Recently rackAID sent out a survey to clients using our managed services. Though there is always room for improvement, the survey shows that we still maintain very high marks in the areas of customer satisfaction, staff expertise, and problem resolution. We thank you for your praises and will continue to work diligently to improve our services.

What I was really happy to see were comments like these:

"Freeing up my time so I don't have to make sure my server is secure, updated and
always running smoothly."

"Not having to have expert IT staff."

"I am a web designer and I don't have the knowledge or expertise to handle issues
when something goes wrong with a server. I can relax knowing you guys have everything
under control and if anything goes wrong, it's not up to me to solve it."

These comments reflect the key values that rackAID delivers. We will continue to deploy new products and services and refine old ones to assure we continue to deliver.

We Check for Updates Every Hour!
We asked "How often do you think rackAID checks for patches on your server?" Nobody answered this questions correctly. We use automated systems to monitor your server for updates. Should your server have a new patch available, we detect in under an hour. In most cases, those patches are applied in under 24 hours.

Dozens of Patches Per Month
We also asked how many patches do you think we apply to your server each month. This varies considerably form just a few patches to more than 100 when major updates roll out. On average, we estimate we apply between 20-50 patches per month on newer OS versions. This does not even count the patches for control panels.

We have few issues updating servers because our experience has taught us which packages are problematic and which ones apply safely. We maintain lists of these troublesome updates and use special procedures to apply them when they arrive. This approach results in fewer post-upgrade issues.

Security is Paramount
Based on some survey questions and comments, security tops the list in service areas in which we need solutions.

Over the next few months, watch for announcements regarding:

• Email Security Solutions
• Server Security Testing/Scanning
• Web Application Firewalls

"This site may harm your computer."

Removing your site from the malware list, requires that you first fix your site security and then use Google's webmaster tools for a review of your listing.

Continue reading "How to Remove Google or Firefox Site May Harm You Warning" »

This is a second post in a series dealing with removing your IP from various email blacklists. In the first post, I covered how to remove your IP from Yahoo's blacklist. I recommend reading the first post as there is some details on there about how to proceed that are applicable to any blacklist removal process.

For Earthlink, the process involves:

• Emailing Earthlink's postmaster at a special address


• Reading the response email


• Cleaning up any blacklist issues if you have them


• Submitting your IP for removal from Earthlink's blacklist

As mentioned with Yahoo!, this procedure will not help you if you do not fix the problem. If you've fixed the problem, then read on to learn how to get removed from Earthlink's blacklist.

Continue reading "How to Remove your Email Server IP from Earthlink's Blacklist" »

Yesterday, I commented on how hardening host.conf file provides very little security. Today, I want to focus on another item often found on "server hardening" checklists: TMP directory hardening. While TMP directory hardening still has its place, I feel it has lost its effectiveness in today's threat landscape.

Continue reading "TMP Directory Hardening Increasingly Ineffective" »

If you've ever looked at Linux server management companies, you often find a laundry list of "security" items that they apply to your servers. Many of these items are nothing more than standard practices while others are simply popular items gleamed from forums. Many of these "tweaks" have no real testing behind them; they are often applied with no real information as to why they are done.

Over the next few weeks, I will discuss some of these server hardening practices and try to determine which ones provide real benefit. This way, when you look at long list of server hardening items, you will know what is valuable or not.

As I noted before, the number of security updates typically declines as a OS matures. Keeping your system standardize by not tweaking things unnecessarily improves long term server stability and security by making ongoing management more coherent.

Continue reading "Host.conf Hardening of Little Value to Web Hosts" »

I've previously written on how to stop email backscatter. In case you missed that post, email backscatter is when your server bounces and email to an unknown user. Since the reply-to fields can be spoofed, this allows spammers to bounce emails off of your server, thus getting their spam delivered. Instead of sending these non-delivery reports (NDRs), you can set your server to reject email to unknown user. While this may sound similar, rejects send a 500 series email error to the senders server. Rejects do not send emails. As a result, the backscatter problem is stopped.

Email Forwards Cause Backscatter
Recently, I investigated a server that had become listed in backscatter.orgs RBL. This way surprising since every domain on the server was set to reject email to unknown users. I also verified that emails to users at the servers hostname, eg. nosuchuser@host.domain.com, also did not bounce. So I was surprised to see the IP in backscatter.org's RBL, and since they fail to provide any evidence for why the IP was listed, I had to dig further.

Digging into emails sent to the postmaster, I found something curious. Someone had emailed an account which was being forwarded to another account. However, this other account was no longer valid. As a result, the forwarded email was bouncing.

Since recipient checks do not pass through to forwarded emails, this opened the door for backscatter. This account had a high volume of spam which is likely what got it nailed in backscatter.org.

Unfortunately, I don't see an easy way to resolve this other than remove the forward. The plesk server would have to do a sender verify call-out to prevent this from happening and sender call-outs are often just as bad as backscatter.

So if you find you've been nailed for backscatter and cannot find the cause. You may want to look at forwards. I've not tested it but I suspect this behavior is consistent on other email platforms.

TIP
On plesk, I recommend creating a site or domain alias that matches the hostname of the server. You can then create a root email account with abuse, postmaster and other aliases. Collecting these emails can be useful for diagnostic purposes.

The infamous Conficker worm may be up to something on April 1st. Security experts are still not clear about the intention of this virus. A recent discovery of a fingerprint has allowed investigators to develop some tools to help with automated scanning.

Popular tools like Nessus should be updated to assure you have this signature in place. I am still looking for the Nmap procedure referenced in TheRegister article but have not found it.

Conficker is thought to have infected millions of computers. Since the infection it has been dormant. The only instructions are for it to call in on April 1st for more instructions.

Though this may turn out to be another Y2K, I suggest running full virus scans on all of your systems. Conficker uses a variety of techniques to evade antivirus software, so if you do find an infected systems, remove it from the network immediately.

Removing Conficker/Downadup/Kido
For your desktop, be sure to get the latest version of your antivirus software and conduct a full virus scan of your system. For servers, if you are running Linux, then do not worry this is a Windows virus.

If for some reason you don't trust or don't have desktop AV software, here are a few tools to help:

Bitdefender has provided a stand alone removal tool conficker removal tool.

F-Secure has as free online service that can help.

At rackAID, we use AVG's anti-virus since they provide both Linux and Windows versions. Their network licensing fees and two-year subscriptions significantly lower costs over their competitors.

Of these tools, I like Bitdefenders standalone tool as it is target specific and easy to use.

Searchers Beware
If you are searching for information on Conficker, be very careful. I have noticed a large number of spam links -- some containing other malware. If you want information, go to your AV vendor's web site.

Over eight years ago, Scot Culp of Microsoft, published two white papers that get tossed around in security circles over and over. The 10 Immutable Laws of Security Administration and the 10 Immutable Laws of Security are often referenced in introductory security classes. Though these rules are dated, they are still relevant today. Just want to comment on a few of them and how we see them impacting our clients today.

10 Immutable Laws of Security Administration

• Law #1: Nobody believes anything bad can happen to them, until it does
• Law #2: Security only works if the secure way also happens to be the easy way
• Law #3: If you don't keep up with security fixes, your network won't be yours for long
• Law #4: It doesn't do much good to install security fixes on a computer that was never secured to begin with
• Law #5: Eternal vigilance is the price of security
• Law #6: There really is someone out there trying to guess your passwords
• Law #7: The most secure network is a well-administered one
• Law #8: The difficulty of defending a network is directly proportional to its complexity
• Law #9: Security isn't about risk avoidance; it's about risk management
• Law #10: Technology is not a panacea

Law #1 Nobody believes anything bad can happen to them, until it does
This is probably the biggest stumbling block we encounter when working with small businesses. People like to think they are not targets, and to some extent, small businesses are not targets. The issue is that a significant amount of server compromises are not directed attacks but simply random scanning. If a bot scans your server and finds vulnerabilities, you quickly become a target. You don't have to hang a "Can't Hack This!" sign to solicit attention. If the random scanning turns up a juicy port or application, you become a target. So while you may not think it will happy to you, I can assure you that your server is being scanned frequently.

Law #3: If you don't keep up with security fixes, your network won't be yours for long
The key value of our linux server management offerings is the software update service. Beyond the monitoring and help desk support, our routine application of security patches keeps minor exploits from becoming major ones and reduces the chance of a critical security failure. Staying on top of security threats and plugging holes is vital. The number one issue we see is web applications. While we can do everything to keep the server secure, if you don't update your web applications, you can quickly become a victim. Web applications have quickly risen to the top of SAN's Top 20 threats and will likely remain there until easier update methods emerge.

Law #6: There really is someone out there trying to guess your passwordsrackAID earns $1000's per year fixing security issues that were directly attributed to poor password security. Nearly every month, we encounter some system with a very poor password or using the same password in multiple contexts. You can use Winguide's Password Generator to make a strong password (8 characters with numbers, capitalization, and symbols). If you are worried about forgetting passwords, search for any number of password management tools.

Law #8: The difficulty of defending a network is directly proportional to its complexity
This is why when you want us to add some third party software we push back. Adding complexity should only be done when it is a business or technological necessity. As I pointed out with Red Hat Updates, keeping things stock is critical to easy server management.

Law #10: Technology is not a panacea
Too often people forget that there are other people out there trying to do back things to their network. Clever security technology can be cracked by clever hackers. Planning for security, implementing those plans, and knowing what to do when something does go wrong is key. This is one reason we push our CDP backup services. By retaining older backups, we can easily roll back a system to a pre-intrusion state. Our server backup services have save many people after their blog was hacked due to an outdated version.

These are some of the key issues we see impacting our clients. I recommend you review the full list of 10 Immutable Laws of Security Administration and 10 Immutable Laws of Security. Though written years ago, they are still relevant today.

The DSBL real-time blacklist was shutdown almost a year ago. However, their nameservers continued to answer requests until yesterday.

If you are using list.dsbl.org in your RBL settings, you will want to remove this as soon as possible.

This may cause intermittent failures and RBL lookups timeout.

On Plesk, go to Servers - Mail area and adjust the RBL lists your server is using.

A few weeks ago, I stumbled onto Zoho. Zoho is a SaaS provider delivering many business targeted applications. Since we provide linux server management services, you would think we would just fire up our own software on any number of the servers we own. However, sometimes it is quicker just to outsource a function rather than deal with setting up software.

Project Management
We are currently overhauling our service offerings, launching a new marketing plan, and tuning up some items in the back office. When it was just a couple of us, those tasks were easy to manage, but with our growth, there are about a half dozen people involved with some working remotely. We then have about a dozen service partners that are helping us with marketing materials and development. To co-ordinate all of this, I started looking for project management solutions.

I looked around and found several options, but I wanted something quickly. Getting going with Zoho was quick and free (for 1 project). That's a combination I could not resist.

I am still getting used to the software, but thus far, the Zoho tools are working well. You can have multiple projects with the paid version, each project has key milestones, and then specific tasks. The system sends out email notices for meetings, task updates, and other changes to a project.

As with any software, you have to get used to its quarks, but at little over $100 per year it is a bargain. Even if it does not serve our long term needs, the Zoho subscription model, low costs and easy sign up made the buying decision a trivial one.

Hosted Services
I think Zoho represents the future of "hosting". No longer can we sit back and provide a "hosting" plan with megabytes of space and dozens of email accounts. Businesses want solutions.

When I talk to other small business owners, I rarely here them say, "I need about 500MB of disk space, 10GBs of bandwidth and 35 email accounts." Instead they ask for a place to share documents, a place to conduct virtual meetings, a place to have a shared calendar or address book.

While Zoho may lake the popularity of Google Apps, they certain have a compelling suite of services. From document management to invoicing to remote desktop interaction, they have a wide range of services that will allow solution integrators to develop niche-specific solutions.

Building Blocks
I like Zoho because they provide the building blocks for integrated applications. This will allow tremendous flexibility for solution providers to deliver robust, customized applications to small business owners. I suspect I really like this approach as it is similar to the one we are adopting.

rackAID taps many service vendors to create building blocks for a robust IT infrastructure. We integrate solutions from backup, security, and hosting vendors to provide a single integrated product. You no longer have to deal with a half dozen vendors when a problem arises; you can just contact us and we handle the vendor relationships.

Zoho's model may grow to be similar. Integrated solution providers will abstract their clients from the gritty technical details. They will integrate solutions from Zoho, Microsoft, Google and others to give the client what they want.

I know "cloud computing" is all of the rage now (and for the past year), but don't count SaaS out. The company that makes SaaS building blocks that are portable, easy to use, and easy to price, will certainly see a bright future.