SWH Server Updates

We have installed a new client billing and support script on selfwebhosting.com/client - all active clients in the old system installed on selfwebhosting.ws/orders have been transferred over to this new system. If you have problem login to the new system, please let us know.

We have several problems with our dedicated server located in Denmark. Besides being very slow compared to our servers located in North America, there has been several incidences occurring recently which are total unacceptable.

So we are going to move all sites hosted out there and transfer them to a faster and more stable server located in North America. Because the email format is Dovecot for DirectAdmin and inbox for cPanel - we will still use DirectAdmin as the control panel on the new server.

How do you know if your site is hosted on that dedicated server?

If your site’s control panel is DirectAdmin (login from yoursite.com/config), then it is hosted there for sure as the dedicated server is the only server running DirectAdmin as control panel.

What should you do if your site is hosted there?

Nothing for now. We suggest that you do not update your website as any new changes will not be carried over to the new server. We will start moving your server in a day or two and we will tell you when it is done and then we will tell you to change your DNS record so that your domain can point to the new server. You can start updating your website when your website domain completely resolves to the new server - it takes about 48 to 72 hours.

What will you get out of this?

To compensate for the inconvenience that this move will cause you, we have decided to host your website(s) free for six months. Even if you have not paid for your website hosting in time, we will not count the unpaid months. We will start billing all DirectAdmin hosting accounts on July 1st, 2008 - take this as our Christmas gift for you

Note that this site transfer and the above bonus do not apply to sites hosted elsewhere.

This morning, Saturday, November 24, the Housing provider for our DirectAdmin server datacenter, GlobalConnect, lost some of its power which affected large parts of the datacenter.

GlobalConnect is delivering the datacenter power which include A and B feeds, UPS’s and Diesel generators as to prevent power outages. For some unknown reason the datacenter lost both the A and B feeds, no UPS’s or Diesel generators were activated, and for some unknown reason no alarms went off. As both the datacenter’s primary and secondary monitoring systems were randomly not powered, no alerts reached the datacenter when the outage happened.

The datacenter considers this incident a very serious issue. We just got an email from them and saying that they will investigate this issue very, very carefully with GlobalConnect to make absolutely sure that a similar incident cannot happen in the future.

GlobalConnect is currently working on a report that will reveal the causes and the solutions.

If your site is hosted on our DirectAdmin server, please accept our sincere apologies. Note that the cPanel server is not affected by this power outage.

For the past few weeks our DirectAdmin server was experiencing a very high CPU load on a daily basis. Initially we thought it was caused by the ever increasing problem of email spamming. Then we found that it was caused by a MySQL database. Yesterday we installed a diagnosing script on the server and this script helped us pin down which database was causing the problem.

It turned out to be a database for a guestbook script that the site owner installed and then abandoned using it. That was an advanced guestbook script that used a MySQL database to store the guestbook entries. However, the owner of the website did not remove the script and the database that was associated with it. This out-of-date script left the door open for hacking.

We have removed the problematic script and its MySQL database last night and now the server has been monitored and is seen very stable ever since. While we continue monitoring the server performance, we have the following suggestions for all site owners:

1. Check all the third-party scripts you have installed on your website. Make sure they are up to date and if not, please upgrade to the latest version.
2. If you are not using any of these third-party scripts, please remove it - make sure you remove both the script folder and the MySQL database that is associated with it - if there is one.
3. Do not set any sub-folder’s permission setting in the public_html folder to be 777 - this means that anyone out there can upload, write into it and execute any files in it and leave a door wide open for hackers. If we do need to set the permission setting for any sub-folder to 777 for testing purposes, remember to set it back to 755, which is the default folder setting that works for almost all scripts. Note that, if the script you are running is written in PHP rather than Perl/CGI, the default permission setting of 644 for most files and sub-folders is more than enough. If you need to set any upload folder to be writable, set it to 666 rather than 777.
4. If you want to install any third-party script, we highly suggest that you do it using the script auto-installer that is available for you - it is Installatron for our DirectAdmin servers and Fantastico for our cPanel servers. Please learn more about these script installers by clicking here. The nice thing is, any third-party script you install through the auto-installer can be easily upgraded by simply clicking a link from the installer’s control panel - no hassle, no need to manually do anything. Just a mouse click and the installer automatically upgrade any script that was installed earlier through the installer.
5. If you run a forum or blog script on your site, make sure you tighten the security for it, for example, ask your guest to register and login in order to add comments or reply to any posting thread.

To ensure stable performance for our servers, we reserve the right to remove, without notice, any third-party script that has been found hacked. We will try our best to backup a copy of the script/database to be removed in case of a false alarm.

If your site is hosted on our DirectAdmin server you will notice that the junk mail sent to your domain’s inbox get reduced by 90% or more. Why? Because we have installed SpamBlocker2 on the server level which identifies existing email spam signatures according to several common blocklists as listed here:

http://www.selfwebhosting.ws/emailblocked.php

BTW, that is where a legitimate email sender will be sent to when his or her email address is falsely identified. This way a legitimate user can send us a request to unblock the falsely identified email address - this may mean we add that email address into our whitelists or remove it from our blacklists.

Note that we achieve about 90% spam reduction without blacklisting any email or email domain on our local server - we are simply using those popular third-party blocklists.

To further tighten up our DirectAdmin server, we have installed mod_security which monitor HTTP traffic in real time to identify malicious activities.

With these measures employed, CPU usage by malicious activities can be cut down to the minimum so that your website loads much faster than before.

If you have any concerns regarding these measures, please let us know by sending us a support ticket at our helpdesk

Because the ever increasing problem of email spamming, we have decided to fight it on the server level. Why?

Because the spammers use all kinds of ways to send to any site hosted on our server - that is the case for any server. They do not have to know your correct email address to do this. Consider this….

Once you register a domain name, your contact information is listed with your domain name unless you hide it through a special private service that you have to pay extra to get. Your domain name and your contact info are there and anyone can access them using the whois request. They can harvest your other email addresses by searching for any text like “user@yourdomain.com” on your page - so do not put your email in text format anywhere on your website. They can sell your email address to others.

However, that is not the worse part for us, the web host. The worse part for the server is that they can use scripts to flood the server with emails sent to a non-existing email address at your site such as “whateverusername@yourdomain.com”

Their scripts can use a dictionary to come up with the part in front of the “@yourdomain.com” - they keep trying until the spam gets delivered.

Yes, you may not receive all these spam emails if you have disabled your catch-all email. But still the server has to take the load. And most of the times, the server hangs under heavy load and we have to reboot the server when this happens. Recently rebooting our servers become a daily task. Yesterday it complete crashed our server - if you expect to receive email from anyone yesterday, ask them to send it again.

We have decided to fight back!

On our DirectAdmin servers, we installed the SpamBlocker maintained by Jeff Lasman to fight spams headon and we have enabled it for all sites hosted on our servers.

SpamBlocker will check each email coming in and block it if the sender’s email address or the domain hosting that email is recognized by us or several third-party “blocklists” - we block it right away by bouncing a warning email with a subject “Mail delivery failed…” If the sender is indeed a legitimate client of your website but somehow his or her email has been blacklisted by one or several of the blocklists we use, he or she will find in that warning email a link to this webpage:

http://www.selfwebhosting.ws/emailblocked.php

and request to unblock his or her email address from our servers.

Let us know how this works for your site(s) hosted with us. Send us the email addresses that are blocked but you believe legitimate.

We have just installed RoundCube - a new multilingual IMAP webmail client.

To use it, just type access yourdomain.com/roundcube

Note that this web application is still in this beta stage. Learn more about this new webmail from here: http://roundcube.net

Tuesday, January 16 starting at 6:30 to 7:30 PM (Mountain Time), the datacenter is going to upgrade their network. During this service period short instances of slow connectivity or momentarily loss of connectivity might occur.

Currently, they are in the process of expanding and consolidating the entire infrastructure and network by adding 2 more carriers and implementing more infrastructure hardware. We will keep you posted.

We are going to upgrade the support and billing script that is installed at http://www.selfwebhosting.ws/orders stating from 23:00 MST (Mountain Standard Time) tomorrow (May 18, 2006). We expect the upgrade process to take about 30 minutes to complete.

During this time no new orders can be taken and the entire client billing and support area will be taken offline. If you need to contact us, please write to “support AT selfwebhosting.com” during this time. We apologize for any inconvenience that this upgrade may cause you.

Note that this script upgrade will not affect the operation of our servers whatsoever. So you will not see your site down during this time.

We just learned from Esate-Virtual.com/MegiWeb.com that they are going to close part of their business that is assoicated with Estate-Virtual.com - MegiWeb.com is operating as usual.

Since some of our clients have their domain names registered with Estate-Virtual.com, we would like these owners to transfer your domains to us because of the following benefits:

1. You remain to be the owner of your domain(s);
2. Yet we are responsible for making sure that your DNS settings are set up correctly and resolved to the server that is hosting your website(s);
3. The transfer fee is as low as $12, which includes automatic one-year extension from the currrent expiry date of your domain(s).

To start the domain transfer process, please click the following link:

http://www.selfwebhosting.ws/orders/transcheck.php

Although you can transfer your domain(s) to MegiWeb.com or any one of the registrars out there, you (not we) will be responsible for the DNS settings to make sure your domain(s) point to our server correctly.