Today’s top trend on server management is security. Every day there are millions of attacks on webservers across the world. I dare to use the term “hacking” because typically they aren’t. Let’s take a quick look at the definition of “Hacking”. It’s defined as gaining access to (a computer file or network) illegally or without authorization. For instance, “The Sony E-mail Hack” was true hacking, because the hackers gained access to Sony’s network and stole private e-mails from top executives.
What happens more often to webservers isn’t (to me) defined as true hacking. What commonly happens are DDOS attacks, e-mail spoofing and code injection. This isn’t “hacking” as defined as above, it’s more childs play than anything. Basically, the “attacker” exploits server weaknesses to inject malware or spyware on a system, which then infects complete random computers. This is the lowest form of “hacking” and shouldn’t be given any credit because any person with a computer and very little know how can do these sort of deeds. However, this is the trend right now and it has been the trend for some time now.
Here’s an example of what most server administrators see on a daily basis. Basically an automated “bot” (short for robot) sends out a predefined series of commands to random IP addresses until it can successfully connect and upload it’s files to their system. The picture to the right was blocked and logged just today. As you can see, D2-Designs had a couple of options it could take once we were notified of the situation at hand. Keep in mind that the Origin Country plays absolutely no hand in these attacks because they come from all over the world, even here in the U.S. The example also shows us that they attempted to connect(unsuccessfully) to our FTP protocol to upload their files to one of our clients. What their “bot” can’t decipher is, we make our clients use complex passwords to log into their accounts, as well as complete random usernames. Sure, this information may give a potential attacker a hands up but trust us when we say “We’re watching our server.” Most attacks are stopped by our automated systems, but lets say for instance that an attacker was successful – they gained access and uploaded their files. This is why antivirus software was made! Every server administrator should use software, as well as every end user (you reading this are the end user in this case). Even antivirus software isn’t fool proof, eventually some sneaky code does get through. In this case you should always have a backup of your files. I always preach, backup your backups and then back them up. We’ve used backups before, though not due to an attacker “yet” but systems fail on their own from time to time. More than that(you server administrators), should have a system in place to restore your backups, because without that a backup is just a series of files taking up space. Most hosting companies (hopefully all hosting companies) offer some sort of backup for their users. Most companies make it the responsibility of their clients to back up their files, which is fine, except how many times have you heard that there are no backups?… Exactly …
Attacks like the one illustrated here are nothing more than words on a screen. They’re information and knowledge to the administrator. They tell you that “Hey, someone’s knocking .. They didn’t get in, but just so you know there was an attempt.” Use it to your advantage, take everything you can out of your logs and apply it into protecting your server. It’s not just a space on a hard drive for your clients, it’s their on-line home. It’s a place for the world to come and see them personally. You should take pride in trying to protect them from the intruders, don’t just expect them to have the skill set that you have and let them fend for themselves. I’m not saying every client is the ideal client, but guess what, they ARE YOUR clients, and they deserve the protection on your servers. I like to have the mindset that if this were my house and you’re not invited, don’t just come and try to barge into my place like you own it. The more clients you have, the more protection you and your staff should give them. Larger companies may have automated systems to check over their clients, which is fine I suppose but I like having MY eyes on my logs and files and clients.
David D.
D2-Designs/Owner
Get Known!™
Woah,
We’ve been absent from the blog for a while, but here’s the deal, a lot of neat technical stuff is going on around here. Firstly, for about a month or so a couple of clients failed to keep their sites updated which allowed of other websites to infect them with malware and the like. As we were doing random checks of the server data and traffic flow, we had noticed that the mail server was working on over time. As it turns out there was malicious code that spread from sites within the same network. At that point it was time to do an overhaul of all of our clients software and websites. We logged into each site and started the clean up process, many of which were infected with spam mailer scripts and such. Once the sites and services were cleaned up, we moved our main data server(which all of D2-Designs clients are on). Basically what this means is, one server is shutdown and a new one is setup from scratch. It’s the equivalent of wiping your hard drive and reinstalling the Operating System.
Now all of the websites are clean and we contacted Google on behalf of each client to have them confirm that all sites are clean. In turn, once all sites passed Google’s standards of site security, they will relist their listings within Google’s database and search engines. We’ve also strengthened our mail server (which was compromised) in the last evolution of our system.
With all of the above said, the entire move was made without a hitch and customers did not have any down time during the switch. This in of itself was due to extreme diligence and focus that was given to the business at hand.
D2-Designs
We’ve been busy around here! There has been some server upgrades done, but what’s real exciting is the development of our iOS apps. We can now implement the development of a mobile site into our packages. Because this is still relatively new to D2-Designs, we’re not quiet ready to start selling the apps just yet. Stay tuned as more is to come!!
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
We ran all the necessary tests and determined that we were venerable trough our SSL. Once we discovered that hard truth fact, we immediately patched our server with the latest updates and rechecked all of our software. After the patch our server returned several repeatable reports that the patch worked and our server was once again secured. This ONLY affected D2-Designs.net! Any future client wishing to use SSL on their site for ecommerce will not have to worry about this bug because it has been squished and thrown in the trash.
D2-Designs Get Known!™
Today we’re pleased to announce the arrival of a new client to our hosting plans.
http://www.twoexpressivehands.com
Get Known!™
We took this time to do some spring cleaning. We revamped some services and adjusted some hardware. As we come up on 3 years since we started selling hosting and design we can’t be happier with the service that we have provided. We’d like to send a special thanks to all of our clients for their continued service with us, and we hope each and everyone of you continue to enjoy your home here at D2-Designs .. Get Known!™
The fact of the matter is, we don’t get much. Due to our vast knowledge in the area of computers, we’re asked all the time to fix them. Sometimes for money, but often times for family. We’re big on family here so usually it’s pro bono when we take a job. This particular setup was explained to us like this.
I have a computer that I need to work with my printer. Work was throwing it out so I took it. I had a guy look at it and he put another operating system on it. Can you fix it please?
Well of course! The picture is worth a thousand words….
As you all may know, we’ve recently updated our site. A lot has changed with our services too, now when you receive an invoice from D2-Designs, you will be able to log into your account via the e-mail without having to use your password. This was done to help those clients who don’t remember their details from the signup process but just want to pay without having to dig through e-mails to find them. Now using a hash from our server that is generated with every invoice, you can simply click on the link and be taken to pay the invoice.
What about security? No real problem there, once the link is clicked on the hash is removed from our server and the link is dead. The kicker is, the hash is only generated once the invoice is, so there’s no breach in security to your account while waiting for the new invoice. You all should know how we feel about security at this point, and we take very extreme measures to prevent any unauthorized access to anyone’s account, including ours. We’re still rolling out new improvements this month and so we hope to have those “live” real soon.
Thanks for stopping by,
D2-Designs Team
Get Known!™
There’s been a buzz about why we chose to take away the ability for anyone to sign up. The easy answer I can give is customer service. We’re not some major corporation with investors and money pouring in, as a matter of fact, it actually costs more money to offer clients hosting than it does to select who we want to host. D2-Designs was not built on the premise that we could charge our customers to make a profit. Why even have that as a business plan is beyond me to begin with.
I started the company to have a spot where people could come and get help finding a good host. At the time, we were on a good host, so naturally I pointed many people there. Then I started thinking, why instead of pointing people away to other hosts and “hoping” they have the same experience I have, I should just start my own hosting company and share all the features I like. Like not being a flood gate for everyone to sign up on. So I set limits, and got the server and merchant account. Here we are now, not big, not a major player in on-line hosting, just a small company offering consultation and hosting with some design work as well.
As time went on, more and more clients are signing up, great right!? Well not actually, because it seemed that people were signing up expecting a huge corporation to handle every single one of their needs, design, merchant setups, content, etc… Why sure I could do every single one of these, not a problem, except money. The clients ending up being low income themselves, not having capitol to pay for such services that I wasn’t offering for free!? So they move on to Godaddy and the likes and are happy now, as I’m told often in e-mails. =]
So after a couple of those experiences, I thought, why not just pick who I want to host, and beyond that, why not let my current clients pick those for me. I mean, my clients know what I’m offering and have already had great experiences here with me, so the advertisement is great. I get to pick based of recommendations from current clients, seems like a win for not only me, but the new client as well.
In short, D2-Designs isn’t going anywhere, or having issues staying up with current or new clients. We’re just picking who gets to join the family, and I think that’s a great deal. I’m sure one day we’ll let anyone signup again, maybe when staffing is right and the price for service is right, but for now, We’ll keep enjoying the clients we do have, and look forward to them helping us in return.
David D.
D2-Designs/Owner
We need to inform you that some of our services are experiencing intermittent network connectivity issues at this moment. These issues are related to a large scale upstream problem, which manifests in periodical packet loss in inter-datacenter segment.
We have reported the issue to our upstreams and now working with them to help with issue diagnostics. Unfortunately, the issue is out of our direct control, and we can not provide exact resolution ETA, however we will update this post as soon as any new information is available.
Please accept our apologies for the inconvenience this is causing. Your patience and understanding are highly appreciated.
D2-Designs Team