WordPress installations under fire from Botnet

There is currently a highly distributed, global attack taking place against WordPress installations everywhere. The attack is one of the more organised we have seen and is creating a high volume of accesses against wp-login URLs across our network. The attack is designed to compromise servers running WordPress so that they can become part of a large remote controlled “botnet” that can be used by criminals to disrupt the internet.

For this reason, we urge our users to ensure that any WordPress user accounts, especially those with admin/editor/contributor access have their passwords reset to one that meets or exceeds the recommendations shown on the WordPress website. A good password should be a  non-repeating string at least 8 characters long that includes upper and lower case letters, numbers and special characters.

While we are taking steps to mitigate the attacks at the network level, there is only so much we can do. If your installation has a weak password, it will remain at risk.

There is little information regarding the precise nature of the WordPress exploit that intend to use, so again, it is important that you ensure your WordPress installation, theme and plugin files are all up to date.

As we hear more, we will post it here.

In the short term, we recommend this plugin (although we cannot accept any liability for any problems it may cause):

http://wordpress.org/extend/plugins/limit-login-attempts/

This will refuse login attempts from any IP address that fails to login correctly more than a handful of times.

You can also restrict access to your WordPress login screen by adding an extra layer of security using the webserver’s built in password protection facility. This is described in our support website here:

https://support.krystal.co.uk/entries/23594403-How-to-password-protect-WordPress-wp-login-php

Comments { 2 }

Why SSL e-mail is crucial in 2013

Synopsis: If you want to save yourself a LOT of grief, then if you do one thing this week, make sure that all of your email connections are SSL enabled!

Back in the day when I started using email – when CompuServe was just starting to get into the UK market (yes, my beard is grey) nobody really worried about having their email account hacked. We were more concerned with master boot record viruses on floppy disks (remember those?) and getting more than 28kbit/s down our phone line.

All hackers should try bending spoons instead

All hackers should try bending spoons instead

These days, the story is different. The high speed internet has become a playground for misenthropes and malcontents who will exploit every opportunity to peddle porn, spam, or just disrupt your daily business for their own entertainment. The romanticised view of hackers depicted in The Matrix are somewhat departed from the reality. Attacks are becoming more commonplace and more severe, and as a hosting company we have to continually modify our tactics in an attempt to mitigate the worst effects.

Most recently we found a handful of email accounts on one of our servers sending out relatively low volumes of spam. It took us a few hours to track down the last of them, but by that time the server had been listed on SpamCop and other realtime black list providers.

Why did we not detect the unauthorised use of these accounts until it was too late? Because they were being accessed using the correct login username and password. And how did that happen, you may ask – well, that’s a good question, so let me explain.

Inherently insecure

Internet e-mail relies on a few protocols including (but not limited to) SMTP, POP3, IMAP. The problem with these protocols, like so many that were originally created decades ago, is that they are inherently insecure. That is to say, the information that go back and forth between your computer and the server is not encrypted. In tech-speak it’s called being sent “in the clear”. It’s a bit like sending all of your letters in the mail in a clear envelope – anyone can read it. Not only is the content of your email sent in the clear, but your username and passwords are also up for grabs (although we’re not discussing it here, your password is a strong one, isn’t it?).

You might have been using non-SSL email for years at home or in the office without any problem. This is because there is little opportunity for anyone to listen in on your wired connection, and most wireless internet hubs/routers supplied by ISPs to their customers are encrypted also, so between your computer and your phone line, you are reasonably safe. It’s also testament to the IT industry than nobody who works for the large telecoms providers has been arrested for stealing your account information by snooping your data at one of the large switching centres – but they could – quite easily. So how do your account details get leaked?

Dirty Wifi, dirty, dirty WiFi

Google Camera Car

Enter stage left, WiFi. Wireless networking is great isn’t it? I mean, you can go and enjoy a pie and chips at your local and still look like your working hard on answering support tickets… but I digress. The problem with Wifi is that it comes in many flavours, and some are more secure than others – and some are completely open. It’s now well known that Google, when it collected public WiFi information using it’s camera cars, it also collected countless usernames and password of email accounts.

Always be sure you know which WiFi network you are joining connecting to, and always make sure it asks for a connection password otherwise you may be open to snooping. I could go and setup a mobile WiFi network from my car and sit outside a Starbucks, and within an hour I could probably lure dozens of people to connect and capture their email account details. When was the last time you checked with the owner of the premises what their WiFi network was called?

When you go on holiday, and you connect to your friendly beach bar’s WiFi you might think you are secure because you had to enter a password. Sadly there are weak WiFi encryption systems (WEP was compromised long ago) out there that make it relatively trivial for someone else connected to the network to eavesdrop on your session. If you connect to an untrusted WiFi network (i.e. one that is not owned by you), then check the SSID (the name that comes up on your computing device) with the owner and also make sure you have to enter a password.

Super duper SSL to the resue

So, how do we protect against this invasion of our privacy?

SSL (Secure Sockets Layer) is a method by which your normal “in the clear” information is wrapped up inside an encrypted envelope. SSL is employed on the Web to secure ecommerce and baking websites, and it does much the same for your e-mail. The conversation between your email software and our email server is virtually uncrackable by people listening in. Even if you connected via a rogue WiFi network, your email connection would be safe as long as you were using SSL for both your incoming and outgoing connections.

The Post Mortem

In every case of a hacked email account on our systems, when we enquire with our customer regarding their email practices, they invariably reveal that they use mobile devices or laptops. Further, they admit to connecting to the internet from untrusted locations, WiFi hotspots and the like. They also invariably have not enabled SSL on those devices.

Not only does this cause massive inconvenience to us in tidying up the aftermath, but it can also mean that the customer concerned has to seriously consider the impact the attack has had on their personal security.

The hackers will also go back through all the email on the account, and may have found emails from banks, online retailers, medical/personal information etc, that might allow them to exploit the target’s personal identity in other ways, so really, if you do one thing this week – enable SSL on your incoming and outgoing email.

Your SSL settings are always available for your email account via your cPanel. Just follow these instructions to obtain them:

https://support.krystal.co.uk/entries/23114231-What-are-my-email-configuration-settings

Further reading

http://www.securityweek.com/e-mail-hacks-bigger-problem-you-think

Comments { 1 }

Running Sphinx on cPanel

Open Source Search Server

We’ve had a number of requests recently from our clients who want to run Sphinx on their cPanel accounts, so here is a quick tutorial on how to get Sphinx installed on cPanel in a non intrusive and safe way. Although this is unsupported, we are able to install this for our clients on our business hosting plans.

Continue Reading →

Comments { 3 }

Backing up, clean underwear and upgrades

By following the guidance in this article, you will mitigate one of the most common causes of extended downtime encountered by online business. Seriously, if you take one piece of IT advice to heart this week, then this should be it. One day you will want to buy me a drink – I promise!

I’ve had a few hobbies in my life that could potentially kill me if done badly. My mom, ever the pessimist, would say, “always put on clean underwear, just in case”. I think it’s because her generation is more worried about turning up in the emergency room with dirty unmentionables than whether they were going to survive any injuries – I digress. The point is, when it hits the fan you want to be prepared.

Most Content Management System packages, forums and e-commerce software packages these days offer their administrators quick and painless built-in upgrade functionality. On one hand, this is great, because keeping your website software up to date and plugging security holes is essential to any good security strategy.

However, from the point of view of a tech support department, I regard the days when vendors release upgrades with a degree of world weary resignation, and this is why. For a myriad different reasons, automated upgrades can and do go pear-shaped, and the results are often a broken website, a support request, and possible delays and loss of business while we work to straighten it out.

Sadly, we still see a rush of such requests every time new major versions of popular packages are released. So, when you come to upgrade anything on your website, and I mean ANYTHING, then the first thought that should enter your mind is to BACKUP YOUR DATA!

By taking a few minutes to create home directory and a database backups you can upgrade with confidence, knowing that any problems can be quickly and easily corrected. It really is simple to do, and only takes a few minutes.

How many backups are too many?

No amount of backups are too many backups! Why would I say this? After all, Krystal backs up your cPanel account, so why would you want to take your own backups? We might have a 100 Terrabyte plus behemoth taking regular snapshots of your websites, but we only retain these backups for a few days.

If your website gets hacked then cleaning it up can be a complex affair. There is also no guarantee once you have restored any files using our automated backups, that the hackers won’t have left covert modifications that may not show up for days or weeks, by which time any clean backups have been rotated out of our systems.

If you earn a living from your website then it makes sense to take your own backup of your files and databases at least once a month and retain them for at least six months. That way, if our backups don’t go back far enough, you still have an extra safety net. Storage these days is less than 50p per Gb, so there is really no excuse for not archiving your backups.

Most websites that are CMS based maintain separation between the CMS software itself and the data/images that drive them. Recovering a CMS driven site (Joomla!, WordPress, Drupal etc) from a hack is usually as simple as replacing the CMS software’s core directories with backups (leaving your uploaded content and configuration files intact). So, as long as you have backups, restoring your site should take no longer than a few minutes.

Comments { 0 }

Building the ArK

Here at Krystal we are always busy behind the scenes improving our infrastructure. We are currently in the process of building and testing the first of our new backup machines. The idea is to provide as much reliable storage as cheaply as possible to run our incremental backups that are available to every user inside the cPanel. Read on for a few more details!

Continue Reading →

Comments { 5 }

Enter now to win in our Krystmas Giveaway! Only 1 week left!

With such great prizes to be won including a Google Chromebook, Apple TV, Samsung Camera and lots more, and only 1 week left, enter now at krystal.co.uk/krystmas then remember to share your unique code!

For every friend you refer who enters with your unique code, you get 10 more entries in to the draw! So if you refer 10 friends, thats 100 more entries!

Remember you can share your code anywhere – twitter, facebook, email….

Good luck and Merry Krystmas!

Comments { 0 }

Merry Krystmas!

Would you like to be in with a chance of winning a Google Chromebook, Kindle Fire HD, Apple TV, Samsung WiFi camera, John Lewis Hamper, £50 in vouchers, or one of our many other prizes?!

Simply visit http://krystal.co.uk/krystmas to find out more! Once you have entered the prize draw,  share and for each friend you refer you will get 10 MORE ENTRIES!!

Merry Krystmas one and all!

No purchase necessary.

Comments { 0 }

Mo-Day Update 4

So the last full week of Movember is here! The boys are now dedicating all their time and effort in to ensuring they have the best and bushiest facial attire of the group! Who will be crowned Movember Champion on Thursday?! You will have to wait and see! If you would like to donate to the cause please do visit our sponsorship page - http://krystal.co.uk/movember and select ‘Donate now’. All donations are gratefully received!

Comments { 0 }

20% off any new hosting plan! Today (23.11.12) only!

America’s post-Thanksgiving bargain bonanza, “Black Friday”, is coming to Britain by way of leading tech companies such as Apple, Amazon and KRYSTAL!
SAVE 20% OFF ANY HOSTING PLAN, TODAY ONLY! Enter discount code “BLACKFRI” at checkout!
Redeem via http://krystal.co.uk/

Comments { 0 }

The Fastest UK Web Hosting? Solid State Disks (SSD) & Other Speed Tweaks

I’m delighted to announce that we have launched our first Solid State Disk (SSD) Web Hosting as part of a larger realignment towards the company’s mantra of “Speed, Support & Security”

Today’s update – Speed!

Speed Matters
Google now factor speed in their algorithm for ranking websites (Source: http://googlewebmastercentral.blogspot.com/2010/04/using-site-speed-in-web-search-ranking.html) and numerous reports indicate that visitors to websites become frustrated if a page takes even more than 1 second to load, often browsing away to another site.

The pursuit of speed and fast loading websites has always been important to Krystal and so I wanted to let you know about a number of steps we’ve taken to make your web hosting the fastest it can be.

Firstly, we’ve installed a faster web server, called nginx (pronounced “engine-x”) in front of your website. Nginx proxies requests and operates a lighter framework than Apache (the standard web server) speeding up page response times. You and your clients should already be able to notice a decrease in page load times.

Secondly, we’ve REDUCED the number of sites we put per server. We’ve purchased additional servers and spread accounts and load out across our fleet. This means each server has less work to do and therefore more time per site, which translates in to less waiting around. I believe that we now put the LEAST number of sites per server of any shared host in the UK! We make less money per server but we hope that we’ll gain fanatical clients who’ll tell others how good we are.  :)

Finally, we’ve sped up our premium web hosting. Our “Sapphire” and “Diamond” web hosting plans now have DOUBLE and QUADRUPLE the server resources they had before  (CPU and RAM). With no more than 60 sites per server these accounts have a lions share of the server. For those of you who are after the very best in load speeds, or want a dedicated server like experience but at a fraction of the cost these are an excellent option.

But we haven’t just stopped there. In order to offer the fastest UK web hosting we’ve also added the option of Solid State Disks (SSD).

Solid State Disks will certainly be the future de-facto standard for computer hard drives as the performance they offer is unrivalled. They differ from normal hard drives in that they don’t have spinning platters, acting more like computer memory (RAM), instead. Because there’s no moving parts they’re in the region of 20 times faster. Combined with the new premium CPU and RAM limits we’ve introduced we think we’ve got a strong contender for the fastest web hosting available in the UK! As a result of the expense and smaller size of SSDs, these plans do offer less disk space and cost more but will give you the very fastest performance available. Krystal also offer the most amount of SSD space of any hosting company in the UK with 5GB on the Sapphire plan and 10GB on the Diamond.

All of our premium web hosting plans include more frequent backups, out of hours emergency phone support, a free SSL certificate and domain name for life and PCI-DSS compliance making them ideal for the most demanding businesses and power users. If you’re thinking that your website or company could benefit from Krystal’s premium hosting then please take a look at https://krystal.co.uk/web-hosting-uk/, contact us or ring 03333 44 1337.

Comments { 3 }