Site hosting news, tutorials, tips, How Tos and more

Archive for the ‘Internet’ category


CTB-locker ransomware now affecting websites

Do you know what ransomware is? It’s a computer compromise, typically spread via a macro in a Microsoft Word file. Those spam “invoices” you get, with a .doc attachment? They’re almost always ransomware. If the macro is run, most of the document and image files on your computer are encrypted, and the hacker then extorts money out of you to get the key. The longer you wait, the higher the price.

Right about now you’re probably thinking, “Not a problem for me, I have backups for all my important files!” Which is good. You can reformat your computer, restore your backups and be done with it. Lesson learned. If you’re not backing up your computer files, now’s the time to start, right? Right? Get started. Seriously.

Ransomware reaches the web

If that wasn’t bad enough, the people who write ransomware have now figured out how to encrypt your website files and hold them for ransom, and compromises are spreading rapidly across the web. The compromise is done through vulnerabilities in third party applications or your own scripting (out-of-date WordPress sites are a common target – update your WordPress site, plugins and themes!).

At the time we’re writing this, that ransom starts at around $175, and goes up from there the longer you wait. The best way to guard against that is the same way you’ve guarded against site compromise forever: keep your third party application updated, and examine your own code for vulnerabilities.

But if the bad guys do get in and your site files are encrypted and held for ransom, what can you do?

Well, we make site and database backups every day, so we may be able to help you restore the unencrypted version of your files. But our backups are meant for disaster recovery, so there’s often a fee involved with pulling and restoring a copy, and it will take a little time. In addition to that, we only keep a few days of backups. If you don’t notice a ransomware compromise for four or five days, all of our backups will probably be copies of the compromised files, and therefore not useful in restoring the site.

So what’s the best answer?

The best answer is maintaining a tight ship, as far as your site is concerned. But a really good standby strategy is our SiteBackup service. It allows you not only to back up website and database files, but to keep multiple versions of those backups for long periods of time. That increases the likelihood that you will have a “clean” backup to restore to defeat the ransomware goons. The best part is you control the backups, they’re available to you immediately any time you need them.

Another cool thing that SiteBackup can do is alert you if Google flags your site as compromised, and automatically disable any further backups. That means you can rest easy that you’ll always have a clean backup for restoration.

Any way you slice it, it’s better to be safe than sorry, so we really recommend checking out SiteBackup. It’s inexpensive (starting at $2.95 a month for 10GB of backup space!), extremely easy to use, and – we think – some of the best peace of mind money can buy.

Activate SiteBackup in Control Panel now.

Here’s what a site compromised by CTB-locker looks like:

ctb



Google Chrome, SSL certificates, SHA-1, SHA-2 and the “obsolete cryptography” message

howto

Note: beginning with Chrome version 46 the yellow caution triangle has been removed from the https URL when Chrome encounters minor errors such as those described in this article.

If you use an SSL certificate (https) on your site, you may have seen a couple of new things happening in Google Chrome.

When you upgrade the Google Chrome browser to version 41 or later, you may see various warning messages such as, “The identity of this website has not been verified,” “Your connection to <domain> is not encrypted,” or other visual indications that the https connection is not secure.

Those indications can appear when your SSL certificate uses a SHA-1 signature (most SSL certificates issued before 2015 use SHA-1).

SHA-1warn

To fix the problem of browser security warnings you must get your SSL certificate re-keyed for SHA-2. If you don’t see those warnings in Chrome and you purchased your certificate recently, it may already be SHA-2. You can verify using this test site.

 

If you purchased your SHA-1 SSL certificate from us, here’s how to re-key:

1) Contact us and we will re-generate and re-submit the CSR.

2) You’ll then get an email from GeoTrust with a link to complete the process. When completing the re-key on the GeoTrust site, be sure that SHA-2 is selected as the “Hashtag Algorithm.” You can find step-by-step instructions (and a video) here.

3) After you’ve completed the reissuing process, you’ll receive an email with the new certificate. Go to Control Panel and paste the new certificate into the SSL manager and you’re finished.

 

If you purchased your SHA-1 SSL certificate from another company:

1) Contact us and we will re-generate the CSR and email it to you. Then you’ll have to contact the issuer of your certificate to get your certificate re-keyed for SHA-2.

2) When you receive the re-keyed certificate, go to Control Panel and paste the new certificate into the SSL manager and you’re finished.

 

“Obsolete cryptography” message after re-keying with SHA-2

There is another potential problem after you’ve re-keyed your SSL certificate. While the address bar will show the green lock icon, if visitors dig deeper in Chrome, they may see an “Obsolete Cryptography” message.

sha-winhost

Basically what’s happening now is they are ignoring the cipher preference we use on the server (which includes their preferred ciphers) and pointing out any “weak ciphers” they find. You might notice that many large corporate sites (such as Apple) are also insecure according to Chrome, for similar reasons.

sha-apple

That “obsolete cryptography” message may be with us for a while because Google is not providing any information (yet) on exactly what they want from the server to stop calling it insecure. It would seem that what Google would like to see is every server everywhere removing support for all older cryptographic methods.

The problem with that is removing some of those methods will shut out visitors using some older browsers and operating systems that don’t support newer methods (i.e. Windows XP). Since our servers are shared by many customers, it isn’t really an option for us to make global changes that prevent some visitors – even a small number – from accessing our customer’s sites.

We do run some special servers that do not support any of the older cryptography methods, they are primarily used by customers who need a “hardened” server to pass a PCI compliance scan. But the added security comes at a cost, as older browsers can’t connect to sites on those servers via https. Additionally, a few other things that you may take for granted now may not work, or may require adjustment or a work-around on your part. But if you’d like to move your site to such a server, just let us know.

And of course we continue to monitor information from Google on recommended server configuration, as well as continuing to test various configurations ourselves to prevent the “obsolete cryptography” message.

If you have any trouble re-keying a certificate, or if you have any questions about these ongoing changes, drop us a line and we’ll do our best to help.



Google Checkout retiring November 11


announcements

Google announced that they would be closing Google Checkout over a year ago, but now they have announced the date when the service will close permanently; November 11, 2013.

If you use Google Checkout on your site they have a FAQ to help you transition to another system.

Google-Checkout



Joomla security threat

announcements

One can never underestimate the importance of upkeep and routine maintenance, especially when it comes to web sites and applications. When we do not practice due diligence or neglect our web applications, hackers can find holes, weaknesses, and exploits in our so-called “secure” sites.

That holds even more true when it comes to “canned” applications such as Joomla. We have learned that Joomla version 2.5, and 3.1.x have a security hole that can allow anyone to upload malicious files through your application.

The malicious files can perform cross-site scripting (injecting a string of code to your web pages, which can redirect users to a phishing site), or distribute malware or Trojan files that can affect your visitor’s computers.

The security hole in Joomla is its Media Manager, which offers you a tool to upload files to the website. This is a necessary function in a CMS such as Joomla. Joomla comes with its own filtering mechanism that prevents anyone uploading files with specific extensions that can be malicious in nature. Files with extensions such as .exe or .php should not be uploaded as they can infect your web application.

However, the bug is that a trailing dot on a file name can circumvent the filtering mechanism. Normally Joomla will prevent the upload of files with a .php extension such as document.php. However, include a period at the end, such as document.php., and the file no longer fits the .php criteria.

Nasty bug to say the least. What is more frightening is that you do not have to be a registered user or have administrative privileges to the application to exploit the bug. If the Media Manager was set to be available to the public, anyone can inject your site with a malicious file.

The simplest way to solve this problem is to go to Joomla’s website, download the most recent version, and upgrade. This should have the latest patch to this security threat.

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626

http://www.joomla.org/announcements/release-news/5505-joomla-3-1-5-stable-released.html

If an upgrade is not an option for you, you can manually add the code that will prevent users from uploading files to your application with a trailing dot.

Navigate to /Libraries/Joomla/Filesystem and open file.php. Scour the code to find where the makeSafe function starts. Add the line:

// Remove any trailing dots, as those aren’t ever valid file names.
$file = rtrim($file, ‘.’);

If this line already exists then your Joomla application is immune to this specific security hole.

That doesn’t mean that you should not routinely follow up on the most recent news concerning your web applications. To really secure your site it is important to stay informed of the most recent patches for your web application.

Here are links you may want to check to stay up-to-date with Joomla’s security fixes. Keep in mind that some security patches may not apply to you depending on the version you are running.

http://www.cvedetails.com/vulnerability-list/vendor_id-3496/product_id-6129/hasexp-1/Joomla-Joomla.html

http://docs.joomla.org/Vulnerable_Extensions_List

Let me lastly say that we here at Winhost take this threat seriously. As of today, we have updated our App Installer to the most recent Joomla version (3.1.5) with the security patch installed. If you installed your Joomla application with this newest release, you are protected from this specific threat, however if you have installed an older version from us you may want to check file.php within Joomla and make sure the appropriate line is added.



War Thunder: Flying the Bell P-39 Aircobra

War Thunder is a free to play online WWII Air Combat Simulator, developed by Gaijin Entertainment and release for Open Beta in 1 November 2012, this game has quickly consumed my free time. WWII era aviation being one of my personal interests and free-to-play always being a plus, I quickly feel in love with the game.

It has several different game types to choose from, all of them team based, with differing levels of historical accuracy and realism.

You can find out a lot more general information on the game as well as the free download at warthunder.com.

This article focuses on my current favorite plane to fly, the Bell P-39 Aircobra.

P-39N

In Real Life:

Introduced the P-39Q was a solidly constructed craft with an innovative feature of placing the engine mid-ship, under the pilot. This was done in order to make space for the massive 37 MM cannon that sits in front of the pilot and fires through the propeller hub. This was backed up by two nose mounted .50 caliber machine guns and four .30 caliber machine guns in the wings.

While moving the engine back did favorably change the center of gravity for the plane and offer the pilot increased forward visibility it unfortunately placed the engine in a cramped part of the fuselage.

Bell P-39 Airacobra

With little room left the design choice was made to forgo a turbo-supercharger for the engine. This one design choice kept the Aircobra from achieving great success and prestige.

Without the turbo-supercharger the plane was restricted to low altitude work less than 5100 meters. This being unfortunate because the slow firing 37 MM cannon was best suited for large and slow targets, like the high altitude bombers of the 3rd Reich.

Unable to engage in high altitude air combat or perform bomber escort duties and only capable of carrying a meager 500 Kg bomb-load the P-39 was not suitable for the war in Europe. Without an arresting hook and with only moderate range and endurance the plane was also not suitable for combat in the Pacific.

It was through the lend-lease program that the Aircobra was able to find its niche.

In the Eastern Front combat took place at much lower altitudes, the lack of a turbo-supercharger was not an issue, Russian pilots had no problems bringing the 37 MM cannon to bear on German ground targets as well as dog fighting with the Fw 190 and Me 109’s of the Luftwaffe.

In War Thunder:

shot 2013.08.12 00.49.00

Being a level 6 plane the Aircobra is the go-to choice for arcade and some historical battle missions for mid-level players. I have access to level 9 planes now and I still include the P-39Q and P-39N in my arcade line-ups and regularly use them in historical battles. The machine gun armament is sufficient to take down other interceptors or single engine attack craft with ease and the 37 MM cannon is absolutely devastating against all aircraft, from smaller planes all the way up to 4 engine heavy bombers. The lack of turbo-super charger is much less of an issue in game than it was in real life, especially in arcade mode. This is because most air combat takes place much lower than 5100 meters, usually below even 2000 meters.

In game the plane is a stable weapons platform, at speeds exceeding 600 KM there is minimal turbulence or jutter, so once you are on-target you will stay there, lining up and putting down targets is a breeze.

The 37 MM gun IS hard to aim correctly against maneuverable opponents, it has a slow rate of fire and the projectiles themselves seem to move a lot slower than standard machine gun bullets, but with a lot of practice and some luck you will find yourself “one-shotting” (one shot fired, one plane downed) in almost every match.
The downside to such a heavy armament is that the P-39 is very fragile.

shot 2013.07.12 19.58.53

It does not have an armored cockpit, and the engine being placed in the center of the fuselage means that more shots are likely to hit it.

I often find my control surfaces being completely shot out after just one pass by an enemy fighter.

The lack of armor means that gunners on the bombers you are hunting can disable you in just a burst or two, so care must be taken to always present yourself as a hard-target.

Thankfully due to the responsiveness of the planes controls this is not hard at all.

The Aircobra is by no means or dog fighter or an energy fighter, in any kind of turning match you will find yourself with a bogie on your tail 9 times out of 10.

The plane does not retain speed or energy in a turn, after a 1000 meter dive one turn is all that it takes to reduce your speed from 600 Km to just 300 Km, and this is a death sentence if any of the enemy are around to take advantage of it.

Coupling this with the planes generally weak armor most new pilots will not last long unless proper tactics are employed.

Proper Tactics:

I fly very conservatively.

I like to imagine the pilot in the plane is really me, and dying is the last thing I personally want to do, so I try to do everything in my power to ensure I will come out on top of a fight before committing. In the beginning of a match I will generally take 5 to 10 minutes to gain altitude while flying perpendicular to the enemy.

shot 2013.08.12 00.59.12

The advantage of this is 2-fold.

1. The enemy does not get within striking distance of me, and I gain the altitude advantage.
2. My team mates generally rush in and occupy the enemy, allowing me the ability to attack from the side or above.

I generally stop gaining altitude around 5000 meters and then scan the horizon for bombers.

If I see a lone bomber trying to make a pass on our airfield or a remote column of tanks I will pursue it and try to bring it down with my heavy cannon. Bombers with escorts are not a viable target unless I know for sure the escort has high-altitude difficulties as well. Bombers themselves are hard targets to hit, they are fast and will be shooting at you with their gunners, and anything else to worry about, like a Bf 109 escort, will make getting the kill shot with your cannon much harder, if not impossible.

Also, you cannot even dream of dog fighting at this altitude, your plane will take almost half a minute to turn in a circle and your engine will be so choked for air you will be struggling to keep speed.

So let’s say that there are no viable high-altitude bomber targets, what do you do then?

The key to playing as the Aircobra is to realize that you are not in an “honorable” plane, you do not fight the capable members of the enemy team, you look for those in a bad situation, wounded, alone, or a severe positional disadvantage.

Ideally all 3.

shot 2013.07.13 05.10.40

While the Aircobra cannot keep energy in a turn it can dive at incredible speed without fear of breaking apart, in arcade i personally have dove as fast 850 Km and in historical battles 700 Km before my plane started to experience any noticeable turbulence. Using this to your advantage you will stay on the edges of a fight, several kilometers above and wait for someone to wander off or try to escape. Then you pounce on them and unleash a massive barrage at high speeds, then after you pass you use as much of your gained speed to gain altitude back up to your vantage point, rinse and repeat.

Some will recognize this tactic and the boom and zoom, this is how you fly an Aircobra.

In Summation:

shot 2013.08.12 00.49.11

The P-39 is a ideal fighter for those who don’t mind taking some time to plan a route of attack, its high maximum speed in a dive and fierce armament mean that if deployed carefully no target is out of reach, but it’s lack of armor and poor turning characteristics mean that it cannot be flown without thought.

It is one of my favorite planes for its potential to kill quickly, but it is also one of my frustrating to fly because of its potential to die just as fast.



Hello world! Um, I said, hello world! Hello? Hello?

insidewinhost

On April 24th we had a brief interruption on one of our backbone connections that made it appear as if Winhost had dropped off the map.

That interruption, outage, glitch or whatever you want to call it, raised a lot of questions that I thought I could use this opportunity to answer.

1) How could this happen?

Every data center is connected to the Internet through high capacity connections called backbone connections. The “backbone” of the Internet is a group of high capacity providers called tier 1 providers.

Tier 1 providers are pretty reliable, they have to be or the Internet wouldn’t work. But they still have problems from time to time. A cut fiber on a construction site, a natural disaster or power outage, someone flipping the wrong switch – all of these things can cause an outage on a backbone connection.

2) Why don’t you have a backup in place?

We do. We have two backbone connections to our servers, provided by different companies. Normally the traffic in and out of the servers is balanced between those two connections using a number of network analyzing tools and a lot of routers and switches.

So if one connection is dropped, everyone whose traffic has been routed through that connection is cut off. The other half of the traffic, coming in on the other backbone connection, doesn’t experience a problem. That’s what happened on the 24th.

If there was an extended outage on one of the connections we could switch all traffic to the working connection. Making that switch (and then switching back when the problem is solved) is not a trivial matter though, so we wouldn’t do it unless we anticipated a long outage on the connection that was down.

A long outage on a backbone connection is rare though, so rerouting all the traffic is usually unnecessary.

3) Why don’t you post the outage on your site or in the forum?

Anyone affected by the outage wouldn’t be able to see our site or the forum, since they can’t access anything on our network.

We reacted and responded on Google Plus, Twitter and Facebook, which is probably more effective than an outage post somewhere on our site or on a status site somewhere (that no one knows how to get to).


Things like this are part and parcel of life on the Internet. Any provider who tells you they can host your site and there will never be an outage of any kind isn’t telling you the truth. All of these things (even the mighty, mystical cloud) run on hardware. And hardware is just machines and machines don’t run perpetually without problems.

When they invent machines that do run forever without problems, we’ll be first in line to buy them. I can guarantee that. 😉

Until then, we’ll continue to provide the best service your money can buy, and be open and honest about actual and potential problems.



WordPress exploit

announcements

Thousands of WordPress sites are being compromised causing havoc with their site owners and their hosting providers. The method which the hackers are using is an old method known as a Brute Force Attack. This method simply employs the process of submitting passwords until you finally happen across the right one.

The effects on the site can vary, but it will entail a slower WordPress site, and high bandwidth consumption. This will mean you may pay more for the additional bandwidth you consume even if it was caused by your WordPress site being hacked.

To counter this you need to take two basic steps.

  1. If you are using the default administrative login “Admin” for your WordPress site update it to be other than Admin.
  2. Update the password to be more sophisticated and complex. A minimum length of eight characters is recommended. Vary the password with characters (upper and lower case), numeric, and special characters such as “#”, “!”, “%”, and “&”. This will strengthen your password making it impossible to “guess” using a brute force attack.

If you want to read up on picking a good strong password, I suggest this Microsoft article that explains how to decide what a strong password entails.

An optional feature worth considering is to enable your WordPress site with the WordPress 2 Step Authentication. It is an added security on top of inputting your login and password credentials with a random generated verification code from Google Authenticator App. You can get more details on how to enable this for your WordPress site on this link. http://en.blog.wordpress.com/2013/04/05/two-step-authentication/

If you want to read up more on these recent attacks to WordPress web sites, try looking at these links.

http://www.bbc.co.uk/news/technology-22152296

http://ma.tt/2013/04/passwords-and-brute-force/

http://www.latinospost.com/articles/16654/20130415/wordpress-site-hacked-2013-massive-botnet-targets-admin-username-more.htm

http://blog.discountasp.net/wordpress-under-attack/



Surprise! Firefox and Chrome display passwords in plain text

howto

Did you know that Mozilla Firefox and Google Chrome like to display your passwords in plain text? No? Well, they sure do.

If you want to see what I’m talking about, follow the steps below.

Open Firefox.

Click on the Firefox Menu at the top left corner.

FirefoxMenu

Select Options, then click on Options.

FirefoxOptions

Click on the Security tab at the top.

FirefoxSecurityButton

Click the Saved Passwords… button. This will open up the Saved Passwords box. Now click on Show Passwords Button.

Example Below:

FirefoxShowPassword

Surprise!

Did your jaw just hit the floor? I know mine did the first time I saw what Firefox was hiding from me all this time.

Is Google any better?

Now let’s open up Google Chrome and click Settings.

ChromeSettings

Once you get into your settings, scroll all the way to the bottom and click on Show advance settings…

ChromeShowAdvanceSettings

Look for the section Passwords and forms and click the Manage saved passwords link.

Select the site where you saved your password and click Show button.

ChromeShowPassword

Okay, I’m done with the surprises.

So how did Firefox and Google Chrome get my passwords in the first place?

To get the answer you must also answer this question: Have you ever seen the following notification in your web browser?

Mozilla Firefox:

FirefoxPasswordNotification

Google Chrome:

ChromePasswordNotification

Whenever you clicked on the shiny button “Remember Password” in Firefox or “Save Password” in Chrome, the site username and password are saved within the web browser – and as you also saw – displayed in plain simple text.

So what’s the big deal?

Anyone can walk up to your computer and take a quick look at your web browsers history/settings. Just imagine you’re at the office and you step away from your computer and a nosy/curious coworker gets the chance to take a look. That is why it’s important to always lock down your computer before you step away from your desk.

Additionally, say you’re unlucky enough to have some malicious software installed on your computer which happens to allow the hacker gain remote control of your desktop. The hacker will only have to wait until you are away from your computer to check your saved passwords.

What if you sent your computer out to a repair shop and they “just happened to” take a look at your saved passwords? It only takes a few seconds for them to snoop around on your computer and  do who-knows-what with your credentials.  There are a lot of different ways these passwords can be intercepted.  This just happens to be one method of interception that can be avoided.

So what’s the work-around and how do I keep my passwords safe? Fortunately there are plenty of third party plug-ins people use with their web browsers. Perhaps you can recommend what plug-in works best for you in the comment section below.

I found a plugin called LastPass. With 254,540 users and 827 reviews just for the Firefox plugin alone seems to be a great alternative. Best thing about this plugin is that it also works with the Google Chrome web browser.