Category Archives: Behind the Scenes

Coming Soon: Server Upgrades

With many hosts your account will remain on a particular server until it fails in some way or another. That’s not the way we do things here at Dathorn. We like to be proactive with upgrading or replacing our servers to help avoid failures that happen more frequently as hardware ages. This also gives us a great opportunity to deploy new configurations, operating system versions, etc. so that we can continue adding value to our services.

Over the next several months we will be going through this process once again. All of our existing shared and reseller hosting servers will be upgraded by means of migrating to a new server. You will receive a ticket notification via our client portal once your particular server has been scheduled. Aside from announcing this I wanted to quickly highlight some of the more important changes that will take place as a part of these migrations.

First up are the hardware changes and the most important of these concerns the local storage. Over the past 13 years we’ve gone from SATA storage to SAS drives to our current hybrid SSD / SATA arrays. Now we’re very excited to be migrating to pure SSD storage. All servers will be utilizing new 12Gbps LSI RAID controllers with a minimum of six 1TB SSDs in RAID 10. The performance that we’ve been able to get from these new systems is simply amazing. While other providers may charge extra for (or not even offer) such high speed storage, all of our clients are being upgraded to it free of charge.

Continue reading

Adobe Flash & GHOST: Critical glibc Vulnerability

flash logo

Lately it seems there has been no shortage of critical vulnerabilities being discovered in commonly used software. In the past couple of weeks alone, Adobe has had to release patched versions of Flash to address a trio of publicized zero day vulnerabilities. While as a host that doesn’t really impact us directly, it should be a top priority for anyone browsing the web. The vast majority of end-user computer infections come from malicious content taking advantage of such vulnerabilities. These can often lead to your login information being compromised which certainly does become an issue for us. As always, please be sure you’re staying up-to-date with these Flash patches as well as those for your operating system, web browser, Java, etc. Continue reading

Drupal SQL Injection Vulnerability – CVE-2014-3704

drupal_logo-blue

On October 15th a very serious SQL injection vulnerability was discovered in Drupal that exists in all 7.x versions prior to 7.32. The severity of this vulnerability led to quick exploitation of it within approximately 7 hours of it having been publicized. Fortunately the provided patch to address this issue was quite simple and easy to apply. In fact, the patch only changed one line of code in the includes/database/database.inc file. Because of this we opted to go ahead and pro-actively apply the patch to all installations of Drupal 7.x on our servers. In less than an hour we had protected all of our clients’ Drupal installations from being exploited by this vulnerability. Beyond that it helped to protect our servers from attackers that were exploiting this vulnerability to run other malicious scripts. Affected clients should still upgrade their Drupal to the latest version as soon as possible.

Overall we were very pleased that this was so easily addressed on our end and we will certainly look into options like this going forward as new vulnerabilities in popular scripts are discovered. This incident shows how important it is for you to stay on top of script, plugin, and theme updates. Within a mere 7 hours of publicizing this vulnerability, it was being actively exploited. We highly recommend that you sign up for security related mailing lists for the scripts that you are using if they are available. This will give you the best chance at protecting yourself when (not if) a vulnerability like this comes to light.

Behind the Scenes: Shellshock & PHP 5.4

Here’s another quick update on what’s been going on here behind the scenes at Dathorn. As you may have heard, critical bugs were discovered in the popular Linux shell, bash. This event, dubbed “Shellshock”, started to publicly unfold about two weeks ago.

shellshock-bugThe details of these vulnerabilities can be a bit difficult to follow given the number of different patches that were posted. It even required a few quick, consecutive updates from some Linux distributions just to get it right. It seemed like each time a new patch was released someone else was able to poke holes in it, finding new methods to exploit and turning bash into a bit of swiss cheese. Continue reading

Behind the Scenes: Switches, VPN & RDP

As a continuation of our “Behind the Scenes” blog series I wanted to highlight some maintenance that we’ve completed over the past two weeks.

Switches

For starters, we’ve gone through all of our switches and have applied firmware updates as necessary. For the most part these were relatively minor but some did address potential denial of service vulnerabilities. Overall this helps us to avoid problems in the future and keeping up with new updates is generally a good idea anyways. These updates went off without a hitch thanks to our ability to first test them on equivalent spares that we keep on hand. Hardware failing in some form or another is simply a fact of life and we plan for this by building in redundancy and keeping spares on hand. We make sure to have full configuration backups for all of our switches should they need to be restored. On key switches the spares are even pre-loaded with the current configuration and powered on in-cabinet such that only swapping of network cabling would be necessary to recover from a failure. As great timing would have it, our data center also performed similar maintenance this morning on their networking equipment per our scheduled network maintenance announcement. This was likewise completed without issue. Continue reading

Behind the Scenes: Off-site Service Migrations

There’s a lot that goes on behind the scenes here to continuously improve our services so we thought it would be fun to share some of this hard work with our clients and make a new blog series of it. From time to time we will be posting what we’ve been working on here at Dathorn as we continue to strive for perfection!

As many of you know, the majority of our infrastructure and all of our hosting servers are located in Dallas, Texas. It is a great location that we’ve enjoyed through various providers for a number of years. We do, however, have a few services that are strategically placed off-site for redundancy and the convenience of our clients.

If you’ve been in the hosting business long enough, whether it be shared hosting, a dedicated server, or even colocation, you’ve likely been unfortunate enough to experience an outage of some sort. We understand that there is nothing more frustrating than coupling an outage with the inability to contact your provider because now their website, phone system, etc. is down as well. Most can be very understanding when it comes to outages but when you’re unable to even reach your provider to get an update or confirm that they’re working on the problem the situation can quickly become very stressful. Continue reading