Fresh New Design and Increased Functionality of Your Host Partners Support Portal

This is just a quick one to tell you about the new design and functionality of your Host Partners Support Portal www.myhostsupport.com

As a few of you will have seen the Host Partners Support Portal, where you go to sort out any niggling issues with your Blue Thunder hosting, has just had a fresh new redesign. The layout is nice and clean and it is even more intuitive and easy to use than before.

Host Partners Support

We are still partnering with the fab people at Kayako Software to bring you this system as they have proved themselves to be the most dependable provider, helping us in our ongoing effort to make our customer experience and customer service the best there is.

Our support portal features 24/7 live chat support, along with hundreds of knowledge base articles which will help you sort out the majority of issues with ease. Our service news, announcements and blog posts are displayed in the portal to help you stay up to date while managing your support tickets. The system suggests answers to your questions as you type and when you get in touch with our team they see all your calls, messages and help tickets in one place, enabling them to get to the heart of the issue in no time so you can get back to your day.

We hope you like the new look and feel of www.myhostsupport.com and we are excited to see how it develops and helps you over the next few months.

Chow for now

Clauds

How To: Work Out Whether You’re With HELM and Organise Migration

We are delighted that lots of you have come to us to organise the migration of your website hosting control panel from the HELM panel (which is soon to be killed by Parallels) to our free control panel WebsitePanel.

We’ve still got a few more of you to move so we’re going to explain how to figure our whether you are using HELM, and what you need to do to organise moving it.

If you started hosting with us since 2012 you will be on WebsitePanel already, so you have nothing to worry about.

For those of you who set up your hosting before this, you can see if you are a HELM user by looking at the username you use to log into your hosting control panel at www.myhostcontrols.com

If it starts with CFMX or LNC you are still with HELM. If it is made up of numbers only then you are safely on the new platform and you can merrily go back to whatever you were up to today!

Users of the HELM hosting control panel will loose access to the panel on 31st December 2014 as it will reach End Of Life (EOL) and no longer be supported by Parallels. This means it will no longer be possible to log on to the control panel to change your hosting settings, your payment details, or lots of other things that it would be handy to do, which would reduce your ability to control your website.

If your payment details were to expire, for example, your website would be in danger of being pulled offline unless you can find a techie to wiggle their way into your hosting and sort it out for you. This would take much more time than fixing it before EOL, and therefore cost you quite a bit.

Luckily we have a few solutions for you.

Clever-techs who are using the HELM control panel can manage their own migration by following Russ’s guide HERE

For those of use who would struggle with this (No offence intended Russ but it’s gobbledegook to me!) we are offering a cost effective migration service. The migration fee will depend on your site, so do give us a call on 0845 468 2369 to get a quote.

 

WebsitePanel is the hosting control panel we will migrate you too. We made it a few years ago, and designed it to be incredibly intuitive and easy to use, so we are confident you will get the hang of it in no time.

Look forward to hearing from you

Clauds

P.S The technically curious amongst you can read more about the history of HELM and what exactly is going on HERE.

 

 

DDoS Mitigation

After a very long night and early morning we are now hopefully over the worst of the DDoS attack although there is still some blocks of traffic coming through which is slowing down connectivity across the network but this should pass soon. Naturally Hackers choose the highest impact time to do things like this but i have to say, in the companies 20 year history this almost 100GB continual DDoS traffic is the most anyone here has ever seen.

Having spent much of yesterday and today explaining the problems of DDoS we have decided to post this blog to put a little more context around the issue for all customers, and to explain the measures we have taken in more detail and what the implications of these measures are.

What is a DDoS attack?

Since early 2000, DDoS (Distributed Denial of Service) took the form of a basic attack against availability. These “flood attacks” had one goal of trying to overwhelm a network connection with excess traffic with the sole purpose of taking that web property offline. Since 2000, these flood attacks have increased from around 400Mbps of traffic to often exceeding 100Gbps today but regrettably its not just the size of the attacks that has changed.

From 2010, there has been a renaissance in DDoS attacks that has led to the development of sophisticated tools, targets and methods thanks to small but highly skilled groups like Anonymous and the rise of “Hacktivism”. Today, DDoS is a complex attack against availability with our network alone having to cope and defend against up to 28 attacks per hour.

The main thing that has changed is that there is now Zero barriers to entry. With a few tools downloaded form the Internet now anyone with an Internet connection and a grievance can launch an attack. It used to be certain industry verticals would be the most likely targets for DDoS such as banking, finance, gaming and e-commerce but today the game has changed and any business, for any reason, any real or perceived offence or affiliation, can become a target.

What we experienced last night was the mother of all DDoS. A multi-vector attack, combining flood, application and state exhaustion attacks against infrastructure devices all in a single, sustained attack. These attacks are popular with hackers because they difficult to defend against and often highly effective. Earlier this year I announced in this blog the details of our newly upgraded network which effectively quadrupled the number of transit providers we peer with (i.e telcos we can send and receive traffic from) from an additional 3 POP’s in London connected via a metro fibre ring. This new capacity certainly helped to minimise the disruption customers experienced and without it we would most likely still have most routes still closed or crippled this morning. I’m very proud of what Russ, Mansoor and the team achieved last night as it was by far the biggest attack in company history and we handled it as efficiently as anyone could hope for with minimal impact on customers.

So what can / will be done about it?

Last night we implemented another extension to the network. A third defensive layer that now combines our on-premise and off-premise monitoring with an extra cloud based protection and predictive monitoring solution from NTT. NTT Communications DDOS mitigation services, has deployed technologies to quickly stabilise the situation, identify root causes, key attack vectors, and filter traffic until the threat subsides. Built upon industry-leading DDoS protection platforms, NTT Communications’ global Tier 1 IP network and 24×7 expert monitoring services, adds a new DDoS Protection architecture that allows for fast and effective actions to minimize the impact of a DDoS attack.

Volumetric Attacks
TCP SYN Flood
UDP Flood
ICMPFlood
Reflection Attack

Application Layer Attacks
HTTP-GET
HTTP-POST
SSL

This additional screening facility has been deployed for every IP block in our range which requires us to apply an additional charge of £1.50 per dedicated IP address to all customers monthly invoices who use our IP’s. These fee’s only apply to customers with dedicated IP addresses to help cover the cost of these new facilities that will only serve to make our network stronger, more resilient and able to cope with the ever increasing threat of cyber terrorism and hacking.

Intermittant network issues due to DDOS attack

At present we are currently undergoing a DDOS attack which is directed specifically at one of our customers servers.
This is resulting in disruption to our network and intermittent down time.

We are currently  working to mitigate the effect of this attack and stabilize services.

More information as we have it.

== update 01:51 25/11/2014The original DDOS attack was mitigated, but we then received another even bigger attack Monday evening against 2 of our shared hosting servers.

Again our DDOS mitigation team thwarted the attack and re-routed  the traffic, but we discovered that this was being bypassed by some attackers via LONAP (one of our old upstream providers who have a POP in our data center suite). This vector has now been removed from our network as well.

Recognizing the ongoing & increasing threats from DDoS attacks, we are now using the services of NTT Communications DDOS mitigation services, which has deployed technologies to quickly stabilize the situation, identify root causes, key attack vectors, and filter traffic until the threat subsides. Built upon industry-leading DDoS protection platforms, NTT Communications’ global Tier 1 IP network and 24×7 expert monitoring services, our DDoS Protection Service allows for fast and effective actions to minimize the impact of a DDoS attack when compared to networks which do not have such a service in place, which can effectively be crippled for days or even weeks.

This is just one of the many new measures we have taken to improve our infrastructure since acquiring Loud n Clear last year and  with these new measures we are now in a better position to handle any future DDOS attacks.

== update 10:26 26/11/2014
Having blocked most of the attacks throughout the night we managed to remove it from most of the network but the attack is still ongoing on two IPs 62.197.38.70 and 62.197.38.199 – the shared hosting IPs. Both of these IPs are blackholed at the moment as the DDOS team is struggling to scrub the traffic successfully due to the complexity of this attack. Everything else apart from the above two IPs should be performing as expected but service may be slightly slower due to the work on the routers and switches. Our senior network engineer is still working with the DDOS team to customize the filters/rules to block the last of the attack and we hope to update you soon to say its been completed.

== update 13:21 26/11/2014
We have now scrubbed all the offending traffic and service has resumed to normal levels. If you are still experiencing any issues please contact us via the helpdesk (www.myhostsupport.com) with the exact website and issue you are having. We have identified a number of compromised websites on the shared servers and at this stage it is not clear if it is connected to the last 24 hours of activity. You should expect services have resumed to normal speed now that work has been completed.

Customers advised to change passwords and scan websites for malware due to increased hacker activity

Over recent weeks we have noticed a huge increase in hacking attempts against our servers originating mostly from China. You may not be aware or have noticed that in recent years the majority of hacking attempts and surveillance queries are coming from IP addresses originating in China. Chinese hackers are becoming the most common and pervasive pests as evidenced by the US government’s Titan Rain investigation covered in this article in Computerworld. More recently, Google has expressed serious concerns about hacking attempts originating from China.

Unfortunately the government in China does nothing to stop or even discourage hackers or their  illegal activities. As such, we must protect ourselves from the Chinese hackers and content thieves. We have therefore now made the decision to implement a number of IP block lists which will actively block large amounts of traffic originating from IP addresses in countries which are known for most of the hacking activity. This includes China, Korea, Nigeria, Russia and parts of south America.

As a result of this increased hacker activity there has also been an increase in the number of customers websites and email that have been compromised, largely due to their having weak passwords which have been easily hacked through basic brute force dictionary or rainbow table attacks or through vulnerabilities in their website itself.
Through our investigations we have discovered that a large number of customers have files within their websites which are allowing attackers to upload malicious code and scripts. This includes outdated and insecure CMS systems with vulnerabilities and WYSIWYG editors such FCKEditor which contain known vulnerabilities in older versions, as well as other insecure upload and file managers or insecure copie sof ColdFusion CFIDE folders, and even test files which have been left on the server by developers.

We therefore strongly advise all customers to reset both their FTP and email passwords for themselves and also for fellow users/staff to do the same. A strong password should be a bare minimum of 12 characters or more, with upper case, lower case, numbers and special characters. You should always use a unique password for every service and website, *** DO NOT USE THE SAME PASSWORD MORE THAN ONCE ***

Here are some useful tools to assist you.

  • Strong Password Generator – Use this handy tool to generate strong passwords.
  • LastPass - Remembering complex/strong passwords is hard if not impossible, but you don’t need to. LastPass An excellent tool for storing and managing all your passwords and other secure information in one place, so you only have to remember 1 password, your LastPass password, and LastPass does the rest, including generating your passwords for you.

We also strongly recommend that all customers also audit/scan  their website ASAP for any malware and if using any popular off the shelf CMS systems such as Mura, Joomla, Drupal, WordPress etc, to update to the latest version and to also subscribe to alerts for when these products are updated.
If you do not have the necessary skills to keep your website secure, then we recommend using SiteLock.

Don’t Lose Business From Hackers

SiteLock provides comprehensive website security for small businesses. SiteLock offers online businesses a smart, cost effective way to protect their business while increasing sales by over 10% through earning trust. SiteLock’s Trust Seal also provides customer confidence and has been proven to substantially increase sales and conversions, with 70% of web visitors looking for a verifiable 3rd-party certification before providing personal data.

Malware Detection
Quick diagnosis of any harmful infections
or malware on your business website.
On-Demand Expert Support
Team of experienced website surgeons to repair any injuries, infections and bugs.
Blacklist Monitoring
Daily health check of your website to keep
it off Google’s blacklist.
Vulnerability Identification
An X-ray of your website that discovers security holes, and virus injections.

CLICK HERE for details and pricing.

 

ENOM DNS issues

ENOM are currently having some DNS issues which is affecting any of our customers who use ENOM DNS servers. This includes customers who manage their DNS through our domain portal www.loudex.net which uses ENOM.

Sorry for the inconvenience, but this is somehting we have no control over.

more details can be found on ENOM’s twitter feed here

CryptoLocker Virus – What you need to know

With Christmas fast approaching, it’s the time of year that online scammers, spammers and hijackers send themselves into overdrive mode.

Christmas is such an important time of year for many of our businesses, especially those in e-commerce who need to deal with the festive spike, so hackers know it is a good time to strike.

One of the nastiest online threats around has sadly reared it’s ugly head again this year, and has affected some of our customers.

It is a particularly horrible piece of ransomware called Crypto Locker, which is infecting Windows computers around the world, and has been since September 2013.

It is delivered in email form, and tricks recipients into opening the email by pretending to be from a legitimate company. Those who download the zip file inside it unintentionally allow Crypto Locker to control their computers. Crypto Locker then holds your computer hostage and leaves you with one choice: pay a set amount of ransom money or lose everything on your hard drive.

Once the virus has taken hold, there is horribly little you can do, but we do have a couple of suggestions that could help.

Infected computers will display a warning notice (from the virus) that tells you not to “disconnect from the Internet or turn off your computer”. Funnily enough, this is exactly what you should do, as if the virus is still in the process of infecting your files, unplugging your computer may save some them.

Next, find out which files you have lost to assess the extent of the damage. Check whether you have backups of these, which could be in your ‘Windows System Restore’ files. Make sure there is nothing missing that you absolutely need and don’t have access to anywhere else. Hopefully you will find everything essential to you, as paying the ransom to get them back will only encourage more malware of this sort to be created.

If you do have a backup, you should wipe your computer of the virus by running your antivirus software, as virtually every version will get rid of Crypto Locker. Next you can restore your backup and sigh a huge sigh of relief.

If you do not have backups, and you have no other way of accessing important files, there is little you can do but pay the ransom.

There are however a number of copycat viruses around which show up asking for money even though your computer isn’t infected. So if you do think your computer may be infected, ask an expert before paying anyone anything!

To prevent an attack, make sure you are careful with any email you receive and don’t open it if you can’t figure out who it is from or why they may be emailing you. Back up all of your personal and business files regularly, and run up to date anti-virus software regularly.

Be really careful with any email you receive, don’t download or open any attachments before being absolutely sure what they are.

If you are still unsure of your options, give us a call on 0845 468 2369 and we can discuss the virus, precautions you should take and anti-virus software. 

Retirement of BABCOM-POST SMTP relay servers

Back in 2012 we made an announcement about various changes to our services, including the discontinuation/retirement of our BABCOM-POST servers which are currently used for SMTP relay of bulk email and email from websites hosted on HELM servers.

The original announcement can be found HERE.

This change will now come into affect on the 1st Jan 2015 along with the EOL retirement of all the HELM servers, and it will no longer be possible to relay email through these servers after this date.

Customers currently using these servers to send mail will need to use an alternative method.

All email sent through our servers must comply with our ANTI-SPAM policy HERE. Any domains found to be sending mail in breach of this policy which results in our servers being blacklisted may be banned from sending any further email through our servers at our discretion.

The default method to send email will be as follows

  • By default all outgoing email will need to be sent through one of your existing pop3 accounts and will be subject to the standard mail limits.
    Details on the mail limits and quotas can be found HERE.
  • You will only be able to send email FROM a REAL email address hosted on our mail server. You will not be able to use FAKE from addresses or an email address that is not hosted on the same server, any emails trying to do this will be rejected.

This may require you to make minor changes to any code on your website that sends email and specify the smtp server, username and password.

 

Bulk email options

If you need to send large quantities of email that exceeds the quotas of your mailbox, such as newsletters or transaction emails, then we recommend the following options.

  • If you need to send 12,000 or less emails per month, and do not require any support or advanced features then please take a look at www.mandrill.com, which is FREE for up to 12,000 emails per month.
  • If you are looking for a fully supported service which includes bounce processing, reporting and mail/link tracking then please consider our SendGrid service which starts at £10 per month.

 

New Domain Names Launching!

We have just heard that 14 new domain extensions are entering new launch phases. Some will become available to the general public, whereas others will be available to pre-register for if you have the relevant Trademark.

Have a look at the launch dates and specifications of these great new TLD (top level domain) names below:

Wednesday, 5th November

 

Pre-registration and Sunrise for Trademark Holders

 .DEGREE, .GIVES and .WORLD

Priority Placement for Landrush

 .PHYSIO

Priority Placement for Early Access

 .GIFTS, .RESTAURANT and .SARL

General Availability

 .MARKET and .MORTGAGE

 

Wednesday, 12th November

Sunrise for Trademark Holders

.FORSALE

Priority Placement for Early Access

 .ENGINEER

General Availability

 .GIFTS, .RESTAURANT and .SARL

If you have any questions or would like more information, please email our sales team

Patch Tuesday – Your update on the updates

It was a very busy “Patch Tuesday” as far as we can tell with major releases from all the tech giants including Microsoft, Apple and even Oracle who released security patches for Java earlier this week also. As always for our managed customers we don’t just jump in and start updating client systems we usually wait a few days so we can listen to the jungle drums of the Internet and wait to see if a groundswell of complaints materialises from overly eager IT managers who have broken something because the patch is, for want of a better word, flawed.

Microsoft

Finally for those running Windows, information about Microsoft’s security patches  for Patch Tuesday October 2014 can be found by clicking the link below but in short its quite a biggie for Windows 2003 SP2 (both X64 and X32 editions) with a number of critical issues particularly in IE

https://technet.microsoft.com/library/security/ms14-oct

Oracle

For more information on the Java update please read more here;

 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA

The main thing to note with this Java update is that they released two versions of Java 1.7. Version 1.7.0_71 contains only the security patches and 1.7.0_72 contains both the security patches and non critical/non security bug fixes. Larry’s men recommend upgrading to 1.7.0_71 unless you are experiencing one of the issues patched in 1.7.0_72.

Apple

Yesterday Apple also unleashed its new desktop operating system, Yosemite. Whilst never advertised as a security update the folks at Apple always ensure that OSX updates includes fixes for the most recently identified vulnerabilities. The OS was first announced at Apple’s developer’s conference last June, but became available as a free download Yesterday after apples main event in Cupertino, Calif.

To find out more, see what Apple has to say about their latest release here http://www.apple.com/uk/osx/

 

POODLE

You may have read about “poodle” (CVE-2014-3566) vulnerability in an earlier post but for those who didn’t it was very big news. In short, it’s an architectural bug in the SSLv3 protocol that means it cannot be patched or fixed you just need to use a better security protocol. Security boffins are recommending that you disable SSLv3 support on your servers and clients as soon as possible to avoid leaving the door open.

 

ACTION: Disable SSLv3 on your servers to be safe.

The impact of disabling SSLv3 on your web server means that clients that don’t support the TLSv1 protocol will not be able to connect over HTTPS (IE6 on Windows XP). You should also consider any crawlers, bots or API traffic coming from other servers that may be using an older HTTPS client.

More on poodle:
http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://poodle.io/
http://nginx.com/blog/nginx-poodle-ssl/
https://blog.cloudflare.com/sslv3-support-disabled-by-default-due-to-vulnerability/
https://access.redhat.com/articles/1232123

 

Staying ahead of the bad guys

There are things you can do to check for vulnerabilities in your server configuration like add HackMyCF to your subscription from as little as £5 per month. The newly updated HackMyCF JVM scanner will raise an issue if your server has not been updated and will warn you if your web server accepts SSLv3 connections.