As part of our mission to wipe the 'ghost' vulnerability (CVE-2015-0235) from our customers servers we have created 'deghost'.
Deghost is a cross-distro script to determine the vulnerability of a libc library on a server and then patch that where possible.
In most cases this is as simple as apt-get install libc6 or yum upgrade glibc. But like most things there are a lot of corner cases. This script tackles things like switch from squeeze to squeeze-lts repositories. Changing to old-releases repositories for unsupported ubuntu distros. And offers a (non-default) option to --break-eggs and do a dist-upgrade to the latest Debian/Ubuntu release.
We are excited to announce that we now offer servers in Frankfurt, Germany. This will be a great for users wanting a server central to the EU, and complements the plans we already offer in London.
You can see more information about the data center at http://rimuhosting.com/datacenters.jsp
We are using new generation Haswell-EP based servers there, with ECC registered DDR4 memory and large, fast Intel enterprise SSDs.
If you are interested in setting up a server, check out our plans.
If you are interested in dedicated server options there also pop in a query so we can talk through the options.
Image credit: melanie
Intel have just released their next generation dual proc Haswell-EP-based servers. We ordered a batch from our trusty systems integrator. And this morning the servers arrived at our Dallas data center loading dock! Those same servers are now available now on our dedicated server ordering page.
Pricing is from USD 409/m with a base config of 32GB of memory and 2x1TB hard drives.
The Haswell-EP follows on from the older Nehalem-EP, Westmere-EP, and Sandy Bridge-EP systems.
We are currently offering two of the Haswell-EP CPUs. The 6 core E5-2620v3 (2.4Ghz) and the 8 core E5-2630v3 (2.4Ghz).
Benchmarks show the Haswell-EP systems out performing similar clock speed previous gen CPUs by about 20% overall.
The new CPUs come with a new socket so there is a new main board with lots of important performance improvements:
- RimuHosting are currently using the SuperMicro X10DRI mainboard.
- This mainboard is based on Intel's C612 chipset.
- All SATA ports are SSD-loving SataIII 6gbps. Previously only 2 ports were Sata III and the remainder were SataII.
- Memory slots are DDR4. DDR4 runs at a faster speed than DDR3 (we are currently using DDR4-2133). Throughput can be increased by up to 50%. On these servers the memory is ECC registered. DDR4 power consumption is a bit lower leading to cool, reliable systems.
As usual we have options with redundant power supplies on A+B power. We also offer Intel SSD storage; hardware RAID; memory up to 256GB; and private networking.
If you wanted a Haswell-EP server in a location other than Dallas, just email us and we can quote for that in one of our other data centers.
Recent browser versions (e.g. Firefox 33) refuse to work with older Webmin installs.
They give a sec_error_invalid_key error, offer a 'Try again' button, but do not offer an option to add an exception.
Firefox 33 no longer supports certificates with private keys smaller than 1024 bits.
You can replace your webmin certificate with a new one by running this command:
openssl req -x509 -newkey rsa:2048 -keyout $file -out $file \
-days 3650 -nodes -subj \
openssl x509 -x509toreq -in $file -signkey $file >> $file
This command will create a 'pem' file with both the private key and self-signed certificate in the same file. -nodes will let you create the file without a passphrase. The -subj option saves you having to manually enter certificate details.
Or you can do it by setting ssl=0 in /etc/webmin/miniserv.conf; restarting webmin with "/etc/init.d/webmin restart" then using the web interface to make the certificate change at
Webmin -> Webmin Configuration -> SSL Encryption -> Self Signed Certificate
A quick new feature: You can now view CPU graphs for your VMs the RimuHosting control panel.
If you are using SSL in your web server, you probably want to read this.
Google recently published details about an attack that targets SSLv3.
The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it to connect via SSL 3.0. From there a man-in-the-middle attack can decrypt secure HTTP cookies. Google calls this the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. [...] In other words, your data is no longer encrypted.
The default configuration for most web servers still allows SSLv3 and often also SSLv2. And other potentially weak ciphers. However it is easy to fix, Continue reading
Written by Andrew Colin Kissa
We’re happy to announce the availability of Docker support on our VPS installations.
In this blog post, we aim to introduce you to Docker one of
the most exciting and powerful open-source projects that has sprung up in the recent
In a nutshell, Docker offers you the tools to package everything that forms an
application, allowing you to deploy the application effortless across systems and
machines both virtual and physical.
Just as Java was write once run anywhere, Docker allows you to setup once and
deploy anywhere. Continue reading
Hot on the heels of the Red Hat Enterprise Linux 7 release the Centos team have put out Centos 7 and now we are happy to offer a Centos 7 VM image on our control panel. You can select it on new installs and also on re-installs.
This has been a long awaited update due to a few new features, and changes which we have wanted/needed.
Here are a few of the changes in the new distro and what they will mean to you. Continue reading
By default, MySQL only allows local connections. This is due to security, and for the most part works just fine for most people. Ideally you can use things like PHPMyAdmin for things like this, or even command line.
Occasionally people need to connect from externally, either from a web front end, or some other PC, and this also opens things up for anyone else to connect and potentially exploit weak users/passwords, so this is how we do it.
One of our customer found it tedious to sync his live websites to his dev servers, it involved using FTP (since he had no version control) as well as the database.
The files were over 2GB by themselves, so it could be a time consuming task. As a result he asked us for a solution, and we were able to provide the following script to help him out.