deghost ridding the world of the ghost vulnerability one host at a time

deghostAs part of our mission to wipe the 'ghost' vulnerability (CVE-2015-0235) from our customers servers we have created 'deghost'.

Deghost is a cross-distro script to determine the vulnerability of a libc library on a server and then patch that where possible.

https://github.com/pbkwee/deghost

In most cases this is as simple as apt-get install libc6 or yum upgrade glibc.  But like most things there are a lot of corner cases.  This script tackles things like switch from squeeze to squeeze-lts repositories.  Changing to old-releases repositories for unsupported ubuntu distros.  And offers a (non-default) option to --break-eggs and do a dist-upgrade to the latest Debian/Ubuntu release.

Posted in Rimuhosting | Tagged , | Leave a comment

RimuHosting adds a Frankfurt presence

We are excited to announce that we now offer servers in Frankfurt, Germany. This will be a great for users wanting a server central to the EU, and complements the plans we already offer in London.

You can see more information about the data center at http://rimuhosting.com/datacenters.jsp

We are using new generation Haswell-EP based servers there, with ECC registered DDR4 memory and large, fast Intel enterprise SSDs.

If you are interested in setting up a server, check out our plans.

If you are interested in dedicated server options there also pop in a query so we can talk through the options.

Image credit: melanie

 

Posted in Rimuhosting | Tagged , , , , , | Leave a comment

Next gen Haswell-EP systems available

e52620v3Intel have just released their next generation dual proc Haswell-EP-based servers.  We ordered a batch from our trusty systems integrator.  And this morning the servers arrived at our Dallas data center loading dock!  Those same servers are now available now on our dedicated server ordering page.

Pricing is from USD 409/m with a base config of 32GB of memory and 2x1TB hard drives.

The Haswell-EP follows on from the older Nehalem-EP, Westmere-EP, and Sandy Bridge-EP systems.

We are currently offering two of the Haswell-EP CPUs.  The 6 core E5-2620v3 (2.4Ghz) and the 8 core E5-2630v3 (2.4Ghz).

Benchmarks show the Haswell-EP systems out performing similar clock speed previous gen CPUs by about 20% overall.

The new CPUs come with a new socket so there is a new main board with lots of important performance improvements:

  • RimuHosting are currently using the SuperMicro X10DRI mainboard.
  • This mainboard is based on Intel's C612 chipset.
  • All SATA ports are SSD-loving SataIII 6gbps.  Previously only 2 ports were Sata III and the remainder were SataII.
  • Memory slots are DDR4.  DDR4 runs at a faster speed than DDR3 (we are currently using DDR4-2133).  Throughput can be increased by up to 50%.  On these servers the memory is ECC registered.  DDR4 power consumption is a bit lower leading to cool, reliable systems.

As usual we have options with redundant power supplies on A+B power.  We also offer Intel SSD storage; hardware RAID; memory up to 256GB; and private networking.

If you wanted a Haswell-EP server in a location other than Dallas, just email us and we can quote for that in one of our other data centers.

Posted in Rimuhosting | Tagged | Leave a comment

Replace webmin self-signed certificate to avoid sec_error_invalid_key error

badcertRecent browser versions (e.g. Firefox 33) refuse to work with older Webmin installs.

They give a sec_error_invalid_key error, offer a 'Try again' button, but do not offer an option to add an exception.

Firefox 33 no longer supports certificates with private keys smaller than 1024 bits.

You can replace your webmin certificate with a new one by running this command:

file=/etc/webmin/miniserv.pem
openssl req -x509 -newkey rsa:2048 -keyout $file  -out $file \
 -days 3650 -nodes -subj \
 "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" 
openssl x509 -x509toreq -in $file -signkey $file >> $file
/etc/init.d/webmin restart

This command will create a 'pem' file with both the private key and self-signed certificate in the same file.  -nodes will let you create the file without a passphrase.  The -subj option saves you having to manually enter certificate details.

Or you can do it by setting ssl=0 in /etc/webmin/miniserv.conf; restarting webmin with "/etc/init.d/webmin restart" then using the web interface to make the certificate change at Webmin -> Webmin Configuration -> SSL Encryption -> Self Signed Certificate

Posted in Rimuhosting | Tagged , | 1 Comment

CPU usage graphs

cpu-usage

A quick new feature:  You can now view CPU graphs for your VMs the RimuHosting control panel.

Posted in Rimuhosting | Leave a comment

SSLv3 and securing against Poodle

If you are using SSL in your web server, you probably want to read this.

Google recently published details about an attack that targets SSLv3.

The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it to connect via SSL 3.0. From there a man-in-the-middle attack can decrypt secure HTTP cookies. Google calls this the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. [...] In other words, your data is no longer encrypted.

The default configuration for most web servers still allows SSLv3 and often also SSLv2. And other potentially weak ciphers. However it is easy to fix, Continue reading

Posted in Rimuhosting, Security | Tagged , , , , , , , , | 2 Comments

Getting Started with Docker

Docker logoWritten by Andrew Colin Kissa

Introduction
We’re happy to announce the availability of Docker support on our VPS installations.
In this blog post, we aim to introduce you to Docker one of
the most exciting and powerful open-source projects that has sprung up in the recent
years.

In a nutshell, Docker offers you the tools to package everything that forms an
application, allowing you to deploy the application effortless across systems and
machines both virtual and physical.

Just as Java was write once run anywhere, Docker allows you to setup once and
deploy anywhere. Continue reading

Posted in Rimuhosting | Leave a comment

Centos 7 Release – Whats New

centos_logoHot on the heels of the Red Hat Enterprise Linux 7 release the Centos team have put out Centos 7 and now we are happy to offer a Centos 7 VM image on our control panel.  You can select it on new installs and also on re-installs.

This has been a long awaited update due to a few new features, and changes which we have wanted/needed.

Here are a few of the changes in the new distro and what they will mean to you. Continue reading

Posted in Rimuhosting | Tagged , | Comments Off

Connecting to MySQL from external sources + IPTables

MySQLBy default, MySQL only allows local connections. This is due to security, and for the most part works just fine for most people. Ideally you can use things like PHPMyAdmin for things like this, or even command line.

Occasionally people need to connect from externally, either from a web front end, or some other PC, and this also opens things up for anyone else to connect and potentially exploit weak users/passwords, so this is how we do it.

Continue reading

Posted in HOWTO | Comments Off

Sync live sites to in-house dev servers

One of our customer found it tedious to sync his live websites to his dev servers, it involved using FTP (since he had no version control) as well as the database.
The files were over 2GB by themselves, so it could be a time consuming task. As a result he asked us for a solution, and we were able to provide the following script to help him out.
Continue reading

Posted in HOWTO | 1 Comment