Author Archives: AndrewT

Billing Migration

Over the next few months we will be migrating all clients to our new billing system that is now built-in to our existing portal. This will eliminate the need for you to login to a separate billing system to view invoices, update your credit card information, etc. All of this will now be easily accessible from within our portal.

You will receive an email and ticket notification with further details once your account has been migrated. The first batch of migrations were completed yesterday and another batch will go out around the 21st of each month until every client has been migrated. We expect this to take approximately 4 months in total.

As part of this migration there are two important items to take note of:

Your credit card information will need to be re-entered. Your card information is currently, and will continue to be, stored in a very secure manner that cannot be retrieved. As such, it cannot be migrated automatically and you’ll need to login to our portal to re-enter it once you receive a migration notification.
Texas residents will now pay sales tax as required. For the past several years we’ve been paying this out-of-pocket because our old billing system couldn’t properly accommodate this.

We greatly appreciate your cooperation and apologize for any inconvenience during this process. Ultimately this will be a vast improvement over our old, separate billing system. If you have any questions or concerns about this migration please submit a ticket via our portal and we’ll be happy to address them. We just wanted to post this quick update so that you would not be caught off guard or worried about phishing when the time comes for your account to be migrated.

cPanel 54: Farewell X3

As you may have noticed, cPanel has dropped the parent value from their displayed version number as of this latest release. For display purposes this means you will see the version change from “11.52” to “54”. This isn’t particularly important but worth taking note of going forward.

The biggest change with this new release is the deprecation of the X3 cPanel theme as we’ve posted about here previously. Paper Lantern is the replacement theme which has been a work in progress for the past couple of years and is a big jump forward. In preparation for the cPanel 54 upgrade reaching the “Stable” build tier and our servers being upgraded, we will be migrating all packages and accounts to Paper Lantern to prevent a “Retro” Paper Lantern style from being applied by default. If you feel that you must go back to the old style theme you can still revert to X3 for the time being or use the “Retro” Paper Lantern style. Please note that X3 will be removed as of version 58.

With cPanel 54 a new sidebar has been added to Paper Lantern as you can see from the two screenshots below.

Paper Lantern as of cPanel 11.52

Paper Lantern with new sidebar

Continue reading →

Critical Joomla Security Update

On Monday, December 14th, Joomla 3.4.6 was released to address a critical remote code execution vulnerability (CVE-2015-8562) that exists in all prior versions from 1.5.0 through 3.4.5. Hotfixes are also available for the older, unsupported 1.5 and 2.5 branches. It is imperative that you update all Joomla instances immediately. This was a zero day vulnerability that was actively being exploited prior to it having been discovered and patched. As such, it is remotely possible that your Joomla was already compromised.

We posted this to our forums and in our portal on Monday to give our clients a heads up but given the critical nature of this we figured another post couldn’t hurt. At that time we also deployed mod_security rules which we believe to sufficiently protect all Joomla instances hosted by us unless you have specifically disabled mod_security on the domain, which is not the default or recommended. As always, though, it is still important that these latest patches be applied immediately in order to secure your Joomla instances.

If you have any questions or concerns please don’t hesitate to contact us and we hope everyone has a Merry Christmas!

Script Security Updates

As the holiday shopping season has begun it is more important than ever for businesses to make sure their websites are secured against attackers. Staying on top of script updates (plugins and themes included) is one of the easiest and most vital parts of securing your website. We wanted to take a moment to cover a couple of serious updates that should receive special attention this holiday season.

A Joomla update (3.4.5) was released last month to address a critical remote and unauthenticated SQL injection vulnerability that is present in all 3.2+ versions. The severity of this cannot be stressed enough as it can allow attackers complete access to your account. We’ve had mod_security rules in place to block exploitation of this vulnerability since the day it was announced. To the best of our knowledge attackers have been unable to circumvent these rules but it is in your best interest to apply this update immediately if you have not done so already. If for some reason you’ve manually disabled mod_security on your website it remains fully exposed to this vulnerability if it hasn’t been patched and has likely already been compromised in some manner. For this reason we never recommend disabling mod_security. Further details concerning this update can be found here.

Last week a vulnerability in Zen Cart was also announced and has subsequently been patched. This is an arbitrary file inclusion vulnerability that again could allow attackers complete access to your account. Details and patches are available directly from Zen Cart here. Please note that public disclosure of this vulnerability is scheduled for December 16th but since a patch has already been released it wouldn’t take much for attackers to figure out how to exploit the vulnerability, if they haven’t already. All Zen Cart users should patch their instances immediately.

As always, we will continue to stay on top of these critical vulnerabilities and address them as possible or necessary. If you have any questions please feel free to submit a ticket via our client portal and we’ll gladly assist in any way that we can.

Coming Soon: Server Upgrades

With many hosts your account will remain on a particular server until it fails in some way or another. That’s not the way we do things here at Dathorn. We like to be proactive with upgrading or replacing our servers to help avoid failures that happen more frequently as hardware ages. This also gives us a great opportunity to deploy new configurations, operating system versions, etc. so that we can continue adding value to our services.

Over the next several months we will be going through this process once again. All of our existing shared and reseller hosting servers will be upgraded by means of migrating to a new server. You will receive a ticket notification via our client portal once your particular server has been scheduled. Aside from announcing this I wanted to quickly highlight some of the more important changes that will take place as a part of these migrations.

First up are the hardware changes and the most important of these concerns the local storage. Over the past 13 years we’ve gone from SATA storage to SAS drives to our current hybrid SSD / SATA arrays. Now we’re very excited to be migrating to pure SSD storage. All servers will be utilizing new 12Gbps LSI RAID controllers with a minimum of six 1TB SSDs in RAID 10. The performance that we’ve been able to get from these new systems is simply amazing. While other providers may charge extra for (or not even offer) such high speed storage, all of our clients are being upgraded to it free of charge.

Continue reading →

LiteSpeed Cache & WordPress

Our servers have been running the LiteSpeed Web Server for almost six years now and one of the lesser known but most powerful features of it is its caching. LiteSpeed cache is available on our servers although it is disabled on all domains by default. Enabling it globally just isn’t practical or wise because there is a lot of content that doesn’t need to be cached or shouldn’t ever be cached.

LiteSpeed cache can be used to cache your PHP scripts and thus speed up their load time significantly. This can be very beneficial if your site receives consistent traffic although even low traffic sites can see some benefits. The cache can be enabled and configured by means of some mod_rewrite rules in your .htaccess file. Below is a common example that can be used to cache WordPress:

<IfModule LiteSpeed> CacheEnable public / RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$ RewriteCond %{REQUEST_URI} !^(wp-admin|wp-login.php|wp-cron.php) RewriteRule .* - [E=Cache-Control:max-age=120] </IfModule>

Continue reading →

cPanel 11.50 Update

All of our servers have been running cPanel 11.50 for at least two weeks and I wanted to go ahead and give you all a quick update on this. The big thing that some resellers are seeing as a result of this upgrade is much slower load times of the “Create a New Account” page and saving package changes in WHM. This issue is related to a change in the way that bandwidth data is now stored that was supposed to provide “significant performance improvement and greater reliability.” Unfortunately we’ve seen quite the opposite thus far, especially for resellers that have many cPanel accounts.

We reported this issue to cPanel support on August 13th and are still working with them to get this sorted out. As of Friday they were able to duplicate the issue with certainty on their own test environment and thought they had a test build that would resolve it but no luck there. We’re hopeful they’ll have a working test build later this week. When this might actually get pushed out to the “Release” or “Stable” build tiers is unknown so a full fix may still be a few weeks off. Rest assured, though, there are no performance issues with our servers and this does not cause any harm. You just need to beware that these actions will take longer to complete until they’re able to provide a solution. Continue reading →

cPanel 11.50 Has Arrived

Some of you have undoubtedly noticed this already but cPanel 11.50 has finally arrived. We’ve been testing it for quite some time now and have waited to roll out updates across our servers until we were able to thoroughly test some of the new functionality and make sure that all remaining issues had been addressed. At this point we have updated all of our own servers and client dedicated servers. We hope to begin updating all shared and reseller hosting servers next week. The most obvious change that you’ll see right away is the design of the cPanel, WHM, and webmail login pages.

Along with the login pages you’ll also see a new look once logged into WHM and an updated header on the Paper Lantern cPanel theme. Going forward we will begin migrating accounts to the Paper Lantern cPanel theme as X3 is retired. If you make use of cPanel’s branding for the X3 theme you’ll want to take a look at the options available to you for Paper Lantern so that you are prepared for this change. Continue reading →

SpamTitan & SPF Records

As many of you know, we offer a paid business class spam filtering option called SpamTitan. You may not know, however, that whether or not you pay for inbound SpamTitan filtering all of your outbound email is still filtered by our SpamTitan cluster. If you aren’t familiar with our SpamTitan filtering you can learn more about it or signup for a free trial here.

We began filtering all outbound email through our SpamTitan cluster back in 2012 because we knew how important email delivery was to our clients. Since then we’ve experienced very few issues with our outbound mail IP addresses getting black listed or having a less than excellent reputation.

The vast majority of our outbound spam comes from forwarders that clients have setup to forward their domain’s email to their Gmail or other third party account. The filtering stops a lot of these spam messages from being forwarded and negatively impacting our IP reputation. Occasionally we do also see an email account’s login information having been compromised and used to send spam via SMTP and SpamTitan is able to stop most of these messages from ever leaving our network. Continue reading →

Security Update Roundup

There are many aspects to securing a website but one the easiest and most important things you can do is to stay on top of script updates as they become available. Our clients are generally pretty good about doing this but mistakes do happen. Attackers exploiting old, vulnerable scripts is by far the number one reason that we see sites being compromised. Cleaning a site once a compromise has already occurred can be a costly and time consuming process. Being proactive and keeping everything patched in a timely manner is far easier and significantly reduces the chance that your site will be compromised.

Popular scripts like WordPress have a very easy update process that can be run from within the administrative interface and be completed with just a couple of clicks. You can also configure your WordPress instances for automatic updates which can even take care of your plugins and themes as well. Another option is to configure Softaculous to automatically handle these for you. If you install a script using Softaculous this is very easy to do from their cPanel interface. Continue reading →