-
Certbot/Letsencrypt with Apache and Tomcat using proxypass
LetsEncrypt/Certbot is a wonderful cheap way to have an SSL cert to secure things. It works out of the box and no issues for the most part until you have things like proxy pass or other things. The fix is fairly easy however, and this works well in particular with those running tomcat behind apache…
-
Debian Stretch and old installs
We have had Debian 9 images available since shortly after it became available. But missed announcing it. So here it is, Debian 9 is code named “Stretch” and is available as a setup option on all our plans. As with other newer images, there is only a 64 bit image for new setups or re-installs.…
-
Ubuntu 18.04 available
The latest long term support (LTS) release of Ubuntu is now available for new installs. Ubuntu 18.04, also known as Bionic Beaver can be ordered at https://rimuhosting.com/order/v2orderstart.jsp. It’s also an option to consider if you reinstall an existing VPS. The official release notes for version of Ubuntu are available at https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes. This release of Ubuntu…
-
Drupal Exploits – script to detect versions
We are currently seeing a high volume of Drupal exploits running a lot of arbitrary code, including crypto mining, attacking other servers and similar due to this exploit https://www.drupal.org/sa-core-2018-002 If you want to find out if you have any vulnerable Drupal installs quickly and easily i wrote a shell script for that . Just run…
-
Spectre and Meltdown article roundup
Our team is working on the best approach to secure our customers’ systems against the recently reported Spectre and Meltdown vulnerabilities. Our first step is to understand the problem and its mitigations. This post provides a roundup of discussions and work on the topic with a focus on mitigation for the Xen hypervisor. The vulnerabilities…
-
Kernel 4.14 LTS released
We have added the latest 4.14 kernel to our list of stable kernels for 64bit VPS servers. The 4.14 kernel includes a large number of performance enhancements, including … filesystem io block_mq scheduler improvements new selectable scheduler options for disk io improved cryptographic performance cgroup2 support merged
-
Letsencrypt with Zonomi and Rimuhosting name servers using hooks
SSL is good, you should use it everywhere! Letsencrypt it is a project that allows you to obtain signed certificates for free (you should consider donating though) to secure your website. Big efforts have been done to make this accessible to anyone. In order to issue SSL certificates Certificate Authorities will check that you can control…
-
Virtualmin Changes binding from ip:80 to *:80 and breaks older configs … FIX
We have found some virtualmin installs will change the format of new virtualhosts from ip:80 to *:80 sometimes which breaks virtualhosts as the *:80 overrides the ip:80. This can result in websites showing another website content, and usually shows up right after you add a new domain in virtualmin.
-
Reboot-less Xen patching
Recently there have been two sets of Xen vulnerabilities. One being disclosed in September, the other earlier today. Historically we have had to organize host updates which required downtime to reboot VMs. For these last sets of vulnerabilities we have been able to use a recently introduced live patching feature in Xen to mitigate the…
-
DKIM and subaddressing added to 25mail.st
We have added a couple of features to the 25mail.st service. First, we now support DKIM email signing. This lets our email servers sign outgoing messages so that recipients can verify that the email was sent from an authorized server. You will need to add a DNS entry for each email domain wishing to have…