blocked, which means some people may not be able to view your own website.

This unfortunately is unavoidable, we either loosen the blocking and filtering and allow more malicious traffic through, which will cripple more servers and websites so will not help you, or we tighten the filtering and live with the false positives, but at least things are working for some people.

This filtering has to stay in place until the attack stops, again we have no choice in this matter, if we turn off the DDOS mitigation then everything stops working for all customers.

It is also important to understand that if YOUR website is under attack then it does not matter where your website is hosted as the attack is directly against your domain, so changing hosts will not help you, it will simply transfer the problem to the new host and affect their systems and their customers instead.

Is there any solution?

There is no way to stop a DDOS attack, all you can do is perform DDOS mitigation to try and reject as much of the malicious traffic as possible and then wait until the attack stops.

We do however have a couple of solutions that can help to reduce the impact on your website.

1. Get a dedicated IP address.

If you have your own dedicated IP address then this will isolate you from attacks against other customers who are on the shared IP address.

Any mitigation being done against the website/IP address being attacked will therefore have no affect on your website, so even If the attacked IP added is completely blocked then traffic to your website will continue as normal.

You will however still be subject to any general network overload/latency problems that occurs as a result of DDOS attacks getting through while mitigation is being performed, and this will not stop your own website being attacked.
If your own website is attacked, your IP address can then be blocked to avoid problems for other websites and customers on the same server, or mitigation can be performed directly on your IP address alone.

The cost for a dedicated IP is £3.99 per month or £39 per year.

2. Use a 3rd party DDOS protection service.

e.g. https://www.cloudflare.com/ddos

Using such a service will filter all traffic through cloudflare before it reaches the server and they monitor for DDOS attacks and automatically start blocking and filtering any malicious requests.

We are in the process of signing up as a partner with CloudFlare so that we can supply this service to customers directly, but you are of course welcome to signup with CloudFlare or similar provider directly.

This will also require a dedicated IP address.

Fresh New Design and Increased Functionality of Your Host Partners Support Portal

This is just a quick one to tell you about the new design and functionality of your Host Partners Support Portal www.myhostsupport.com

As a few of you will have seen the Host Partners Support Portal, where you go to sort out any niggling issues with your Blue Thunder hosting, has just had a fresh new redesign. The layout is nice and clean and it is even more intuitive and easy to use than before.

Host Partners Support

We are still partnering with the fab people at Kayako Software to bring you this system as they have proved themselves to be the most dependable provider, helping us in our ongoing effort to make our customer experience and customer service the best there is.

Our support portal features 24/7 live chat support, along with hundreds of knowledge base articles which will help you sort out the majority of issues with ease. Our service news, announcements and blog posts are displayed in the portal to help you stay up to date while managing your support tickets. The system suggests answers to your questions as you type and when you get in touch with our team they see all your calls, messages and help tickets in one place, enabling them to get to the heart of the issue in no time so you can get back to your day.

We hope you like the new look and feel of www.myhostsupport.com and we are excited to see how it develops and helps you over the next few months.

Chow for now

Clauds

How To: Work Out Whether You’re With HELM and Organise Migration

We are delighted that lots of you have come to us to organise the migration of your website hosting control panel from the HELM panel (which is soon to be killed by Parallels) to our free control panel WebsitePanel.

We’ve still got a few more of you to move so we’re going to explain how to figure our whether you are using HELM, and what you need to do to organise moving it.

If you started hosting with us since 2012 you will be on WebsitePanel already, so you have nothing to worry about.

For those of you who set up your hosting before this, you can see if you are a HELM user by looking at the username you use to log into your hosting control panel at www.myhostcontrols.com

If it starts with CFMX or LNC you are still with HELM. If it is made up of numbers only then you are safely on the new platform and you can merrily go back to whatever you were up to today!

Users of the HELM hosting control panel will loose access to the panel on 31st December 2014 as it will reach End Of Life (EOL) and no longer be supported by Parallels. This means it will no longer be possible to log on to the control panel to change your hosting settings, your payment details, or lots of other things that it would be handy to do, which would reduce your ability to control your website.

If your payment details were to expire, for example, your website would be in danger of being pulled offline unless you can find a techie to wiggle their way into your hosting and sort it out for you. This would take much more time than fixing it before EOL, and therefore cost you quite a bit.

Luckily we have a few solutions for you.

Clever-techs who are using the HELM control panel can manage their own migration by following Russ’s guide HERE

For those of use who would struggle with this (No offence intended Russ but it’s gobbledegook to me!) we are offering a cost effective migration service. The migration fee will depend on your site, so do give us a call on 0845 468 2369 to get a quote.

 

WebsitePanel is the hosting control panel we will migrate you too. We made it a few years ago, and designed it to be incredibly intuitive and easy to use, so we are confident you will get the hang of it in no time.

Look forward to hearing from you

Clauds

P.S The technically curious amongst you can read more about the history of HELM and what exactly is going on HERE.

 

 

DDoS Mitigation

After a very long night and early morning we are now hopefully over the worst of the DDoS attack although there is still some blocks of traffic coming through which is slowing down connectivity across the network but this should pass soon. Naturally Hackers choose the highest impact time to do things like this but i have to say, in the companies 20 year history this almost 100GB continual DDoS traffic is the most anyone here has ever seen.

Having spent much of yesterday and today explaining the problems of DDoS we have decided to post this blog to put a little more context around the issue for all customers, and to explain the measures we have taken in more detail and what the implications of these measures are.

What is a DDoS attack?

Since early 2000, DDoS (Distributed Denial of Service) took the form of a basic attack against availability. These “flood attacks” had one goal of trying to overwhelm a network connection with excess traffic with the sole purpose of taking that web property offline. Since 2000, these flood attacks have increased from around 400Mbps of traffic to often exceeding 100Gbps today but regrettably its not just the size of the attacks that has changed.

From 2010, there has been a renaissance in DDoS attacks that has led to the development of sophisticated tools, targets and methods thanks to small but highly skilled groups like Anonymous and the rise of “Hacktivism”. Today, DDoS is a complex attack against availability with our network alone having to cope and defend against up to 28 attacks per hour.

The main thing that has changed is that there is now Zero barriers to entry. With a few tools downloaded form the Internet now anyone with an Internet connection and a grievance can launch an attack. It used to be certain industry verticals would be the most likely targets for DDoS such as banking, finance, gaming and e-commerce but today the game has changed and any business, for any reason, any real or perceived offence or affiliation, can become a target.

What we experienced last night was the mother of all DDoS. A multi-vector attack, combining flood, application and state exhaustion attacks against infrastructure devices all in a single, sustained attack. These attacks are popular with hackers because they difficult to defend against and often highly effective. Earlier this year I announced in this blog the details of our newly upgraded network which effectively quadrupled the number of transit providers we peer with (i.e telcos we can send and receive traffic from) from an additional 3 POP’s in London connected via a metro fibre ring. This new capacity certainly helped to minimise the disruption customers experienced and without it we would most likely still have most routes still closed or crippled this morning. I’m very proud of what Russ, Mansoor and the team achieved last night as it was by far the biggest attack in company history and we handled it as efficiently as anyone could hope for with minimal impact on customers.

So what can / will be done about it?

Last night we implemented another extension to the network. A third defensive layer that now combines our on-premise and off-premise monitoring with an extra cloud based protection and predictive monitoring solution from NTT. NTT Communications DDOS mitigation services, has deployed technologies to quickly stabilise the situation, identify root causes, key attack vectors, and filter traffic until the threat subsides. Built upon industry-leading DDoS protection platforms, NTT Communications’ global Tier 1 IP network and 24×7 expert monitoring services, adds a new DDoS Protection architecture that allows for fast and effective actions to minimize the impact of a DDoS attack.

Volumetric Attacks
TCP SYN Flood
UDP Flood
ICMPFlood
Reflection Attack

Application Layer Attacks
HTTP-GET
HTTP-POST
SSL

This additional screening facility has been deployed for every IP block in our range which requires us to apply an additional charge of £1.50 per dedicated IP address to all customers monthly invoices who use our IP’s. These fee’s only apply to customers with dedicated IP addresses to help cover the cost of these new facilities that will only serve to make our network stronger, more resilient and able to cope with the ever increasing threat of cyber terrorism and hacking.

Intermittant network issues due to DDOS attack

At present we are currently undergoing a DDOS attack which is directed specifically at one of our customers servers.
This is resulting in disruption to our network and intermittent down time.

We are currently  working to mitigate the effect of this attack and stabilize services.

More information as we have it.

== update 01:51 25/11/2014The original DDOS attack was mitigated, but we then received another even bigger attack Monday evening against 2 of our shared hosting servers.

Again our DDOS mitigation team thwarted the attack and re-routed  the traffic, but we discovered that this was being bypassed by some attackers via LONAP (one of our old upstream providers who have a POP in our data center suite). This vector has now been removed from our network as well.

Recognizing the ongoing & increasing threats from DDoS attacks, we are now using the services of NTT Communications DDOS mitigation services, which has deployed technologies to quickly stabilize the situation, identify root causes, key attack vectors, and filter traffic until the threat subsides. Built upon industry-leading DDoS protection platforms, NTT Communications’ global Tier 1 IP network and 24×7 expert monitoring services, our DDoS Protection Service allows for fast and effective actions to minimize the impact of a DDoS attack when compared to networks which do not have such a service in place, which can effectively be crippled for days or even weeks.

This is just one of the many new measures we have taken to improve our infrastructure since acquiring Loud n Clear last year and  with these new measures we are now in a better position to handle any future DDOS attacks.

== update 10:26 26/11/2014
Having blocked most of the attacks throughout the night we managed to remove it from most of the network but the attack is still ongoing on two IPs 62.197.38.70 and 62.197.38.199 – the shared hosting IPs. Both of these IPs are blackholed at the moment as the DDOS team is struggling to scrub the traffic successfully due to the complexity of this attack. Everything else apart from the above two IPs should be performing as expected but service may be slightly slower due to the work on the routers and switches. Our senior network engineer is still working with the DDOS team to customize the filters/rules to block the last of the attack and we hope to update you soon to say its been completed.

== update 13:21 26/11/2014
We have now scrubbed all the offending traffic and service has resumed to normal levels. If you are still experiencing any issues please contact us via the helpdesk (www.myhostsupport.com) with the exact website and issue you are having. We have identified a number of compromised websites on the shared servers and at this stage it is not clear if it is connected to the last 24 hours of activity. You should expect services have resumed to normal speed now that work has been completed.

Customers advised to change passwords and scan websites for malware due to increased hacker activity

Over recent weeks we have noticed a huge increase in hacking attempts against our servers originating mostly from China. You may not be aware or have noticed that in recent years the majority of hacking attempts and surveillance queries are coming from IP addresses originating in China. Chinese hackers are becoming the most common and pervasive pests as evidenced by the US government’s Titan Rain investigation covered in this article in Computerworld. More recently, Google has expressed serious concerns about hacking attempts originating from China.

Unfortunately the government in China does nothing to stop or even discourage hackers or their  illegal activities. As such, we must protect ourselves from the Chinese hackers and content thieves. We have therefore now made the decision to implement a number of IP block lists which will actively block large amounts of traffic originating from IP addresses in countries which are known for most of the hacking activity. This includes China, Korea, Nigeria, Russia and parts of south America.

As a result of this increased hacker activity there has also been an increase in the number of customers websites and email that have been compromised, largely due to their having weak passwords which have been easily hacked through basic brute force dictionary or rainbow table attacks or through vulnerabilities in their website itself.
Through our investigations we have discovered that a large number of customers have files within their websites which are allowing attackers to upload malicious code and scripts. This includes outdated and insecure CMS systems with vulnerabilities and WYSIWYG editors such FCKEditor which contain known vulnerabilities in older versions, as well as other insecure upload and file managers or insecure copie sof ColdFusion CFIDE folders, and even test files which have been left on the server by developers.

We therefore strongly advise all customers to reset both their FTP and email passwords for themselves and also for fellow users/staff to do the same. A strong password should be a bare minimum of 12 characters or more, with upper case, lower case, numbers and special characters. You should always use a unique password for every service and website, *** DO NOT USE THE SAME PASSWORD MORE THAN ONCE ***

Here are some useful tools to assist you.

  • Strong Password Generator – Use this handy tool to generate strong passwords.
  • LastPass - Remembering complex/strong passwords is hard if not impossible, but you don’t need to. LastPass An excellent tool for storing and managing all your passwords and other secure information in one place, so you only have to remember 1 password, your LastPass password, and LastPass does the rest, including generating your passwords for you.

We also strongly recommend that all customers also audit/scan  their website ASAP for any malware and if using any popular off the shelf CMS systems such as Mura, Joomla, Drupal, WordPress etc, to update to the latest version and to also subscribe to alerts for when these products are updated.
If you do not have the necessary skills to keep your website secure, then we recommend using SiteLock.

Don’t Lose Business From Hackers

SiteLock provides comprehensive website security for small businesses. SiteLock offers online businesses a smart, cost effective way to protect their business while increasing sales by over 10% through earning trust. SiteLock’s Trust Seal also provides customer confidence and has been proven to substantially increase sales and conversions, with 70% of web visitors looking for a verifiable 3rd-party certification before providing personal data.

Malware Detection
Quick diagnosis of any harmful infections
or malware on your business website.
On-Demand Expert Support
Team of experienced website surgeons to repair any injuries, infections and bugs.
Blacklist Monitoring
Daily health check of your website to keep
it off Google’s blacklist.
Vulnerability Identification
An X-ray of your website that discovers security holes, and virus injections.

CLICK HERE for details and pricing.

 

ENOM DNS issues

ENOM are currently having some DNS issues which is affecting any of our customers who use ENOM DNS servers. This includes customers who manage their DNS through our domain portal www.loudex.net which uses ENOM.

Sorry for the inconvenience, but this is somehting we have no control over.

more details can be found on ENOM’s twitter feed here

CryptoLocker Virus – What you need to know

With Christmas fast approaching, it’s the time of year that online scammers, spammers and hijackers send themselves into overdrive mode.

Christmas is such an important time of year for many of our businesses, especially those in e-commerce who need to deal with the festive spike, so hackers know it is a good time to strike.

One of the nastiest online threats around has sadly reared it’s ugly head again this year, and has affected some of our customers.

It is a particularly horrible piece of ransomware called Crypto Locker, which is infecting Windows computers around the world, and has been since September 2013.

It is delivered in email form, and tricks recipients into opening the email by pretending to be from a legitimate company. Those who download the zip file inside it unintentionally allow Crypto Locker to control their computers. Crypto Locker then holds your computer hostage and leaves you with one choice: pay a set amount of ransom money or lose everything on your hard drive.

Once the virus has taken hold, there is horribly little you can do, but we do have a couple of suggestions that could help.

Infected computers will display a warning notice (from the virus) that tells you not to “disconnect from the Internet or turn off your computer”. Funnily enough, this is exactly what you should do, as if the virus is still in the process of infecting your files, unplugging your computer may save some them.

Next, find out which files you have lost to assess the extent of the damage. Check whether you have backups of these, which could be in your ‘Windows System Restore’ files. Make sure there is nothing missing that you absolutely need and don’t have access to anywhere else. Hopefully you will find everything essential to you, as paying the ransom to get them back will only encourage more malware of this sort to be created.

If you do have a backup, you should wipe your computer of the virus by running your antivirus software, as virtually every version will get rid of Crypto Locker. Next you can restore your backup and sigh a huge sigh of relief.

If you do not have backups, and you have no other way of accessing important files, there is little you can do but pay the ransom.

There are however a number of copycat viruses around which show up asking for money even though your computer isn’t infected. So if you do think your computer may be infected, ask an expert before paying anyone anything!

To prevent an attack, make sure you are careful with any email you receive and don’t open it if you can’t figure out who it is from or why they may be emailing you. Back up all of your personal and business files regularly, and run up to date anti-virus software regularly.

Be really careful with any email you receive, don’t download or open any attachments before being absolutely sure what they are.

If you are still unsure of your options, give us a call on 0845 468 2369 and we can discuss the virus, precautions you should take and anti-virus software.