On a related note, while we do alert customers being hacked, ultimately the customer is responsible for keeping their applications updated and secure.  We offer Installatron as a means to keep the many open source scripts updated.  Application security audits is an available option by Empowering Media.

• RCS
• CVS
• Subversion
  
• Git
• Mercurial

Unfortunately, Subversion, Git and Mercurial are not available on any CentOS 3.9 install.  If you want version control software for any other server type, please contact support.

For those not familiar with how to setup SSH keys please visit:

http://www.sshkeychain.org/mirrors/SSH-with-Keys-HOWTO/

http://www.unixwiz.net/techtips/ssh-agent-forwarding.html

Shared or reseller hosting customers can still use SSH Keys to login and is the recommended method. On those servers we do not force SSH key only logins to accommodate customers who do not use them.

If you want this feature enabled please contact support.

/var/log/updates

While we still will post blogs or create tickets for major upgrades, any minor updates will be logged to this file. While we have many applications, services and config files reporting to this file, we still do not have everything yet configured. In the coming weeks and months all updates will be reported to this file. The file is rotated weekly.

If something isn’t working correctly and you think it’s because of a change we made please create a support ticket. Eventually we will create a method to either securely RSS feed this report or a method to Email customers daily reports of server changes.

1. Any Email account you create a quota (not your account quota) will get an Email alert when it’s above 85% full
2. Enabled SMTP AUTH for outbound email on port 2525 (already on 25 and 587 ports)
3. Upgraded SpamAssassin to 3.2.4 with anyone not using our dedicated anti-spam service
4. Enabled many of the options within SpamAssassin to improve catching spam
5. SMTP Port 2525 or 587 (the pseudo standard) can now be used when port 25 is blocked by your ISP
6. Can create command alias pipes “|” without creating duplicate Emails. Great to process incoming Emails with a programming script
7. Enabled nightly updates to get the latest SpamAssassin rules

I’ve created a new blog to discuss the technical side of our service and all things “tech”. The Customer Service blog will just post service interruptions, major software upgrades and new services. Technical details and other ramblings of mine will be posted to “The Dev Null Blog”

http://www.empoweringmedia.com/blog/

The first post “Going from a dedicated server to a VPS. Am I downgrading?” discusses some of the advantages of using VPS technology.

Some future blog postings:

• Puppet. What is it and how we use it to manage our computing “cloud”
• Offering root with managed hosting
• When to upgrade from shared hosting to dedicated

I hope you enjoy it.

For those who care about the technical details keep reading below…

We looked into many existing options out there (DenyHosts, APF, CSF, and sshguard to name a few) with the exception of DenyHosts they all seemed to be focused on the single server/VPS instance and not looking the bigger picture. One of the advantages of being with a managed VPS/server provider like us is we see trends at the global level. All managed, and shared servers are monitored very closely. The attacks we’ve seen lately, the hackers know these auto block services are installed and now do a much more distributed attack. It’s not uncommon to see one bad login per hour per unique IP address. The tools that focus on attacks per server just don’t cut it anymore.

We also had a few other requirements:

• be able to monitor attacks at the network wide level
• quickly (under 2 min.) block new attacks that occur
• work on each server/VPS that we manage

Based upon these requirements, we decided it was best to roll our own system. Without giving away too much technical or security details we’ve created a local DNSBL that we can add IPs to block. We wound up having to create a patched version of tcp_wrappers to support the ‘aclexec’ feature, and proftpd mod_dnsbl module that supports DNSBL usage. This has been sent out to all servers/VPS that we manage on our network. The solution in the end wound up being a very effective and simple solution.

Now I suppose you’ll ask, “Will my legitimate SSH/FTP connection be blocked by mistake?” I won’t give away specific details but I will say you’ll have to enter a considerable amount of bad passwords before this happens. In the unlikely event it does happen you will have to contact support to remove the blockage. Our system is smart enough to know what kind of attack is occurring.

In the future we may block other attacks using this system. IMAP and POP attacks are increasing and may thwart these attacks also.

We’ve basically created a botnet to block other botnets. Can anyone say Skynet? I’m waiting for Arnold to say “All be Back!”. It’s been said that over 90% of all network traffic are bots (botnets, search engine spiders, RSS feeders, etc.). It’s safe to say these attacks won’t be back, at least not on our network.