Next gen Haswell-EP systems available

e52620v3Intel have just released their next generation dual proc Haswell-EP-based servers.  We ordered a batch from our trusty systems integrator.  And this morning the servers arrived at our Dallas data center loading dock!  Those same servers are now available now on our dedicated server ordering page.

Pricing is from USD 409/m with a base config of 32GB of memory and 2x1TB hard drives.

The Haswell-EP follows on from the older Nehalem-EP, Westmere-EP, and Sandy Bridge-EP systems.

We are currently offering two of the Haswell-EP CPUs.  The 6 core E5-2620v3 (2.4Ghz) and the 8 core E5-2630v3 (2.4Ghz).

Benchmarks show the Haswell-EP systems out performing similar clock speed previous gen CPUs by about 20% overall.

The new CPUs come with a new socket so there is a new main board with lots of important performance improvements:

  • RimuHosting are currently using the SuperMicro X10DRI mainboard.
  • This mainboard is based on Intel's C612 chipset.
  • All SATA ports are SSD-loving SataIII 6gbps.  Previously only 2 ports were Sata III and the remainder were SataII.
  • Memory slots are DDR4.  DDR4 runs at a faster speed than DDR3 (we are currently using DDR4-2133).  Throughput can be increased by up to 50%.  On these servers the memory is ECC registered.  DDR4 power consumption is a bit lower leading to cool, reliable systems.

As usual we have options with redundant power supplies on A+B power.  We also offer Intel SSD storage; hardware RAID; memory up to 256GB; and private networking.

If you wanted a Haswell-EP server in a location other than Dallas, just email us and we can quote for that in one of our other data centers.

Posted in Rimuhosting | Tagged | Leave a comment

Replace webmin self-signed certificate to avoid sec_error_invalid_key error

badcertRecent browser versions (e.g. Firefox 33) refuse to work with older Webmin installs.

They give a sec_error_invalid_key error, offer a 'Try again' button, but do not offer an option to add an exception.

Firefox 33 no longer supports certificates with private keys smaller than 1024 bits.

You can replace your webmin certificate with a new one by running this command:

file=/etc/webmin/miniserv.pem
openssl req -x509 -newkey rsa:2048 -keyout $file  -out $file \
 -days 3650 -nodes -subj \
 "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" 
openssl x509 -x509toreq -in $file -signkey $file >> $file
/etc/init.d/webmin restart

This command will create a 'pem' file with both the private key and self-signed certificate in the same file.  -nodes will let you create the file without a passphrase.  The -subj option saves you having to manually enter certificate details.

Or you can do it by setting ssl=0 in /etc/webmin/miniserv.conf; restarting webmin with "/etc/init.d/webmin restart" then using the web interface to make the certificate change at Webmin -> Webmin Configuration -> SSL Encryption -> Self Signed Certificate

Posted in Rimuhosting | Tagged , | Leave a comment

CPU usage graphs

cpu-usage

A quick new feature:  You can now view CPU graphs for your VMs the RimuHosting control panel.

Posted in Rimuhosting | Leave a comment

SSLv3 and securing against Poodle

If you are using SSL in your web server, you probably want to read this.

Google recently published details about an attack that targets SSLv3.

The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it to connect via SSL 3.0. From there a man-in-the-middle attack can decrypt secure HTTP cookies. Google calls this the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. [...] In other words, your data is no longer encrypted.

The default configuration for most web servers still allows SSLv3 and often also SSLv2. And other potentially weak ciphers. However it is easy to fix, Continue reading

Posted in Rimuhosting, Security | Tagged , , , , , , , , | 2 Comments

Getting Started with Docker

Docker logoWritten by Andrew Colin Kissa

Introduction
We’re happy to announce the availability of Docker support on our VPS installations.
In this blog post, we aim to introduce you to Docker one of
the most exciting and powerful open-source projects that has sprung up in the recent
years.

In a nutshell, Docker offers you the tools to package everything that forms an
application, allowing you to deploy the application effortless across systems and
machines both virtual and physical.

Just as Java was write once run anywhere, Docker allows you to setup once and
deploy anywhere. Continue reading

Posted in Rimuhosting | Leave a comment

Centos 7 Release – Whats New

centos_logoHot on the heels of the Red Hat Enterprise Linux 7 release the Centos team have put out Centos 7 and now we are happy to offer a Centos 7 VM image on our control panel.  You can select it on new installs and also on re-installs.

This has been a long awaited update due to a few new features, and changes which we have wanted/needed.

Here are a few of the changes in the new distro and what they will mean to you. Continue reading

Posted in Rimuhosting | Tagged , | Leave a comment

Connecting to MySQL from external sources + IPTables

MySQLBy default, MySQL only allows local connections. This is due to security, and for the most part works just fine for most people. Ideally you can use things like PHPMyAdmin for things like this, or even command line.

Occasionally people need to connect from externally, either from a web front end, or some other PC, and this also opens things up for anyone else to connect and potentially exploit weak users/passwords, so this is how we do it.

Continue reading

Posted in HOWTO | Comments Off

Sync live sites to in-house dev servers

One of our customer found it tedious to sync his live websites to his dev servers, it involved using FTP (since he had no version control) as well as the database.
The files were over 2GB by themselves, so it could be a time consuming task. As a result he asked us for a solution, and we were able to provide the following script to help him out.
Continue reading

Posted in HOWTO | 1 Comment

Two Factor Authentication

authenticator-tokenWe have just added optional two factor authentication to the RimuHosting control panel.

You can enable it at http://rimuhosting.com/cp/twofactor.jsp

It uses Time-based One Time Password (TOTP) so you will need an application like Google Authenticator or Authy.

To enable 2FA scan the QR code to your TOTP application then enter the 6 digit token your TOTP application presents.

The next time you log in you will be asked to enter your confirmation code.

This setup means that even if someone obtains your password they will still require something you have (e.g. your smartphone with the TOTP application) in order to log in.

login-step

Posted in Rimuhosting | Tagged , , | Comments Off

Preventing brute force WordPress login attacks

wordpress-logo-notext-rgbOver the last month or two we have seen an increase in WordPress brute force login attacks.

The symptom is typically higher CPU usage on your server (often resulting in slower page load times). It can be particularly painful on servers running php through fast CGI (like Plesk server setups).

For a good summary of the issue see: http://codex.wordpress.org/Brute_Force_Attacks

If you have good, strong passwords set then this will likely not be a security threat to you.  But the CPU usage on those login attempts can be very high and result in lower performance.

You can check if you are affected by taking a peek at your apache logs. e.g. looks for lots of these kinds or requests: Continue reading

Posted in Rimuhosting | Tagged , | Comments Off