plogHost Support Blog - Web Hosting Philippines

Phishing Sites on Gnome

admin — Sun, 19 Apr 2009 14:40:57 +0000

Several accounts have been reported on this server as having fraud sites (of banks, Paypal, etc) and the server has been put on probation by the data center for cancellation.

We encourage all our clients to manually check their accounts for suspicious files or scripts not belonging to their account. We do not want this server to be disconnected by the data center for repeated offense.

Internal Server Error on Warden

admin — Sat, 11 Apr 2009 04:12:30 +0000

We discovered a problem with the Warden server (72.232.240.26) this morning that all sites return an Error 500 (Internal Server Error) when loading PHP files.

Accounts with simple HTML are not affected by the problem. We are figuring out the cause of this issue and is trying to resolve the problem as soon as possible. We will update this post for additional information along the way.

Update 1: File and folder permissions of accounts are fine as well as ownership. Memory limits in PHP.ini have been adjusted.

Update 2: Running cPanel Update and updating all Perl Modules. (Will run EasyApache next). Still running cPanel update….

Update 3: Recompiling PHP thru EasyApache.

DNS Problem on Gravatar Server

admin — Thu, 09 Apr 2009 03:57:10 +0000

We discovered the problem with Gravatar server a bit late. Our monitor showed it was running fine but it turns out there was a problem with the DNS. This was fixed right away.

Phishing Attack on Gnome

admin — Sat, 04 Apr 2009 20:23:01 +0000

Today, the Data Center has shut down the Gnome server (72.232.186.26) for several hours after discovering two accounts from our clients hosting a phishing website for Bank of America and Wells Fargo.

We coordinated with the DC engineers to get the server back online so we could investigate and remove the phishing sites.

It turns out that the two accounts by clients have folders that were open and allowed culprits to upload a zipped file of the fake website and extract them. We have deleted the files and secured the folders. We’re still looking into other client accounts that may have similar cases.

We request all clients to regularly and actively check their accounts for open folders (CHMOD them to 644) and update any add-on scripts or web apps they have installed so to avoid similar incidents in the future.

ArchMage Overloads due to ClamAV

admin — Sun, 22 Feb 2009 05:58:54 +0000

We experienced a couple of hours of slow server access on ArchMage due to the system installed CLAM Antivirus. Once the system initiates the virus scan, it sometimes overloads the server depending on how much files are in queue in the mail server. When this happens, the load shoots up and the server freezes.

We are working on partially disabling Clam AV but this might also affect the performance of the system to detect and remove virus infected emails in all accounts. We’ve already tried to temporarily disabled it by it turns out that once it’s been pre-installed in the server, there’s no easy way to just switch it off. The system needs to be recompiled to remove Clam AV.

Security Issues with PHPBB

admin — Fri, 13 Feb 2009 04:58:00 +0000

PHPBB has announced an injection vulnerability on their website. Those running PHPBB software are advised to update a patch on their installations:

Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.

Check more about it here.

Phishing Site on Gnome

admin — Wed, 11 Feb 2009 10:20:00 +0000

The Gnome server was temporarily shut down by the Data Center for a phishing site made by one of the new clients placed on this server. We were informed of the enforcement policy very late in the evening and was unable to act on it in two hours prompting the DC to disconnect the server so the site cannot do any damage.

We will be very vigilant to impose suspension on sites that could case a similar incident int he future. However, even if this problem was caused by a single client, it dragged along with it all other hundreds of clients in the server.

WordPress 2.7.1 is Out

admin — Tue, 10 Feb 2009 09:34:34 +0000

Those who are running WordPress can now update their blogs to the latest version 2.7.1. This version fixes bugs and security holes in the software and everyone is advised to upgrade as soon as possible. Make sure to have a backup first before doing the updates.

APF Firewall Issues with Gravatar

admin — Thu, 22 Jan 2009 09:40:04 +0000

The Gravatar server is having some issues with the system Firewall (APF). There will be instances where a specific IP address or a website is automatically added by the firewall in the block list (deny_host list) so even if the server is running fine and smooth, some ISPs and IP ranges may not be able to gain access to their websites.

What we do when we discover that this happens is to flush the IP block lists. Since the firewall does all the automated addition of IPs in its block list, we cannot monitor if a client IP has been blocked. We encourage you to let us know about it by submitted a support ticket at the Client Center so we can investigate immediately.

The firewall detects malicious activity and blocks the IPs of those activities:

- multiple failed attempts to login to cPanel and FTP
- brute force attacks
- port attacks

We have instances when a legit client has been blocked by our firewall just because of repeated failed attempts at using the wrong password in their cPanel.

Hard Drive Failures are unevitable

admin — Mon, 22 Dec 2008 09:46:03 +0000

We maintain at least 2 hard drives on each of our servers. The first drive contains the host files, databases and emails while the second drive is reserved to store backup files that are automatically generated every end of the week and end of the month.

These hard drives started working from the day they were deployed to us by our Data Center. As such, the older the server gets, the higher the probability that they might fail. We have servers with hard drives lasting for 5 years without any problem. However, it was unfortunate that one of our newer servers had a hard drive failure on the main drive which caused a couple of days of down time.

When this problem happens, we cannot avoid them the same way the HDD manufacturers (we use Seagate and Western Digital HDD) cannot guarantee us 100% reliable drives. The best we can do is make sure we have backups we can use to restore accounts and move on.