Patching Meltdown and Spectre

Patching Meltdown and Spectre

Seems like every 1-2 years we get a major security scare in the form of a global exploit that effects server infrastructure in some fashion and requires a response. We’ve had Heartbleed, Poodle, Shellshock (who comes up with these names anyway?). 2018 didn’t wait long to bring us that gift in the form of Meltdown and Spectre. https://meltdownattack.com/ has a lot of great information about these two exploits but the short story is that rather than taking advantage of any particular software configuration, these exploits expose vulnerabilities in pretty much all modern CPUs. That means not only does this require patching for server admins like me at Reclaim Hosting and across the web, but every operating system from all computers including mobile devices and personal computers are vulnerable. The vulnerability takes advantage of exploits at the hardware as well as software layer to leak data into memory that can then be read by the attacker. It’s not a question of whether or not you are affected, you are affected.

Antivirus can’t block it either, only patching the underlying systems will resolve it and thankfully companies have been hard at work at getting these patches developed since long before the news became public. Intel became aware of the exploit last fall and many major companies have been under an NDA as they developed patches to secure their systems. Due to the complexity of this exploit however, we are still awaiting patches for some systems and now it is public (which will hopefully light a fire under certain groups to get these patches out).

Thankfully when we at Reclaim became aware of the issue last week CentOS, the distribution of Linux that powers over 90% of our server infrastructure and the only supported distribution for cPanel, was already releasing patches. We had to do some testing as well as await patches by Cloudlinux which is a third party that we use for our kernel software, but by Monday we felt confident the patches were safe and we set to work to patch our entire fleet. Normally with maintenance that involves downtime we like to give customers a heads up and with this kernel update requiring a reboot sites would indeed be offline for a few minutes, however we made the judgement call to rip the bandaid off and favor getting these patches in place as soon as possible rather than risk data being exposed as a result of the vulnerability. By 6PM Monday our entire infrastructure that runs cPanel and all CentOS servers were patched for these exploits with minimal downtime across the majority of our servers.

We have a small number of Ubuntu servers that we are still awaiting a production patch on and hope to receive that sometime this week. If you want to make sure you are secure, the best thing you can do is run all updates for your operating system and browser to make sure you’re running the absolute latest version. Due to the nature of the exploit there is no way to trace whether the vulnerability has been taken advantage of (it does not log any of its actions) so it’s particular important to be proactive. I’m proud of the capacity of Reclaim Hosting as a small operation to remain aware of these events and to stay on top of them in a timely manner.

Now can we take a nice long vacation from these major exploits? My spidey sense tells me that’s likely not to be the case as we come to rely more and more on computers and specifically internet-connected devices in our lives. It’s the new normal and the best security we can hope to have is proactive patching and awareness.

Multiple Hosting Accounts made easy for Domains

One of the things Tim has been working on lately that has me excited is deeper API integration between WordPress and cPanel. This Spring we migrated and are now hosting Princeton’s cPanel offerings. Additionally, Tim has been working on some custom integrations for their existing setup. They have 3 cPanel instances that provided their community members with a personal account, department account, and/or dev account.

Continue reading “Multiple Hosting Accounts made easy for Domains”

cPanel Conference- Wired or Weird?

^photo creds: Jim // thanks for the new twitter header!

As mentioned in my previous post, the Reclaim team had the pleasure of visiting Portland for the cPanel conference not too long ago. We had a fantastic & productive time, though it was agreed that this was not cPanel’s doing, but the fact that all of us were in the same time zone, and in a vacation-like state for a couple of days. Continue reading "cPanel Conference- Wired or Weird?"

Add-On Domains: Start to Finish

See the post on Community Forums here.

Signing up for a Reclaim Hosting account and domain for the first time is pretty straight forward, but what about when you want to add a second domain to your account? It can be a little confusing to understand the different steps and requirements, so this post is here to set the record straight:

Understanding pricing:

When first signing up for a Reclaim account, you purchase a hosting plan. (The student/individual plan is $25.00, so we’ll move forward with that in this example.) And since Reclaim is awesome, the $25.00 also gets you a free domain registration. Additional domains, however, are each $12.00 per year.

Note that you do not need an additional hosting plan when you purchase an additional domain. You can obviously add hosting if you want, but it’s not necessary. The only time you really need to mess with or adjust your hosting plan is when you’re running out of space and you need to upgrade to a larger plan.

So if you’ve got an student/individual hosting plan with two domains, your renewal price for everything each year will be $25 + $12 = $37.00.

Registering the additional domain:

Once logging into your Client Area portal, you’ll want to go to Domains > Register a new domain:

Type in the domain that you want and click Continue.

Understanding Email Retrieval: POP vs. IMAP

This week at Reclaim, the guys and I have spent a lot of time brushing up on all things email related. I say “brushing up,” but take that with a grain of salt as MX Records weren’t heavily discussed in my liberal arts, English major classrooms. I’ve learned a whole lot in the last year of being taken under the Reclaim wing, but I’m honestly thrilled that there’s still so much more to learn. So much more to conquer. I think that’s one of the major reasons why I love what I do. But I digress. 🙂

Like I mentioned, we’ve been discussing the big green monster that is email. I’ve found that this is one of the hardest topics to provide support for, given that there are so many larger concepts, as well as so many unique set ups that can be at play. So to start I wanted to go back to the basics of email configuration, and then branch off into specific scenarios in later blog posts.

So before setting up your email at Reclaim, or anywhere really, it’s important to understand what your options are. As a Reclaim Hosting user, email is configured through cPanel. cPanel supports two different methods of accessing mailboxes on the server: POP3 and IMAP.

Continue reading “Understanding Email Retrieval: POP vs. IMAP”

Updating WHOIS Contact Information

What is WHOIS?

Pronounced as the phrase who is, this system’s sole purpose is to ask the following question: who is responsible for an IP address or domain name?

Upon signing up for a domain, you must provide some general information about yourself like name, address, phone number and email. This is referred to as your WHOIS data. It is managed by domain registrars and used to identify you with whatever domain you’ve just recently purchased.

Who can see my contact information, and how can I protect it?

All registrars are required make WHOIS data open to the public. Anyone anywhere can search the WHOIS database through any search engine to learn the registered name holder of a domain. To try it out for yourself, head to who.is and search a domain name. For instance, searching facebook.com brings up the following information:

Most can agree that they would prefer not to have their home address posted on the Internet for all to see. Not to worry, there is a way to cloak your identity while still providing valid contact information for the WHOIS database.

Updating WHOIS Contact Information

Continue reading “Updating WHOIS Contact Information”

Generating a Backup of Your Reclaim Site

Just recently added this guide to our support docs, so I thought I would share it here as well.

Reclaim Hosting holds onto nightly backups of your website for up to thirty days. This provides insurance for users who are looking to experiment with their site without fear of losing their content. While reaching out to Reclaim Support for a full backup is always an option, this quick tutorial explains how you can generate one yourself right within your cPanel:

1) Log into cPanel.

2) Head to the Files section of cPanel, click on the Backup icon.

3) Under Full Backup, click Generate/ Download a Full Website Backup.

Generating a Backup of Your Reclaim Site

4) On the next page, select the Home Directory option from the Backup Destination drop-down menu.

5) For Email Address, select whether or not you wish to receive an email notification once the backup is complete. (You may also change the notification email address in the provided field if you wish.) Click Generate Backup.

Generating a Backup of Your Reclaim Site

It’s as simple as that, folks!

Changing Storage Quota for cPanel Accounts

This is a quick and easy tutorial for changing storage space quotas on specific cPanel accounts, perfect for a rainy Sunday morning. I often get this question from someone managing a Domain of One’s Own initiative that needs to modify an account to allow for more storage space.

This process is done in WHM, which is basically the GUI interface for managing all the accounts on cPanel. Once logged in you do a quick find using the word “list” (no quotes) in the left upper hand corner. Then click “List Accounts” which will allow you to search for the account you need. You can search by the username or domain as demonstrated below.
Continue reading “Changing Storage Quota for cPanel Accounts”

Site Publisher for cPanel

As a company, Reclaim Hosting is heavily invested in the cPanel software to drive a decent user experience for building on the web. It's been interesting to see them evolve the product after what honestly seemed like years of stagnation. The x3 theme which was still the default just a few years ago and felt straight out of the 90s has been replaced with Paper Lantern, a responsive theme built with Bootstrap, Angular, and jQuery. I've also kept a close eye not just on the user-facing features but also the administration tools. I love that they openly welcome discussion (and participate themselves!) in their Feature Request area and you can see as things develop and are coming down the pipe. All that being said cPanel is a big piece of software and so change is gradual and slow (which is understandable) but they have now released a rather important new feature that will no doubt be of great use to a lot of people. The latest version of cPanel includes a Site PublisherContinue reading "Site Publisher for cPanel"

CPanel’s Transfer Tool

Recently I was moving a shared hosting client from one of our older servers to a newer one because of some performance issues she was having given the resource needs of her site. I used CPanel’s Transfer Tool for this, and I wanted to quickly note how powerful it is. The Transfer Tool enables you to move an entire cPanel account from one server to another with a few clicks. When migrating accounts from other hosting companies that use CPanel, we often use cPanel’s Restore a Full Backup tool (another clutch feature) because it allows us to move all the files, test to make sure everything works, and then point the DNS. But when moving an account from one Reclaim Hosting server to another, we usually use the Transfer Tool. It’s simpler because both sites are within the same DNS Zone and we know our servers won’t block the request, which is not the case when pulling accounts from other hosting services. Finally, it is dead simple.

As an example, I decided to move the venerable ds106 from the Minutemen server to the Unwound server for the sake of getting screenshots and narrating this post.
Continue reading “CPanel’s Transfer Tool”