You may remember my recent blog about our network's anti-phishing page. Basically, when we find a compromised account on a server, we apply a redirection on any phish content (dimenoc.com/antiphish) rather than just disabling the page from view. Ray, one of our lead abuse administrators, analyzed the web stats for our phishing redirect page. In only four months over 11,000 unique IP addresses have hit the page. Can you believe it? Some of those visitors may not have fell for the scams (had they still been online), but for the rest: this amount of visits is startling. I was not expecting so many hits! I thought the Internet community was largely around this curve. There is obviously a lot of teaching yet to be done.I am very pleased that those Internet users have been saved by our actions. Hopefully many of them will never click such links again and help others to understand the same. This redirection method may be one of our last chances to educate, at least where "phish spam" is concerned.Our overall experience with this has truly inspired me so I will be writing further about this topic in my next post. Feel free to comment with your thoughts and any ideas. More About Kayla

Surpass Hosting

You know that I feel data center responsibility is very important, my past blog posts reflect that. I may be most familiar with the world of cPanel servers, but overall the ideals of security are the same for all data centers. No matter the types of servers we're hosting, we have to guide our customers in keeping their systems clean and up to date. In order to gauge our collective success I am always seeking articles that discuss if hosts are doing a good job administrating their customers. The latest press release from StopBadware.org has really turned up the heat in this topic. They released the findings of a data study which collected information on the hosts of spyware and malware distributors. The most disturbing fact revealed was that nearly 11,000 sites at iPower were reported to host some form of badware. This does not mean that all of the sites still exist on their network, but it's an alarming number to collect in the first place. EIG will have a lot of work to do, if they choose?"Web hackers and badware distributors are constantly finding new ways to work around the safeguards that are put in place to protect consumers," Palfrey said in a press release. "Web hosting providers must do their part to stay ahead of the curve and help keep the Web sites they host safe from malicious attacks."To our credit, it truly is a hard job to stay ahead of that all important curve. This is especially so when it comes to dedicated server clients. They can configure their servers however they would like and their choices aren't always the best ones. Then we guide them, one by one, when issues come up on their servers from port scans to spamming. Then with each report of malicious activity that we receive from third parties, we have to ask ourselves is this happening on any other server with this configuration? If so, plans must be made to counteract the issue to prevent it from happening again. I think companies are also capable of attracting a certain type of client. If you make your stance on security clear and upfront, you will attract clients that also hold your same values. If you don't have a section of your website devoted to security, it really is time to create one in order to help every type of customer you have (from experienced to not so). Education is the only way we will combat these problems. Hosts have placed focus on topics that have been easier to talk about, from increased storage space to free applications included with plans. Now it is just as important to mention your security plans right along side the marketing speak. And just as Lou Honick so expertly stated in his latest post,"Make no mistake, customers expect 100% uptime, all of the disk space and bandwidth included with their plans, and enough processing power to do whatever they need with their website. Whether we like it or not, whether it is fair or reasonable, that IS the expectation. And it will continue to be the expectation until we tell customers otherwise, emphatically and clearly."There is no doubt about it: until we make security as important of a "feature" as everything else we offer, it will not be serious to our customers. We have to make our mission very clear to our client base or we will not progress. In the meantime, what happens now with the companies listed in StopBadware's report? Are they going to begin a mass cleanup or will the sites remain? We are responsible for large "pieces" of the Internet and the actions we take now can make the Internet a better and safer place for the future. More About Kayla

Surpass Hosting

On most web servers, PHP normally executes as the user "nobody" and is ran as an Apache module. The ability to execute arbitrary code as an unprivileged user may lead to modified web content, denial of service, or further compromise. With that said, why does an unsafe configuration still reign as default for many web hosts? Perhaps it has just been the quick and dirty way to get a server up and running. This setup also leaves something to be desired in file and permission structure.Since there was never an official Web Hosting Manual, the quick way has been the only way far too long. The bad guys have now had more than enough time to romp around the stateless protocol. They are all knowing of the fact that thousands upon thousands of servers are humming along in this disorganized state, fully welcoming of their trespasses. But running hundreds of nameless processes seems silly, doesn't it? Why would a person responsible for a piece of the Internet even think allowing anonymous activity made sense? And if we usually want things the fast and easy way, how can we expect something this tangled to be managed properly? It's especially peculiar when you consider the learning curve faced by reseller account holders turned server managers. Even though I have painted a dark scene, this setup is not such a bad thing on a server which houses only a few accounts. On the other hand, a web hosting company with thousands of customers dotted across a server farm will absolutely need a different approach for keeping track of user activity.PHP can really exist in pseudo server harmony even though it is the most major source of problems for many hosts. Just one change is a great start to regaining control of your network. Just take a look at how PHP is running on your server: PHP running as "nobody" is not the way to go. Since web-based PHP applications spell doom, all processes need to be attached to the usernames of your customers. An easy way to fix that is to run PHPsuexec. Once you do this you can also completely disallow emailing from old-style scripts which send messages via nobody (such as dated contact forms and guestbooks). "PHPsuexec is the shortened term often used to describe running PHP as a CGI [module] with suexec. Running PHP as a CGI with suexec creates a much more secure environment compared to running PHP as an Apache module." A quick Google search revealed this fairly thorough article on phpsuexec which you can find here. If you have any qualms or critiques on how nobody can become somebody, please let me know! More About Kayla

Surpass Hosting

Is 2007 the start of a new era, where even the modest hosting company trumpets their impeccable security measures, or is it really more of the same - lots less action than marketing speak? More and more companies cite their security services as a selling point today. To hosts who want to serve the needs of their customers today and in the future, their charter for 2007 is clear: Security impels careful vigilance. Develop the best system today, leave it to rust and you'll find that scammers will certainly overwhelm it. As those who seek to defraud adapt, so too must the web host, and with it their procedures and plans. If you're a system administrator you already know that it's a bad month for PHP. This is scary because so many web hosts and resellers out there are putting servers online without any PHP hardening. The "default" is no longer good enough. If you are already aware of that, you are definitely deserving of much applause. If you're a customer looking for secure hosting, you might give Google a search right? Well this is another scary part. The first result for a "secure web host" returns this hosting plan, and I really don't see what is so secure about it. Plus how can something so secure be available to you within minutes? Most of the results are just like that one: murky and questionable. Now is the time to make sure your procedures are clear and become known as a host that is serious about security and not just talk. What are you doing exactly to prevent PHP exploits? PHP is the biggest problem for hosts right now, by far. In my next blog I'll tell you what I'm doing. More About Kayla

Surpass Hosting

A multi-layered approach is necessary to prevent exploits and spam outbreaks in your network. Unfortunately there are some problems you'll never have complete control over. As detailed as your company's processes may be, and despite the security rules and regulations outlined to users, phishing will still occur occasionally. In these situations the swiftness of the takedown becomes most important. Your response time is likely excellent if you already have an abuse team scanning reports around the clock. However, besides disabling scams as quickly as possible, it is also important how you disable them.You might consider redirecting phishing pages to an educational resource about online scams. Our data center has been doing this for some time with good results. DimeNOC.com/antiphish is the page we define in the compromised directory's .htaccess file. This way instead of simply disabling a directory containing a phish or showing a suspended note, we aim to help the Internet community along the way. It is nearly impossible to keep on top of every server in a data center, so being quick with the takedown is first priority while educating society takes the stage as well. You also must remember that when you are proactive and responsive, you are also giving your company a competitive advantage. Many hosting companies are more concerned with the amount of sales they are getting in one day than giving careful attention to network activity. This is something that must change. Abuse hurts your servers, your reputation, and innocent people -- especially when it comes to phishing. Hosts and data centers have an important role in consumer awareness and that cannot be overlooked. Make sure that your customers know that you care about these problems.[Antiphish Redirection Page] More About Kayla

Surpass Hosting