This attack is highly organised, using over 90,000 IP addresses in an attempt to guess the
administrator password for WordPress sites.

We are aware of these efforts and are deploying a series of counter-measures to protect our
customers against this effort.

We do, however, encourage our customers to take steps to ensure their WordPress sites aren’t
compromised due to weak or insecure passwords.

The following are several ways customers can further protect their WordPress sites:

WordPress BulletProof Security Plugin

The WordPress BulletProof Security Plugin is a free, multi-purpose security tool for WordPress
intended to protect your WordPress site against a variety of security attacks.

This tool is installed like any other WordPress plugin and provides a number of tools customers can use to improve the security of their site.

If you are interested, you can find more details about the plugin at http://wordpress.org/extend/plugins/bulletproof-security/

WordPress Better WP Security Plugin

Another alternative plugin for WordPress, “Better wordpress security” provides extra features, and security measures which are widely used, and provides it in a single plugin which is easy to manage, and provides many methods for protection.

If you are interested, you can find more details about the plugin at http://wordpress.org/extend/plugins/better-wp-security/

Deny Access to your wp-login.php Page based on Country Code

Another method, which can assist, is by utilizing a rewrite which would deny access to your websites back-end unless the user is identified as being in Australia or New Zealand.

For anyone who runs a blog which is centralized around being logged into by Australian and New
Zealand users, this method would be a good start for security, as the attacks are generally originating from foreign networks.To deny access to IP addresses other than those from Australia and New Zealand add the following block of code in the /home/username/.htaccess file:

<FilesMatch “^wp-login.php$”>

<IfModule mod_geoip.c>

Note: replace “username” above with your cPanel username.

Password Protect Your wp-login.php Page

Another method, similar to above, is instead of blocking access based on a country, is assigning a password to your login pages.

There are two steps in accomplishing this. First you need to define a password in the .wpadmin file, and then you activate the security in the .htaccess file.

Step 1: Create the Password File

Create a file named .wpadmin and place it in your home directory, where visitors can’t access it.
(Please note there is a period preceding the wpadmin in that file name.) The following example is for cPanel. Plesk would require placing the file in/var/www/vhosts or /var/www/vhosts/domain.

EXAMPLE: /home/username/.wpadmin
(where “username” is the cPanel username for the account.)

Put the username and encrypted password inside the .wpadmin file, using the
formatusername:encryptedpassword
EXAMPLE: john:n5MfEoHOIQkKg

(where “john” is a username of your choice, and the password shown is encrypted.)
Generate Password File & Uploading Via File Manager or FTP
One way to do this is to generate the file using the website linked below, and then upload it to your
site via FTP or File Manager. In the directions below, we will use File Manager, but you could use FTP
instead, for those of you familiar with FTP.

1. Visit: http://www.htaccesstools.com/htpasswd-generator/
2. Use the form to create the username and password.
3. Login to cPanel in another window or tab.
4. Click on File Manager.
5. Select Home Directory.
6. Check Show Hidden Files (dotfiles) if not already checked.
7. Click on the Go button.8. Look for a .wpadmin file.
o If one exists, right click on it and select Code Edit to open the editor. Click on
the Edit button to edit the file.
o If one does not exist, click on New File at the top of the page, and specify the
name as .wpadmin (with the dot at the front) and click on the Create New
File button.
9. Paste the code provided from the website in step 2.
10. Click on the Save Changes button when complete.
11. You can Close the file when finished.

Step 2: Update the .htaccess File
All domains under the home directory will share the common .wpadmin file. (The command listed in
Option B above creates the /home/username/.wpadmin file due to the -c.)
The last step is to place the following code in the /home/username/.htaccess file:

ErrorDocument 401 “Unauthorized Access”

ErrorDocument 403 “Forbidden”

<FilesMatch “wp-login.php”>

AuthName “Authorised Users Only”

AuthType Basic

AuthUserFile /home/username/.wpadmin

require valid-user

</FilesMatch>

Note: in the above examples, you would of course replace “username” above with your
cPanel username.

Buy new not OLD

The most important thing when buying a server is to check the age of the server as many hosting companies are offering older style servers, and while these are OK for starting out they are no good for a production or high traffic website. Old servers have been used and the drives degraded, power supplies worked and all components heated and cooled many times. It’s always best to ensure that you ask for a NEW server from your supplier. Servers Australia only ever offer the newest and latest hardware and this means we can repair/replace any of the parts we have in production as we refresh our fleet every few years. Buying older hardware also means it may be harder to source the parts if and when the old server does stop running.

Data Charges

Getting a nasty surprise from your provider is never a good thing so make sure when buying a server you are given a nice data allowance and that you know the cost of excess data up front. As a guide in Australia you should never pay more than $1.10 per GB for excess data charges, as this is standard across the board and is also a reasonable rate. Buying data in bulk or in advance will generally save you 50% off on your data charges and is important to look out for.

Control Panel or Not

When buying a server, you need to decide if you want and need a control panel such as cPanel or Plesk, as there are many advantages and disadvantages to having a control panel. A control panel is a great resource for someone that has a few websites or owns a hosting/design company. Having a control panel is fantastic for customers and for customer management. It will also save a huge amount of admin time to allow you to focus on running your business. If you have a large scale site that is very busy or requires having servers in multiple locations with load balancing then you need to consider not using a control panel and just go for a standard LAMP setup. This will require a little bit more maintenance but it will give you advanced functionality, such as the load balancing and DRDB which is a distributed raid system.

Customer Support

You may run into some tough situations once in awhile, or need a server reboot to fix a locked server. That will require some assistance from your server provider. If you have a hard time getting in contact with the company providing your server, this is a sign that they do not provide very good customer support. As such, it’s best to choose a company that responds to your e-mail tickets promptly and is always there to help you with any problems. Solid customer service can be a lifesaver in a critical situation, so look for a company that offers a SLA for support response times and also a company that provides true 24/7 emergency support, because yes servers NEVER sleep and ALWAYS seem to break during the night! Servers Australia can manage either of the above, as we have qualified level 2 and 3 technicians that have years and years of experience in managing both control panel based servers and also LAMP servers. Remember we are here to ensure that you get the most out of your new server, so ensuring that the right people are in control of it may just save you the headaches during the busy times of your site.

Port speed

The speed of the port that your server is connected to is very important, as you want to be able to get the content from your server off the providers network as fast as possible. In this day and age a 1 Gbit port is generally recommended. This would allow multiple people to be all downloading a large file from your server at full speed. Most DSL connections in Australia are now around 20 mbits per second, so multiple DSL users would cause your server to be bottle necked by the port speed if you had a 10 mbit or 100mbit port. Always ensure that this is checked before committing to a server and it’s also good to do speed tests of the providers server before purchasing.

Disk Speed

When buying a server to be hosted, the speed and quality of the disks is the most important part of the server, as without fast functioning disks the server will come to a grinding halt since all information is read from the disks. View our SSD dedicated server page for more information on the performance difference between SSDs and HDDs.

Now, the standard port implemented for SMTP connections is Internet port 25. If you happen to be having trouble sending messages, chances are likely that your internet service provider is blocking this port. Hence, the reason why it’s recommended that you use an alternative SMTP.

Depending on your OS, here’s how to check whether or not your ISP is blocking port 25:

1. Check port 25 in Windows
Click on the Start menu button, which is located at the lower left corner of your screen. Look for the tab “Run” (Note that you can also press the Windows Key and the R key simultaneously to open the run prompt). Click on it and a new will pop up. In the text field of this window, type cmd then press the “Enter” key. Another window called the “MS-DOS prompt” or “command-prompt” will open. Type the following command in the command prompt window and press “Enter”:telnet my-domain-name.com 25

2. Check port 25 in Mac
A pre-installed terminal emulator is delivered for each Mac OS. Usually located under your Mac HD -> “Applications” directory -> Utilities sub-directory, the terminal is a tool which allows you to execute command from the command line. When the window opens, a command line with a flashing cursor on it will appear so you can immediately start typing. Type the following command in the command prompt window and press “Enter”:telnet my-domain-name.com 25

3. Check port 25 in Linux
In order to check the connection on port 25 to your website, open your favorite terminal emulator and execute the following command: telnet my-domain-name.com 25.

Hey Ryan, how are you going today?

Hey! I am going fine thank you.

As the newest member of Servers Australia, how are you liking working here?

I am loving working at SAU. There a great bunch of people and I get to learn about heaps of cool stuff.

What are your interests?

Well Computers of course. I also like Playing Acoustic Guitar, Listening to music, Fishing & Radio Scanning

Tell us more about the website you run.

I run a website called CentralCoastOnlineScanner.com which streams 2xaudio streams from two digital radio scanners and  a scanner that decode RFS Pagers as well.

What is your favourite thing about the job?

My Favourite thing about the job is that I get to play with new technology eg. Raspberry Pi’s & Different Server Technology.

Thanks for sitting down and having this chat, I’ll let you get back to it.It’s been a pleasure, anytime.

Modern data centers are typically designed to deliver two different levels of service:  enterprise quality products designed around scalability, and commodity facilities designed to deliver immediate but not long term solutions. In fact, many data centers can become obsolete within ten years. Data Centers should therefore be designed with the future in mind. Will the facility be able to meet the needs of clients 15 years from now? Flexibility is key.

It’s All About Efficiency

Colocation providers for example, are always seeking to maintain a competitive advantage yet build out facilities with little thought to innovation. Currently, a lot of emphasis has been placed on cooling and energy efficiency. Facebook has been experimenting with immersion cooling, a process where a dedicated server is completely submerged in a conductive cooling liquid.

The Green grid – an international non-profit dedicated to modular data center design and efficiency, recommends data centers run UPS (uninterruptible power supply) in Eco mode, a process that will prevent energy loss in backup power systems. Immersion cooling and UPC Eco Mode are just two perfect examples of efforts being made towards energy efficiency within new data centers.

Servers that run cool require less power. Backup systems that prevent energy loss from occurring also conserve power. Utility costs are a huge factor for any existing facility. Old data centers are very power hungry and end up costing more money to operate. Which brings us to the idea of long-term scalability:

Scalability Is Important

Maintaining flexibility over the course of 15-yearlife cycle depends heavily upon a scalable infrastructure. This includes: rack-space, bandwidth (fiber optic cabling), power requirements and capacities to support server density. If a data center takes on large enterprise class customers they must take into account what their growth potential is; will they double in size and require more bandwidth, servers and power? The good news is, as server densities increase operational efficiencies improve as does the cost to house multiple servers per application.

Flexibility

The advent of cloud storage services has diversified the marketplace. Flexibility in the marketplace can bring in more business and foster longevity, even if enterprise customers outgrow a colocation or data center provider. Offering a variety of services, from the enterprise level to small business level, will give customers the options they need to support scalability. An energy efficient facility will allow for future innovation; cooling upgrades, power supply, redundancy systems as well as vertical scalability to maintain value in the long run. The Data Center industry is competitive and designing for future will ensure longevity in the marketplace.

About the author: James Mulvey is a technical writer and blog director for Colocation America, a dedicated server company specialising in colocation and related services.

The issue is almost impossible to locate, unless you are using IE8, or IE9, as in most cases, this is their intended targets.

In order to test the site, I utilised the “User Agent Switcher” located within Firefox / Chrome.

The problem came when the evasiveness of the module was found

The Module avoids detection by doing the following:

• -Rendering the iframe, and then adding the users IP to a blacklist for 15 – 30 minutes afterwards
• -Blacklisting any user which has logged into the server recently
• -Blacklisting the local user
• -Blacklisting any type of searchengine, and their IP’s.

 
A few methods of locating modules are included below

Check for unknown modules within /etc/httpd/modules

Generally, apache modules are added in the modules directory of httpd to begin with, and as you can see the two below modules are very out of place and were located with “dlEngine” strings within them.

root@ns1 [/etc/httpd/modules]# ls -lah

-rwxr-xr-x.  1 root root  43K Jul  3  2012 mod_view_version.so

Unfortunately, after removing these two modules, it wasn’t all which was required, and further investigation had to be continued with.

Output Apache Modules list

root@ns1 [/etc/httpd/conf/includes]# httpd -t -D DUMP_MODULES > /root/mods2

It’s generally good to get a configuration from a different server running a similar environment, to see what is loaded.

For example, see below

root@ns1 [/etc/httpd]# diff /root/mods1 /root/mods2

>  passenger_module (shared)

Apon investigating the /etc/httpd/conf/includes, a matching include for pool_mime_module was located within /lib64

root@ns1 [/lib64]# grep pool_mime -i *

lrwxrwxrwx. 1 root root 15 Jan 15 03:47 mod_pool_mime.so -> libpcproas.so.1

 
This blog post is related to http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/
 

Prior to this, it was only possible to have an SSL Secured Web site if it was bound to one particular IP address. This means, that before SNI (Server Name Indication) , if for example, you only had two IP addresses, you only had the ability to have two SSL Secured Websites.

On two IP addresses you can have as many regular HTTP sites assigned to either IP, however only two SSL Secured sites.

What made this even more frustrating is that if www.example1.com and www.example2.com were on the same IP and example1.com had an HTTPS site as well, going to https://www.example2.com/ would, in fact, take you to the equivalent of visiting https://www.example1.com/.

This meant that most people who wanted an SSL Secured Website had to restrict one site (both HTTP and HTTPS variants) to a single IP address to avoid this type of confusion.

With Apache 2.2.12 and support for the SNI extension to the SSL protocol, this has changed completely.

Now you can configure name-based SSL Encrypted sites, just as you can configure name-based HTTP sites.

The bottom line is that the five IPs that you needed today to run five SSL sites can be reduced to one IP if you meet the below requirements (provided, of course, you use the newer Apache).

There are some requirements, however:

The server must use Apache 2.2.12 or higher, and have mod_ssl installed.
It must also use OpenSSL 0.9.8f or later and must be built with the TLS extensions option.
And Apache must be built against this version of OpenSSL as it will enable SNI support if it detects the right version of OpenSSL — the version of OpenSSL that includes TLS extension support.
Not every browser yet supports SNI, but the most popular browsers do, and some have for quite a while. This includes Firefox 2.0 or later, Opera 8.0 or later, Internet Explorer 7.0 or later (unfortunately, only on Vista), Google Chrome, and Safari 3.2.1 (unfortunately only on OS X 10.5.6 or later).

Below, I have included a Basic implementation of two SSL vhosts, which could be bound to one IP using SNI.

NameVirtualHost *:443
SSLStrictSNIVHostCheck off

<VirtualHost *:443>
ServerAdmin adminemail@domain2.ext
DocumentRoot /var/www/html/domain2.ext
ServerName domain2.ext
ServerAlias www.domain2.ext
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
## SSL Certificate File
SSLCertificateFile /etc/httpd/ssl/domain2.ext.crt
## SSL Key File
SSLCertificateKeyFile /etc/httpd/ssl/domain2.ext.key
## SSL Certificate Authority File
SSLCACertificateFile /etc/httpd/ssl/domain2.ext.ca
</VirtualHost>

What the above does is enable Apache listening to port 443 and turns on listening for virtual host requests on all IPs.

The new keyword SSLStrictSNIVHostCheck is disabled, meaning we will not throw a 403 error if the client does not support SNI.

Instead, they will be redirected to the SSL site defined first (domain.ext in the example), so be sure to define your default site first.

The largest problem here is the client browser support, but that will come in time. The Apache requirements and configuration, by contrast, are very simple and straightforward.

1. Ensure you have network connectivity before continuing

2. Get all updates for the server

sudo apt-get update

sudo apt-get upgrade

3. Create the mount point for the CDROM

sudo mkdir -p /media/cdrom

4. Mount the ISO to the folder we created

sudo mount /dev/cdrom /media/cdrom

5. Change the Directory

cd /media/cdrom

6. Copy the tar file from your mounted CDROM/ISO to your /tmp directory

sudo cp VM*.tar.gz /tmp    (Sample Filename: VMwareTools-8.6.0-425873.tar.gz)

7. Install all these dependencies & build tools

sudo apt-get install linux-headers-server build-essential

8. Change the Directory

cd /tmp

9. Unmount the ISO we mounted earlier

sudo umount /media/cdrom

10. Expand the tar

sudo tar -zxvf VM*.tar.gz

11. Change Directory

cd vmware-tools-distrib

12. Create a special directory

sudo mkdir /usr/lib64

13. Run the Install Script

sudo ./vmware-install.pl

14. Reboot

sudo reboot

Defining Colocation

Managing company IT assets requires certain safeguards be put in place, be it physical or non-physical. Colocation is the physical option of placing your IT assets or infrastructure into a service provider’s data center. Colocation providers lease rack-space for servers and give clients many different options in regards to managing IT assets. Colocation is also a cost effective alternative to building an entire facility to maintain and managed company data. Companies may also expand while conserving company resources and capital. No need to worry about hiring an entire office of IT personnel.

The Benefits of Colocation

Companies who opt to “collocate” IT infrastructure can expect an annual ROI on their investment. Colocation companies employ an entire staff dedicated to maintaining, securing and improving the performance of which your confidential data is managed. This eliminates the need to construct and maintain your own data center.

More importantly, colocation services often have neutral relationships between other IP providers, worldwide. They will ensure your company network is online and optimized for fast and reliable service no matter what. Colocation facilities are redundantly backed up. Shall a natural disaster cause a power outage, the loss of data will be prevented. Benefits like these seem to give customers some much-needed peace of mind.

Is Colocation Right For Your Business?

The decision to collocate IT infrastructure is usually determined by two needs: The IT manager’s need to maintain control over IT assets, and of course, whether or not they have the capital to invest in additional IT hardware.

If companies are willing to give up some control over IT infrastructure, then colocation would be a good choice. It is important to note, that colocation still allows for flexible solutions in regards to how your data is looked after. Managed hosting for example, provides companies with the necessary hardware, tools and support needed to monitor your data 24/7.

Larger companies with the money to spend will often invest in servers and house them within a colocation facility. This is especially true if they have the IT staff necessary to look after them. Although maintaining control of data is forever important, colocation stands to save your company money no matter what type of flexible solution you are after.

Closing Arguments

To sum it up, there are a few questions you need to ask: Is the service provider providing a scalable solution? Scalable data centers should be investing in all the latest technology with regards to cooling, rack-space configurations and flexible deployment of services. Doing so will help deliver a better ROI. Is your colocation provider reliable?

A reliable colocation provider will provide efficient cooling and power redundant fail-safes and should guarantee 100 percent uptime. Lastly, make sure the service provider maintains proper physical and virtual security. Data centers should be like a fortress. After all, safeguarding your companies IT assets is a full time job and most companies are in compliance with industry standards. Colocation should be a solution for IT companies and ultimately help them save money.

About the author: James Mulvey is a blog writer for Colocation America, a company dedicated to providing clients with reliable, flexible network solutions.

International Caps Lock Day is in fact a testament to the small mindedness of certain Western individuals: the majority of the world’s population writes in scripts which have no concept of letter casing. Therefore, it is advised to laugh at anyone who invokes this day as an excuse to dismiss local typographical conventions: they are simply making an ass out of themselves.

So what do we think about this, WELL IT’S ANOTHER REASON TO CELEBRATE. SO HAPPY INTERNATIONAL CAPS LOCK DAY, EVERYONE!

Dedicated Servers Specialists – About Us