It has been a little while since our last “Behind the Scenes” post so here’s another quick update of what’s been happening here at Dathorn. First, we are very happy to announce that we’ve completed the upgrade and migration of all of our hosting servers. Every single client is now on a server utilizing our latest hardware and software packages. This includes items like MariaDB, PHP Selector and, of course, pure SSD RAID 10 storage. The only mechanical drives that we’re using now are solely for backup storage and eventually these will be phased out as SSD capacity continues to grow.
Since all of our servers are now utilizing CloudLinux’s PHP Selector, we no longer have to perform scripted rebuilds of PHP and related dependencies as they are updated. As such, we will no longer be announcing these minor updates on our forums since they really don’t have any impact for our clients to be concerned about. You can always keep an eye on “Alt-PHP” updates on the CloudLinux blog if these items interest you.
Earlier this month we completed the deployment of cPanel version 58 across all of our servers. Most visible among the updates would be the changes made to Paper Lantern which you may have already noticed. There were, however, a number of system changes that aren’t so visible. One that you should be aware of is that the “Trash” folder on email accounts is now included in the email account’s disk usage. Believe it or not, this wasn’t the case before and it just didn’t make much sense. This often created confusion because email accounts would be reported as using far less disk space than they actually were. While this doesn’t change the cPanel account’s disk usage at all, it does allow email disk usage to be more accurately reported and managed, which is long overdue.
Going forward through October, we do still have some internal services that we need to migrate to new servers, such as our primary name server (ns1) and some backup servers. This is necessary as we approach the end of life for RHEL 5 / CentOS 5. We’ll be taking this opportunity to replace some older Adaptec RAID controllers with newer LSI ones as well. This maintenance won’t have any impact on clients but I did want to provide some insight on what we have planned here. That’s all for now, we hope you’re enjoying the cooler Fall weather as we are!
The Paper Lantern cPanel theme has been around for quite a while now and the biggest complaint that we and our clients have had with it is that the account’s usage details aren’t immediately visible upon logging in as seen below.
Important usage details can easily be overlooked since it’s no longer the first thing that you see. You have to select the “Statistics” or “Dashboard” tab to view any of this information. Often times clients login only for the purpose of viewing this information, thus adding unnecessary steps. Some clients opted to switch to the “Retro” Paper Lantern style to address this.
Finally, in cPanel 58, the developers have addressed this by reverting to the prior statistics bar view, similar to what was present in the old X3 theme. The only real difference is that this information is now displayed along the right side instead of the left. Continue reading
As we get close to completing all of our server upgrades, I wanted to go ahead and quickly highlight a feature that is available on the new servers. We’ve permitted clients to change the version of PHP that their site uses for many years now but this has always required a modification to the domain’s .htaccess file. Although this wasn’t particularly difficult, it has been simplified even further with the inclusion of PHP Selector. PHP Selector is a CloudLinux component that sits on top of CageFS and allows each cPanel user to select their desired PHP version.
Once you’ve logged into cPanel you’ll find the “Select PHP Version” option under the “Software” menu group as shown below.
As you may have heard, the full database from LinkedIn’s 2012 compromise was posted last month, resulting in more than 150 million additional user logins having been publicized. In light of all these login credentials being leaked from LinkedIn and other services, I wanted to (again) remind everyone of the importance of maintaining secure passwords and also provide some good general guidelines to follow.
Never re-use passwords for any reason. Every login that you setup must use an entirely unique password otherwise a compromise of one service compromises your logins for other services. This is becoming more of an issue as these incidents continue to occur. The last thing you want is for an online community compromise to result in the compromise of your email or bank logins.
Do not share your login information with others if it can be avoided. Doing so increases the risk of a compromise significantly since you have no control over how or where that login might be used. If you must provide your login information to a 3rd party you should set a temporary password and then reset it once the 3rd party no longer needs access. Continue reading
We have successfully completed the migration of all clients from our old billing system (Ubersmith) to our new one that is integrated within our existing portal. For some of you, tomorrow will be the first time you’ll experience the new system when your service renews. We would love to hear any feedback you might have!
Being able to integrate our billing into our existing support mechanisms has been a tremendous help in simplifying processes both for us and our clients. We look forward to growing the available feature set going forward, including the ability for you to manage hosting plan changes without our intervention.
Earlier this month you may have heard of a new vulnerability in ImageMagick named “ImageTragick“. ImageMagick is a software suite used to create or edit many different types of images. One of the most common use cases involves their “convert” utility which is used to convert images from one type to another and resize them. cPanel, for instance, uses it as do a number of image gallery related scripts, shopping carts, etc. Because of this, the potential impact of ImageTragick was quite high.
Although it is fairly trivial to create a policy file or simply update ImageMagick to address the issues, care had to be taken to make sure all instances of ImageMagick were addressed. In many cases, our servers had two or three different versions of ImageMagick that needed to be taken care of. It’s not uncommon for it to be installed on the server as a general package in addition to the versions that both cPanel and CloudLinux provide. As always, you can rest assured that we’ve taken all possible steps to address these new attack vectors and will continue to monitor for further issues going forward.
The cPanel development cycle is constantly bringing us new features and changes that are often only visible to server administrators. Over the next couple of versions, though, there will be a couple of new features that you should be aware of as an end user. cPanel 56 was just pushed to the “Release” tier so in a few weeks it should be pushed to the “Stable” tier and shortly thereafter installed on all of our servers. Version 56 will include a utility for automating the process of converting an addon domain to its own cPanel account.
The Sender Policy Framework (SPF) is a great tool to help validate email senders and detect email spoofing. We recommend that all domains have a proper SPF record configured for this reason. However, SPF has long caused problems with forwarders and this is now no longer an issue. As of cPanel 54, which was installed on all servers earlier this month, Sender Rewriting Scheme (SRS) is fully supported out of the box. Previously some forwarded emails would get rejected by the destination mail server due to the SPF check failing. SRS now automatically rewrites the envelope sender such that forwarded emails will still pass SPF checks. You don’t need to do anything to activate SRS, it was enabled on all servers on March 9th.
Last week another batch of clients was migrated to our new billing system that is built-in to our existing portal. The response has been overwhelmingly positive as it eliminates a lot of unnecessary confusion with having a separate billing system. We hope to have all of our clients migrated within the next month or two and appreciate any feedback you might have.
Lastly, we will be resuming our server upgrades in the upcoming month (April). These took a backseat while we finished up our billing system and continued evaluating the servers that had already been upgraded. Thus far we are very pleased with these upgrades and, like you, we can’t wait to have everything migrated to pure SSD environments. You’ll receive a notification when your server is scheduled to be upgraded if it hasn’t been already. We expect to have all remaining servers upgraded by the end of August.
Over the next few months we will be migrating all clients to our new billing system that is now built-in to our existing portal. This will eliminate the need for you to login to a separate billing system to view invoices, update your credit card information, etc. All of this will now be easily accessible from within our portal.
You will receive an email and ticket notification with further details once your account has been migrated. The first batch of migrations were completed yesterday and another batch will go out around the 21st of each month until every client has been migrated. We expect this to take approximately 4 months in total.
As part of this migration there are two important items to take note of:
- Your credit card information will need to be re-entered. Your card information is currently, and will continue to be, stored in a very secure manner that cannot be retrieved. As such, it cannot be migrated automatically and you’ll need to login to our portal to re-enter it once you receive a migration notification.
- Texas residents will now pay sales tax as required. For the past several years we’ve been paying this out-of-pocket because our old billing system couldn’t properly accommodate this.
We greatly appreciate your cooperation and apologize for any inconvenience during this process. Ultimately this will be a vast improvement over our old, separate billing system. If you have any questions or concerns about this migration please submit a ticket via our portal and we’ll be happy to address them. We just wanted to post this quick update so that you would not be caught off guard or worried about phishing when the time comes for your account to be migrated.
As you may have noticed, cPanel has dropped the parent value from their displayed version number as of this latest release. For display purposes this means you will see the version change from “11.52” to “54”. This isn’t particularly important but worth taking note of going forward.
The biggest change with this new release is the deprecation of the X3 cPanel theme as we’ve posted about here previously. Paper Lantern is the replacement theme which has been a work in progress for the past couple of years and is a big jump forward. In preparation for the cPanel 54 upgrade reaching the “Stable” build tier and our servers being upgraded, we will be migrating all packages and accounts to Paper Lantern to prevent a “Retro” Paper Lantern style from being applied by default. If you feel that you must go back to the old style theme you can still revert to X3 for the time being or use the “Retro” Paper Lantern style. Please note that X3 will be removed as of version 58.
With cPanel 54 a new sidebar has been added to Paper Lantern as you can see from the two screenshots below.
Paper Lantern as of cPanel 11.52
Paper Lantern with new sidebar
On Monday, December 14th, Joomla 3.4.6 was released to address a critical remote code execution vulnerability (CVE-2015-8562) that exists in all prior versions from 1.5.0 through 3.4.5. Hotfixes are also available for the older, unsupported 1.5 and 2.5 branches. It is imperative that you update all Joomla instances immediately. This was a zero day vulnerability that was actively being exploited prior to it having been discovered and patched. As such, it is remotely possible that your Joomla was already compromised.
We posted this to our forums and in our portal on Monday to give our clients a heads up but given the critical nature of this we figured another post couldn’t hurt. At that time we also deployed mod_security rules which we believe to sufficiently protect all Joomla instances hosted by us unless you have specifically disabled mod_security on the domain, which is not the default or recommended. As always, though, it is still important that these latest patches be applied immediately in order to secure your Joomla instances.
If you have any questions or concerns please don’t hesitate to contact us and we hope everyone has a Merry Christmas!