Author Archives: AndrewT

SpamTitan Status Update & Free Trial

It has been almost a year since our last SpamTitan status update and since then the number of emails that our SpamTitan cluster has processed has nearly doubled. To date our cluster has now examined over 135 million emails as can be seen from the chart below.

The overall percentage of clean messages has dropped from 36.8% to 35.7%. This indicates an even greater percentage of change over the past 11 months since these percentages take into account all of the messages that have been filtered to date.

If you compare this latest graph to the one prior you’ll also notice a reduction in RBL rejections. This is just a symptom of the messages being tagged as spam earlier in the filtering process because you can also see an increase in other front line rejections (SPF, HELO verification, greylisting, etc.). Messages filtered out at this stage would never get to the RBL rejection stage. Continue reading →

cPanel 11.48 & Paper Lantern

Last week cPanel 11.48 made its way to the stable release tier and after some internal testing here all of our servers were updated with this new version. This new version brings some cPanel related changes including a nice new Paper Lantern theme for webmail. While the cPanel changes may seem relatively minor they will prove to be very useful for many of you.

In the past, the maximum email account quota that you could set was 2GB. If you wanted to set a higher limit the only option was to use “unlimited” which isn’t ideal. With this update, you can now configure email account quotas up to 4TB in size on our servers. Below you can see a 4GB test account we created that wasn’t previously possible.

Important additions have also been made to the cPanel user contact preferences. cPanel users are now able to receive notifications whenever their contact email or account’s password changes. This provides some peace of mind knowing that you will be alerted if these are ever changed. Continue reading →

Adobe Flash & GHOST: Critical glibc Vulnerability

Lately it seems there has been no shortage of critical vulnerabilities being discovered in commonly used software. In the past couple of weeks alone, Adobe has had to release patched versions of Flash to address a trio of publicized zero day vulnerabilities. While as a host that doesn’t really impact us directly, it should be a top priority for anyone browsing the web. The vast majority of end-user computer infections come from malicious content taking advantage of such vulnerabilities. These can often lead to your login information being compromised which certainly does become an issue for us. As always, please be sure you’re staying up-to-date with these Flash patches as well as those for your operating system, web browser, Java, etc. Continue reading →

Happy New Year!

We wanted to quickly wish everyone a very happy and prosperous new year! 2014 was a busy year for us as we deployed a new SpamTitan node, migrated all of our off-site servers, deployed a redundant VPN server, and defended against Heartbleed, Shellshock, POODLE, and a critical Drupal vulnerability. maxresdefault

We expect to be just as busy during 2015 as we continue to further enhance our services to better serve our clients. One of the big things we are in the process of planning is the migration of all hosting servers to brand new hardware. Despite the fact that our servers are still very capable and able to handle anything we throw at them, we like to do a full hardware refresh every few years. This helps us make sure your hosting performs flawlessly and likewise helps us avoid hardware failure rates that inevitably increase as time goes on. Stay tuned for another exciting year here at Dathorn!

Behind the Scenes: POODLE SSLv3 & Network Speedtest

As you may have heard, in October a new vulnerability was disclosed in SSL version 3 that was dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption). This allowed an attacker to read SSLv3 encrypted data via a man-in-the-middle attack. It has long been standard to disable SSLv2 and as a result of this new disclosure many providers, including us, have opted to disable SSLv3 as well. Disabling SSLv3 was really long overdue anyways and only used for legacy support of older operating systems that have long reached their end of life, such as initial releases of Windows XP. Any recent OS or software will instead use a version of TLS to connect which is now the only option that our servers permit. Aside from a couple of very minor cipher issues which were quickly remedied, we’ve experienced no problems with the deployment of these changes back in October. Ultimately this is just another small part that shows our ongoing commitment to security here at Dathorn, where keeping your data safe and secure is a priority.

In other unrelated news, we have added network performance testing information to our network page. We frequently receive requests for information on how to test our network connectivity from a client’s location. To help make this process easier we’ve added this information directly to our website and have even setup a speedtest there. The image above shows some sample results from my own cable connection at home. Does anyone with Google fiber want to show off a bit?

Drupal SQL Injection Vulnerability – CVE-2014-3704

On October 15th a very serious SQL injection vulnerability was discovered in Drupal that exists in all 7.x versions prior to 7.32. The severity of this vulnerability led to quick exploitation of it within approximately 7 hours of it having been publicized. Fortunately the provided patch to address this issue was quite simple and easy to apply. In fact, the patch only changed one line of code in the includes/database/database.inc file. Because of this we opted to go ahead and pro-actively apply the patch to all installations of Drupal 7.x on our servers. In less than an hour we had protected all of our clients’ Drupal installations from being exploited by this vulnerability. Beyond that it helped to protect our servers from attackers that were exploiting this vulnerability to run other malicious scripts. Affected clients should still upgrade their Drupal to the latest version as soon as possible.

Overall we were very pleased that this was so easily addressed on our end and we will certainly look into options like this going forward as new vulnerabilities in popular scripts are discovered. This incident shows how important it is for you to stay on top of script, plugin, and theme updates. Within a mere 7 hours of publicizing this vulnerability, it was being actively exploited. We highly recommend that you sign up for security related mailing lists for the scripts that you are using if they are available. This will give you the best chance at protecting yourself when (not if) a vulnerability like this comes to light.

Behind the Scenes: Shellshock & PHP 5.4

Here’s another quick update on what’s been going on here behind the scenes at Dathorn. As you may have heard, critical bugs were discovered in the popular Linux shell, bash. This event, dubbed “Shellshock”, started to publicly unfold about two weeks ago.

The details of these vulnerabilities can be a bit difficult to follow given the number of different patches that were posted. It even required a few quick, consecutive updates from some Linux distributions just to get it right. It seemed like each time a new patch was released someone else was able to poke holes in it, finding new methods to exploit and turning bash into a bit of swiss cheese. Continue reading →

The Importance of Redundant DNS

In a nutshell, the Domain Name System (DNS) acts as a phone book that allows you to easily find the IP address that is associated with a particular domain. For example, it is much easier to remember “example.com” than it is “93.184.216.119” (IPv4) or even “2606:2800:220:6d:26bf:1447:1097:aa7” (IPv6). This is critical functionality that every internet user depends on, often without even realizing it. DNS is likewise a critical part of any hosting provider’s services. It does little good if your web servers and email servers are online if your DNS servers are not. Your domain will not be functional.

It is for this reason that we provide a geographically redundant DNS cluster for all of our clients to use. In the past it was common for all of a domain’s services (web, email, etc.) to be hosted on a single server. As such, it didn’t matter too much if the DNS was also hosted on this same single server because it was largely a case of it all being online or not. Today, though, it is very common for users to host their websites, email, and other services in different places. The most common, of course, is hosting email off site with Google (Gmail) or another such provider. If you’re using a hosting provider that hosts DNS on the same server as your website, then you will lose all services if your website goes down since the DNS will not function. This is why it is important to host DNS separately and redundantly such that an outage like this does not occur. This prevents a website outage from turning into a complete domain outage. Continue reading →

Behind the Scenes: Switches, VPN & RDP

As a continuation of our “Behind the Scenes” blog series I wanted to highlight some maintenance that we’ve completed over the past two weeks.

For starters, we’ve gone through all of our switches and have applied firmware updates as necessary. For the most part these were relatively minor but some did address potential denial of service vulnerabilities. Overall this helps us to avoid problems in the future and keeping up with new updates is generally a good idea anyways. These updates went off without a hitch thanks to our ability to first test them on equivalent spares that we keep on hand. Hardware failing in some form or another is simply a fact of life and we plan for this by building in redundancy and keeping spares on hand. We make sure to have full configuration backups for all of our switches should they need to be restored. On key switches the spares are even pre-loaded with the current configuration and powered on in-cabinet such that only swapping of network cabling would be necessary to recover from a failure. As great timing would have it, our data center also performed similar maintenance this morning on their networking equipment per our scheduled network maintenance announcement. This was likewise completed without issue. Continue reading →

Behind the Scenes: Off-site Service Migrations

There’s a lot that goes on behind the scenes here to continuously improve our services so we thought it would be fun to share some of this hard work with our clients and make a new blog series of it. From time to time we will be posting what we’ve been working on here at Dathorn as we continue to strive for perfection!

As many of you know, the majority of our infrastructure and all of our hosting servers are located in Dallas, Texas. It is a great location that we’ve enjoyed through various providers for a number of years. We do, however, have a few services that are strategically placed off-site for redundancy and the convenience of our clients.

If you’ve been in the hosting business long enough, whether it be shared hosting, a dedicated server, or even colocation, you’ve likely been unfortunate enough to experience an outage of some sort. We understand that there is nothing more frustrating than coupling an outage with the inability to contact your provider because now their website, phone system, etc. is down as well. Most can be very understanding when it comes to outages but when you’re unable to even reach your provider to get an update or confirm that they’re working on the problem the situation can quickly become very stressful. Continue reading →