Author Archives: AndrewT

Server Upgrades Coming Soon!

As many of you know, we like to freshen up our servers from time to time. While some hosts will leave older hosting accounts on legacy hardware until it is nearly failing, we prefer to keep all clients on the latest iteration of our server hardware. This provides consistency across our fleet of servers and gives our clients the best possible experience. Dealing with old, failing hardware is just as a problematic for us as it is for our clients so we do our best to avoid these situations.

The new servers will have faster hardware across the board from the CPUs to RAM and SSDs. Some software updates will occur as well, starting with the OS as CloudLinux 7 will now be the default for all of our hosting servers. Currently, some of our systems are running CloudLinux 6 with their hybrid kernel. We will also be deploying MariaDB 10.3 on all servers (versus 10.1 currently). I know a few of you have been eagerly awaiting the Recursive CTE and Window Function support. Lastly, we’ll also be adding support for CloudLinux’s Node.js selector once all of the upgrades and migrations have settled down.

We expect to begin these server migrations towards the middle of June, with the first batch of notifications going out here very soon. All migrations will be completed by the end of July. You can expect to receive a ticket notification approximately two weeks before your server’s scheduled migration. There will be no downtime during this process and no changes should be necessary on your end as long as you’re using our DNS. If you have any questions meanwhile, please feel free to submit a ticket and we’ll gladly assist in any way that we can.

Behind the Scenes: Server Status, Monitoring & Website Refresh

Over the past few months we’ve been setting up and fine tuning a new in-house monitoring solution. This new system is now live and allows us to better monitor all aspects of our hosting services. As part of this, we’ve added a live status page to our website at status.dathorn.com. This page queries our monitoring system every minute to display the most accurate information and is a great first resource if you believe there are any issues. Rest assured that we will have already been alerted of any problems reported there.

Also, as you may have noticed by now, we just completed a minor refresh of our website. It now offers a greatly improved experience for mobile and high resolution devices. Over the next few months we plan to extend this to our portal as well so stay tuned!

PHP 7.3 Now Available!

PHP 7.3 was released early this month and is now available on all of our servers! As with prior versions, you can easily change the PHP version per cPanel account via the “Select PHP Version” option in cPanel.

PHP 7.3.0 comes with numerous improvements and new features such as:

The migration guide is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes. For 3rd party applications, it’s best to confirm that they support PHP 7.3 before making the switch. However, if you run into any issues you can quickly and easily revert back to your prior version.

Python & Ruby Selectors Now Available!

We’re excited to announce that we now support Python and Ruby applications across all of our hosting platforms! These have been popular feature requests and we’re happy to be able to announce their availability. These capabilities are made possible by CloudLinux’s Python & Ruby Selector as well as LiteSpeed’s mod_passenger support. Similar to the PHP Selector, Python and Ruby applications can be deployed directly via cPanel under the Software section as seen below.

If you select “Setup Python App”, you’ll be prompted to select your desired Python version, the app’s directory, and the app’s web address (URI). Currently, Python versions 2.7, 3.3, 3.4, 3.5, 3.6 and 3.7 are available. Continue reading

Forcing HTTPS Connectivity

Once you have an SSL certificate installed, it is good standard practice to make sure that all requests on your website use HTTPS. Our last post concerning mixed content covered one aspect of this. One other important element, which we’ll discuss here, is to force HTTP requests to use HTTPS instead. This way, if someone tries to visit your site via http://domain.com the request will be redirected to https://domain.com.

There are many different ways to accomplish this but if you’re using something like WordPress, for example, you might want to see if the functionality is built-in or if a plugin is available that could make this process easier. In this case, the Really Simple SSL plugin for WordPress is a great option and can even correct mixed content issues automatically.

Another common but easy way to handle this is by adding a simple mod_rewrite rule to your site’s .htaccess file. There are a lot of perfectly valid variations of these rules to get the desired result. A good generic option is:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Continue reading

HTTPS & Mixed Content

With Chrome now labeling sites accessed via regular HTTP as “Not Secure”, SSL/TLS support is becoming even more common. However, simply installing an SSL certificate doesn’t necessarily result in your site showing up as “Secure” (Chrome) or with a green padlock (Firefox). Instead, you might see the following in the Firefox URL bar:

And in Chrome you might see this in the security overview (Menu -> More Tools -> Developer Tools -> Security):

Although not immediately clear from the Firefox URL bar, you can see from Chrome that the issue is with mixed content being loaded. This means that although the page was accessed via HTTPS, regular HTTP content is being loaded within it. For this example, the page in question has the following code in it:

<img src="http://demo.dathorn.com/logo.png">

Continue reading

cPanel 72 – Git Version Control & New In-Browser Terminal

cPanel version 72, which we deployed to all servers about a week ago, has a couple of new features that I wanted to quickly highlight. The first of these adds the ability to setup Git repositories via Files -> Git Version Control in cPanel as seen below.

When creating a repository, you have the option to clone an existing one if desired. Once it has been created you’ll be provided with the SSH URL to access it. SSH (Shell) access will need to be enabled on the cPanel account and you’ll have to use the cPanel username and password to login.

On the topic of SSH access, a new in-browser terminal is also now available from directly within cPanel. This can be found under Advanced -> Terminal. We just activated this feature on our servers today due to a cPanel update now correctly launching these connections within CageFS. While I wouldn’t let it replace a desktop client for regular SSH access, it is certainly convenient to use on occasion since it is quickly accessible without having to do anything other than login to cPanel. SSH (Shell) access does have to be enabled on the cPanel account for the Terminal link to show up.

We hope you’re able to put these new features to good use and look forward to sharing more with you as further updates become available. Please don’t hesitate to submit a support ticket if we can be of any assistance with these features.

Behind the Scenes: cPanel 70, cPanel 72 & Mobile Portal

It has been a little while since our last behind the scenes update so I wanted to take a quick moment to share a few things.

Last week, we completed deployment of cPanel 70 to all of our servers. While there weren’t a lot of visible changes in this version, you may have noticed the new “Email Accounts” interface in cPanel.

To start, you’ll see the interface is now broken down into four different tabs that allow you to add email accounts, view / modify them, manage the default account, and manage other configuration settings. This page will default to the list view of email accounts where you’ll now see the “Access Webmail” link more prominently. You can now also select the “Manage Suspension” option to suspend or hold outgoing email for a single email account. Continue reading

Upgraded Hosting Plans

We’re very excited to announce that on Monday, June 4th, we upgraded all of our hosting plans once again. All plans now include 50% more disk space and bandwidth than before, which can be seen on our website. This change applies to both new and existing clients free of charge. The additional resources are available for you to allocate via your WHM account effective immediately.

No compromises have been made to offer these additional resources. Our network connectivity continues to be of the same high quality and all data remains on pure SSD RAID 10 arrays. We hope that you’re able to use these additional resources to better serve your own clients and continue growing!

Critical Drupal Updates

Although these Drupal vulnerabilities were posted to our script security forum, which we recommend you subscribe to, we wanted to give this situation as much visibility as possible. Over the past month there have been two critical Drupal updates released. Both of these address a remote code execution vulnerability, which is at the very top of the scale as far as severity is concerned. The most recent update was just released yesterday (April 25th) and further details on it can be found here. You need to make sure that your Drupal is updated to either version 7.59 or 8.5.3. Drupal 6 hasn’t been officially supported for more than 2 years and should be updated to at least 7.x.

The first vulnerability has been heavily targeted by bots for over a week now. We do have web application firewall (WAF) rules in place to defend against this but the WAF shouldn’t be considered a long term solution. The best option is always to update your scripts as soon as possible. Failure to do so may result in a complete compromise of the cPanel account in question. We’re still evaluating this latest vulnerability for inclusion in our WAF rules.

If you have any questions or run into any issues please drop us a ticket via our portal.