WordPress Vulnerability Secured

Posted at February 21, 2018 at 8:46 am by Ylber Popaj

 

WordPress Vulnerability

The month of February brought yet another scare to the hosting world. A WordPress vulnerability was exposed which allowed hackers to initiate what is known as a denial of service (DoS) attack on ones website. Ultimately, under a DoS attack, your website becomes unreachable by anyone including you. The technical understanding of performing the DoS attack is rather simple.The flaw begins under the well-known “/wp-admin” directory. Every WordPress site is assigned this path as an administrative source. It was discovered that while loading this path there exists a script which fetches a number of JS/CSS files. This can be a heavy load on the server when performed repeatedly. Of course, DoS attacks found their roots and hackers began exposing this exact flaw. Due to its simplicity, the population of attempts are greatly increased and essentially adds more to the scare. Fortunately, any downtime is not acceptable by InterServer.

InterServer Response

InterServer was able to mitigate these attacks through mod_sucurity. Therefore, it is NOT possible to exploit this on our shared hosting services. While there is an alternative for individuals who may not have their site hosted with InterServer, it is not guaranteed success. The alternative is to modify the “/wp-admin” as a sub-directory which will free you against common WordPress admin scans.

As an InterServer customer, you can rest assured that your WordPress site will be safe from the newly exploited DoS attack flaw.

InterServer Patches Meltdown And Spectre

Posted at January 12, 2018 at 12:07 pm by Ylber Popaj

 

InterServer takes customer security with pride. Hear our story on how we tackled the recent security scare which targeted end-users nation wide.

 

What is Meltdown and Spectre?

You may have heard of terms like Meltdown and Spectre in recent tech news. Both exhibit a hardware vulnerability exposed by a small team in Austria. Through software, both are able to access private data on a server, but how is this possible? The vulnerability begins at the most inner core of a computer, the Central Processing Unit (CPU). By observing micro processes and transactions, these programs were able to access other parts of the computer that may not be relevant to the actual programs running. For instance, e-mails, files, browsing history, etc. were all subject to vulnerability.  While the technical understanding of Meltdown and Spectre is extremely high level, it is important to understand that InterServer took immediate action.

 

InterServer Reacts

InterServer CTO, John Quaglieri kept up to date with all Linux distributions and their kernel updates that would directly target Meltdown and Spectre. Fortunately, John was able to update our Linux machines immediately and efficiently to ensure that all data is secure. From our Shared Hosting to VPS, all kernels have been updated up to par based on their respective Linux distributions. He allowed our customers to keep track with his progress in a frightening situation by logging any updates on our forum page.

 

Forum Posts

Here is the forum URL link which tracks any updates regarding Meltdown and Spectre in InterServers infrastructure – click here.

BitCoin – To Bit, or Not To Bit

Posted at December 18, 2017 at 5:25 pm by Ylber Popaj

In recent news, you may have noticed the subject popularity on Bitcoin. The following questions may come up,

  •       What is BitCoin?
  •       What is Cryptocurrency?
  •       How can I earn Bitcoin?
  •       How much is it worth?
  •       What’s the hype about?

We will help you get a clear picture of the internet currency without getting into the nitty gritty details that may confuse most people.

What is BitCoin and Cryptocurrency?

Firstly, Bitcoin is an internet currency or better known as, a cryptocurrency. It offers a way to make transactions without the common use of the U.S dollar. A fair comparison would be to having your wallet full of cash and harddrive full of bitcoin. In both scenarios, you possess a currency worth some value. Right now, one bitcoin is worth 16,207 dollars. Other companies exist that offer cryptocurrencies, a few of them being : Ethereum, LiteCoin, Neo, Monero.

How can I earn Bitcoin?

Unfortunately, Bitcoin isn’t offered as an hourly wage nor can you earn it through a typical job. There are two ways it is possible to acquire Bitcoin:

  1. Trade other currency (like the U.S Dollar) for Bitcoin.
  2. Use your own computer/server to mine for Bitcoin rewards

The first option is rather simple. You trade 1 Bitcoin for 16,207 dollars. In 2009, you were able to purchase 5,000 bitcoins for as low as 27$.

The second option is where the Bitcoin story gets complicated. For simplistic reasons, we will keep the explanation concise and to the point. You may have heard of the term ‘mining’ related to the technology field. When pertaining to Bitcoin or a cryptocurrency, the term mining isn’t what we might initially imagine. Instead of digging into the Earth’s crust in hopes to find some Bitcoin, we dig deep into CPU utilization. Powerful computers solve Bitcoin designed ‘problems’ or ‘equations’. As a reward, Bitcoin assigns a bitcoin to the host who solved the equation. The entire process has a snowball effect. The more value a Bitcoin gains the harder the equations are to solve.

So, now that we know what Bitcoin is, what is all the fuss about?

The hype begins around the fact that the new currency is completely unregulated by government agencies. While it is bannable by governments, it is not regulated. A major component of Bitcoin popularity is also the delicacy of Cryptocurrency and its worth. It’s like taking a gamble. Dedicating time, money, and effort to gain Cryptocurrency can profit in thousands to millions of dollars while in some cases, very little to none.

In most recent news, Bitcoin proved to be a very profitable business as its value skyrocketed in just a few months.

To Bit, or Not To Bit?  That is the question.

Unfortunately for the common consumer, investing in Bitcoin is not so realistic anymore because of its value. As previously stated, today, one Bitcoin is worth 16,207 dollars. So, to invest in Bitcoin at its current value is rather pricey. If you are just learning about the hype-train, it is unfortunately a little late to hop on. This doesn’t mean that you can’t explore other cryptocurrencies. Other companies still compete with Bitcoin and have proven their potential of exponential growth in the following years.


While the Cryptocurrency world is still very unpredictable, it is important to consider its expansion and potential. Keep an eye out and enjoy the evolution of Cryptocurrency unfold!

Make Magento 2 Faster in 5 Easy Steps

Posted at December 13, 2017 at 6:33 am by Ylber Popaj

Magento 2 is a complex and highly configurable eCommerce platform. It supports endless level of customization.  It lets you create a website with almost any functionality you can think of.

The price you pay for such a flexible eCommerce solution is performance. Magento 2 (M2) might be quite slow. I am sure you have seen people on the web searching for ways to speed it up.

I am going to share with you my 5 easy steps to fix a slow M2 site. You don’t need to have programming skills to implement them. Follow me.

  1. Perform 3rd-party Extensions Audit.
  2. Upgrade Hosting Plan.
  3. Use Production Mode.
  4. Disable JavaScript bundling and enable HTTP/2.
  5. Enable Full Page Cache and Varnish.

1. 3rd-party Extension Audit

Magento 2 functionality could be extended with custom 3rd-party plugins. You can develop your own extensions or buy them from various vendors. Most plugins are poorly coded. Unlike Magento core which was written by experts, custom extensions are coded by average programmers at most. With average skills and no appreciation for performance benchmarks. It is no wonder some 3rd-party extensions slow down a Magento 2 site. You need to do an audit to identify those plugins that affect site performance.

First get a list of all custom extensions. Go to Magento backend menu Stores > Configuration > Advanced > Advanced. You will see an output like this:

Those are all extensions that are installed on your Magento 2. Ones that start with Magento_ are core plugins and you should ignore them. Others are 3rd-party modules. Copy them to a special list ‘Custom Extensions’Now go through ‘Custom Extensions’ list and disable modules one by one. How do you disable a module? You will need SSH (Secure Shell) for that. Use SSH to login to the server and navigate to Magento root folder:

      cd /path/to/magento/root/folder 

Then issue a command to disable a module:

     php bin/magento module:disable Vendor_ModuleName 

After you disable an extension benchmark site speed. You can use an online tool WebPageTest.org.  Do you see a difference in page load time? If you do than that plugin is an abuser. Contact its vendor and ask for help. Or uninstall it or find an alternative. If there is no speed difference move to the next plugin. Sooner or later you will find a few extensions that are performance hogs.

2. Upgrade Hosting Plan

Magento 2 requires powerful hosting to deliver decent performance. If your M2 is running consistently slow it might be just screaming out loud – I need more CPU and RAM!

Here is a simple trick I use to determine whether a poor hosting plan is the reason for poor M2 performance:

  1. Download a fresh Magento 2 copy. Pick the same version you are currently running.
  2. Install and setup the fresh M2 copy on your hosting.
  3. Compare the fresh M2 performance versus the live site performance. You can use sites like WebPageTest.org to measure speed metrics.
  4. If the fresh M2 speed is significantly faster – your host is OK.
  5. If the fresh M2 is as slow as your live site – you need to upgrade the hosting plan. Get more CPU and RAM, make sure you use SSD.

If you find out you need a better hosting plan – contact your hosting company and ask for one. If you were using a shared plan – go with VPS. If you were using VPS go with a dedicated server. Explore your options.

3. Use Production Mode

There are three Magento 2 modes: default, developer and production. Magento 2 is designed to be fast only in production mode. You might be surprised how many M2 sites are slow only because they are in developer mode. The reasons vary: a developer forgot to switch M2 to production, a data entry specialist turned on developer mode for testing purposes and never turned it off. You need to make sure you run M2 site in production mode only. You can find out what mode you are in now by running this simple SSH command inside Magento root folder:

       php bin/magento deploy:mode:show 

You can turn on production mode with this command:

     php bin/magento deploy:mode:set production  

4. Disable JavaScript bundling and enable HTTP/2

This performance tip relates to known “feature” of Magento 2: if you enable JavaScript bundling your bundled JS file will be over 5Mb. Here is a bug report on GitHub https://github.com/magento/magento2/issues/4506.

5Mb file will kill M2 performance on slow mobile networks. You need to avoid that. Do not use JavaScript bundling option. It is not worth it. Go to Magento 2 backend menu Stores > Configuration > Advanced > Developer > Enable JavaScript Bundling and set JS bundling to No.

 

If you disable JavaScript bundling your frontend pages will request lots of individual JS files making lots of HTTP requests. That might be considered as a slow factor but only with HTTP/1.  Here comes HTTP/2. This protocol was designed to make sites with lots of HTTP requests fast. It does that and many other performance optimization tweaks that make M2 deliver decent performance.

Contact your hosting and ask if they support HTTP/2. Let them enable HTTP/2 for your Magento 2 store.

5. Full Page Cache

Magento 2 comes equipped with Full Page Cache. It means M2 can cache whole pages making time to first byte (TTFB) for cached pages around 500ms i.e. half a second. This is good news.  You need to make sure Full Page Cache is always on. Go to backend menu System > Cache Management and double check.  You might be surprised to see all your cache disabled. Your developer might have turned it off for testing purposes and forgot to put it back on. No wonder you are experiencing performance problems!

Magento 2 supports Varnish out of the box. Varnish is a special software that caches and serves static content. It helps with making TTFB as low as possible. Contact your hosting support team to have Varnished installed and configured on your server.

You can enable Varnish for Magento 2 Full Page Cache at backend menu Stores > Configuration > Advanced > System:

 

Summary

Those were my 5 tips to speed up Magento 2. They are field-proven and tested. I used them many times to optimize performance of slow M2 sites. I hope you find them useful.

About the author: Konstantin Gerasimov is a Magento Certified Developer with Goivvy.com. He specializes in backend development, speed optimization and extension creation.

 

Interserver partners with blog vault to feature migrate guru

Posted at November 17, 2017 at 8:17 pm by Stacey Talieres

  •  What is BlogVault and Migrate Guru?

BlogVault is a backup & security service that allows for daily and real-time automatic backups. It also provides malware scanning and one-click malware removal. BlogVault continues to deliver for customers with their extended features which offer Dedicated staging, Auto Restore, Test Restore and Migration; four very critical features that perform efficiently and heroically. To seal the deal, BlogVault designed Migrate Guru, a host-agnostic WordPress migration plugin! Here’s how it works.

  • Why InterServer showcases Migrate Guru?

InterServer recognizes BlogVaults’ extremely valuable usage in the WebHosting industry. By sharing common goals, to deliver a quality environment for customers, InterServer found this as a perfect opportunity. While a majority of Shared Web-Hosting Package customers download or actively use WordPress, Migrate Guru offers a great addition to their experience.

How It Works and Benefits of Using Migrate Guru:

  • Migrate Guru works under a simple and quick three step operation:
    1) A user must select a migration destination. An example would be, a Web Host you are moving your site too.
    2) Enter the requested details and fill out the form.
    3) Click ‘Migrate”. With a single click, your migration begins. It’s that simple!
  • Benefits of Using Migrate Guru:
    1) Migrations done 80% faster
    2) Any Size, Any Site – Migrate sites upto 200 GB in size with ease
    3) Guaranteed zero downtime, zero troubleshooting
    4) Migration to Any Host
    5) Completely Free

When to Use Migrate Guru?
The number one case scenario when to use Migrate Guru is when migrating to a new host! You may have an entire file system that you would like to transfer over but might not want to go through the technicalities of using FTP. Transferring files, especially in mass amounts, can easily become super stressful. That’s when Migrate Guru comes in. The process becomes easy and it’s completely free. InterServer proudly features this as part of our additional apps on our Standard Web Hosting Package.

 

Please refer to following links https://www.migrateguru.com/ & https://blogvault.net/ for more information regarding these valuable tools.