Two Factor Authentication: A Security Must-Have

Posted at June 18, 2018 at 8:13 pm by Ylber Popaj

Two-Factor Authentication

Two-Factor Authentication is a super effective and easy to setup security measure. This cPanel feature provides an additional layer of security by requiring a code authentication upon a successful login attempt. So, after logging into WHM with the correct username and password, you would be prompted to input a code generated by an authentication application like Google Authenticator. In this blog post, we will help you activate Two-Factor Authentication and explain the benefits of using it.

 

1) Setting Up

The initial process begins in your Web Host Manager (WHM). In the search bar located on the left panel of the page you should type “Two-Factor Authentication”. Click on the Two-Factor Authentication tab and proceed to click “Manage My Account”.  You will be prompted for a step by step guide that looks like this:

 

You will then need an authenticator application installed. In this specific example we used Google Authenticator on a mobile device. The application will offer a “Scan Barcode” option of which you would scan the barcode displayed on WHM. Once scanned, the authenticator option will present to you some information about your service along with a temporary authentication code. Use this code to fill out the steps on WHM and you will see:

The status is then set to configured and your Two-Factor Authentication (2FA) is active! Try logging in and you should be prompted the following:

 

1) Benefits of Using 2FA

The major benefit of using Two-Factor Authentication is more security. Security is extremely important when it comes to protecting data. 2FA offers a solid solution to a worst case scenario; if your password was stolen. Generally, if your password was stolen and cracked, the hacker would have full access to what is in your account, assuming they have cracked the root or admin user password. With 2FA active, a hacked password is not sufficient enough for a hacker to access your information/data. They would physically need the device setup with your 2FA account to view the generated security code. This feature makes it extremely difficult and almost near impossible to hack your account via WHM. As a team devoted to making your online hosting journey the best it can be, InterServer highly recommends the use of Two-Factor Authentication on any cPanel/WHM accounts.

VPS Management Made Easy

Posted at June 13, 2018 at 1:22 pm by Ylber Popaj

VPS Management Made Easy: Why You Should Use a Control Panel

Without a GUI, servers must be configured and operated through SSH, which requires extensive knowledge of command line syntax.  Control panels provide a centralized and intuitive way to manage your servers.

Bread Basket, which is included for free with InterServer VPS plans, take the tedium out of having to type line after line of commands — after all, webmasters are humans, not robots.

InterServer’s customized control panel is designed for maximum usability and cost savings. While competitors often charge additional fees for control panel access, Bread Basket allows users to easily deploy hundreds of cloud applications at no extra cost. Between our flexible pricing model and Bread Basket’s versatility, there’s a perfect VPS for every need.

Suitable for running both websites and applications, our virtual servers are well-received within the hosting community. With Bread Basket, we are able to provide a more intuitive, secure, and versatile control panel that significantly lowers the barriers of entry to cloud VPS management.

How Bread Basket Differs from cPanel and Plesk

One of the most popular control panels on the market, cPanel is designed with beginners in mind. The Linux-based interface dates back to 1996, making it one of the earliest server control panels available in the hosting market. Like cPanel, Bread Basket was created with simplicity in mind. On the other hand, Bread Basket relies on fewer resources and is specifically designed to work with our servers, allowing users more freedom and capabilities for management. For customers switching over from cPanel, a comprehensive guide for importing archives can be found here.

Another widely used control panel, Plesk allows for improved instance clustering for both Windows and Linux systems. Because of the compatibility with Windows, Plesk is favored by many webmasters and ASP.NET developers. At the same time, less-experienced users may be intimidated by its text-heavy interface, as well as the premium price other hosting providers often tack on the platform.

In short, Bread Basket is for those who want to save money and need a more beginner-friendly way to streamline website management and application deployment.

Bread Basket is designed for easy scaling, allowing you to add and manage multiple servers directly from the interface. You can also add additional storage and RAM with a few simple clicks. Best of all, Bread Basket is web-based and therefore compatible with your favorite operating systems, including Debian, Windows, and Ubuntu.

Remote Desktop Protocol and GUI for Virtual Servers

Remote desktop access allows users to connect to servers directly. Similar to operating a virtual machine, users can access the server’s desktop from their own computer using a secure protocol. This also enables access to the server’s terminal, granting webmasters more liberty with licensed apps than when using a VPN.

Microsoft uses a proprietary protocol known as Remote Desktop Protocol (RDP), which powers Bread Basket’s VNC application. Our VPS customers — regardless of chosen OS— can access VNC through the control panel, which uses the browser-based HTML5 VNC client.

In addition to being OS-neutral, the HTML5 VNC also allows users to copy and paste from sessions, as well as print pages to a PDF file. As the client is still a new release, Microsoft plans to add additional features in the near future.

Performance Boosts with Frameworks and Web Servers

Implementing HTML5 VNC is just one way we try to incorporate innovation and user empowerment into our platform. In terms of hardware, our infrastructure is built using high-performance CPUs and speedy SSDs. As for Bread Basket, a wide range of frameworks and web servers are available to make running your website or deploying your apps a breeze.

With Bread Basket, users can choose from more than 10 frameworks, including CodeIgniter and Bootstrap. Popular with PHP developers, CodeIgniter is a lightweight and agile framework that allows for easy PHP script debugging without a large footprint. Meanwhile, Bootstrap is well-suited for the mobile market and uses HTML, CSS, and JavaScript. With an extensive library of resources and extensions, Bootstrap makes it easy to develop applications from scratch using templates and design elements for buttons and forms.

Web servers such as Apache, NGINX, and Lighttpd include a number of optimization features to streamline the development and deployment of your web applications. For example, Apache’s Sendfile operation can bypass individual read and send instructions when transferring a file. As for NGINX, the web server excels at handling concurrent connections through an asynchronous, event-driven architecture.

Secure Cloud Backups and Easy Application Installs

Many people prefer to use the cloud when creating and storing backups — and with good reason. Cloud backups through Bread Basket provide peace of mind via redundancy and secure access protocols. Users can easily create and manage backup images from within the Bread Basket interface, keeping data safe no matter what. Automatic weekly backups are also available.

Bread Basket also features a massive library of more than 300 apps to choose from. These run the gamut from content management systems and eCommerce platforms to forums and wikis. Bread Basket uses one-click installs and automatic updates for each of these apps, taking the guesswork and tedium out of maintaining your VPS. Combined with our nearly-instant provisioning, this means you can have your server up and running within a matter of minutes.

We give customers full root access, which lets you optimize your VPS with customized software. Bread Basket is anti-bloat, meaning you get all the apps you want without being bogged down by pre-loaded ones. Multiple options are available for every application category, allowing you to freely install your favorites.

How InterShield Works

Posted at April 18, 2018 at 3:46 pm by Ylber Popaj

You may have become familiar with our InterShield blog posts. It has become a special security series of ours which serves of high importance to us and our customers. Due to its ongoing success and popularity, we have decided to describe the step by step process of which InterShield follows.

A request to access a website comes in, someone has entered http://domain.com into a browser.

Step 1: Check IP address against known blacklists

Using litespeed web-server and the RBL rule, interserver queries our own internal RBL blacklist. This blacklist contains known bad ips; ips that have been blocked for bad activity, hacking, uploading malware and a number of other activities. The RBL updates frequently, removing IP’s that have not been seen in a while and ensuring good bots like googlebot are not blocked. The request is made without a slowdown, and the request is cached so the lookup doesn’t need to happen again for some time.

Note: If the IP is in the RBL, we log the request for review later, and deny it. Otherwise the request passed.

Step 2: Check for known hacking strings

Using request filter in litespeed, we quickly process rules without causing a delay from Atomic Got Root, a commercial mod_security ruleset, as well as interserver’s own internal rule. These update frequently and by using litespeed the rules process extremely quickly and do not cause a request delay. If the request is blocked, we log the request for review later, note the IP address that was blocked and deny it. Otherwise the request is passed.

Step 3: Check for post content, such as uploads

Any request with a post content is scanned quickly by Clamav using a cluster of servers to quickly scan the request. This will either return a pass or fail result. If malware, is detected we log request and ip for review later, otherwise we pass it. To speed up the request further a checksum of the file is used first, and if the file has been scanned before the file does not need to be scanned again. Finally, the request is sent for processing. Scripts, like PHP scripts, have secondary rules that also scan the file as running if it is not a known file checksum to search for potential malware that may exist in an account already. Notices are sent the account owner through the contact email set in the contact section of the control panel.

Further protection:

Under cpanel, all accounts are isolated from each other. No account can see the files, process or memory – including temporary files of another account.

InterServer Exlusives: Addon domains are further isolated from each other with in the cpanel account.

Additionally the option for dropping PHP privileges is available so that the php scripts being called can not modify files with in your own account.

 

7 Features That Show Your Shared Hosting Plan is Secure

Posted at April 3, 2018 at 1:05 pm by Ylber Popaj

With massive data breaches hitting the world’s largest brands, website owners may often wonder how well they’d fare against online threats: “If global corporations are having trouble keeping up with web security, how could I stand a chance?”

Fortunately, online security isn’t restricted to the wealthiest, most high-traffic sites. Web hosting companies protect themselves and customers by locking down every possible aspect of their infrastructure and clients’ environments. Here are some of the most common tools reputable hosts will offer customers:

  1. Web application firewalls
  2. File upload and script scanners
  3. Malware and antivirus detection
  4. Email monitoring and protection
  5. Regular automated backups
  6. SSL certificates
  7. Reduced PHP permissions

Fortunately, InterServer includes all the above with its standard shared hosting plan. All but the SSL certificates and backups are part of the company’s five-prong InterShield security platform, which was introduced less than a year ago. Here’s more information on the features used to protect site owners, their sensitive data, and their online properties.

1. Web Application Firewall

Slightly different from firewalls that filter traffic to and from networks, web application firewalls (WAFs) introduce specific requirements for visitors to communicate with a host’s servers. WAFs are tailored to protect particular vulnerabilities common in the programs used to operate and manage web hosting environments.

Experts behind many InterServer reviews praise the company for the all-hands-on-deck approach the company takes with security. Co-Founders Mike Lavrik and John Quaglieri still oversee the InterServer datacenters, including network security. The company enables the open-source ModSecurity web application firewall to add another layer of protection for its customers.

InterServer’s web application firewall is particularly focused on preventing cross-site scripting and SQL injections, two common vectors where attackers will inject code, execute scripts, or compromise databases within a hosting customer’s website environment.

2. Scans and Monitoring

In addition to inspecting and filtering the traffic coming to and from the company’s servers, Interserver’s standard shared hosting plan includes the file uploading and script scanners that prevent malicious code or programs from entering a customer’s web environment.

Website owners can unknowingly upload files that contain malware, a broad term that covers the range of unwanted or dangerous code. To avoid that, InterShield will scan every uploaded file for certain detectable characteristics of malware. InterServer regularly updates the scanners to account for the rapidly changing threat landscape.

Similarly, InterServer will inspect the various scripts running on its servers for signs of malicious attacks. Scripts are essentially behind-the-scenes programs that automate various tasks that make websites more visually appealing or quicker to load. The company constantly scans servers, looking for any malicious scripts that could compromise website performance or security.

3. Regularly updated malware detection

Given how quickly attackers can adjust their methods of infiltrating a web hosting server or unsecured website, hosting providers need to remain constantly vigilant to the trends and behaviors of those criminals.

InterServer maintains a constantly evolving database of more than 155,000 examples of malware scripts, documenting each specific malicious signature and making them easier to detect and turn back. What’s more, the company transparently reports real-time information on the malware InterShield finds.

Shared hosting customers are particularly vulnerable to malware, given the audience’s general lack of technical expertise and not being aware of the best security practices. What’s more, with so many customers sharing a server, multiple users can fall prey once an attacker gains access to one compromised website. InterServer recommends that shared hosting customers remain vigilant and active when it comes to updating the software components they install — this includes WordPress, eCommerce shopping carts, plugins, and other services.

4. Email security

Although most people think of phishing and Nigerian princes when it comes to threats to email security, secure and protected communications can have a major impact on shared hosting web performance. Accounts discovered to be sending spam or bulk emails may get a server listed on a blacklist, which blocks the delivery of all emails sent from that server or IP address.

With many hosting customers sharing server space, email security is incredibly important — if one account gets blacklisted, hundreds of innocent users can no longer trust that their communications are reaching recipients. Those effects can be devastating for any site owner, but they are especially harmful to businesses relying on email marketing to build and reach their audience.

InterServer guarantees email delivery by checking the content of outgoing email messages against a database of known spam signatures. The characteristics of spam content listed in the database are updated in real time to stay ahead of malicious senders. Unusual or dangerous activity from an account will likely trigger rate limits or sending quotas, or perhaps that user will be blocked from sending outgoing messages.

5. Backups

Included free of charge with every InterServer shared hosting plan, automated weekly backups protect your data in case of an attack. The company keeps at least three copies of site owners’ archived files for at least 60 days, giving customers peace of mind that their data will remain protected in the event their server or environment is compromised.

Additionally, the company’s storage (driven by much faster solid-state drive caching) is assembled in a RAID-10 configuration for added redundancy. RAID-10 arrangements require at least four storage disks and combine disk mirroring and striping to protect data; as long as one disk in each mirrored pair is functional, site owners’ data can be recovered.

6. SSL Certificates

Separate from the InterShield protections, shared hosting customers can enjoy free access to SSL certificates. The perk actually relies on the more secure TLS protocol that uses HTTPS to privately and securely transfer data between a web server and a visitor’s browser. The difference between SSL vs. TLS protocols isn’t terribly important for most shared hosting customers, but the important feature signals to potential customers that your site is trustworthy and secure.

SSL certificates are becoming increasingly critical for all site owners and small businesses, as Google and other search engines give special SEO and user-interface treatment to websites using the secure connections.

7. Reduced PHP Permissions

Last on our list but among the newest InterServer security measures is limiting the actions website code and scripts can take when running on a server. Built with WordPress in mind, the company’s new PHPmmdrop feature prevents code from changing or uploading files and running processes.

Extra protections associated with WordPress websites can be especially beneficial to shared hosting customers who are less likely to understand website security and maintenance. Although the frequently updated WordPress Core is inherently secure, many attackers are able to gain access through poorly coded or outdated themes and plugins. Once the vulnerability is discovered, attackers can add code that compromises the website with malware. PHPmmdrop takes away that threat by restricting file uploads to only the approved administrative users when they’re logged in.

As you can tell, top-notch security is not limited to high-priced hosting or to those who know the ins and outs of technical configurations and web servers. At InterServer, customers can rest easy with the above features handling all the legwork of protecting your data.

InterShield Evolves

Posted at March 19, 2018 at 7:17 am by Ylber Popaj

InterShield Evolves

InterServer’s InterShield system is able to stop many attacks and updates daily based on new data including new possible malware, known exploits and other Common Vulnerabilities. However, sometimes even with all these a new type of malware comes up.

In a recent case a site was redirecting to a pharmacy website but only when coming from a google search engine result. The site initially passed all scans of known vulnerabilities, the url did not exist in the code or database and it was reproducible. In this cases advanced debugging is needed. So xcache with trace was enabled which determined some interesting results. Follow this brief analysis and walk-through of our debugging process!

 

Debugging Begins

Starting here we load a normal WordPress file:

 

  •                     0.2006   18215480               -> force_ssl_admin() /home/xxxxx/public_html/
  •          fanxxx/wp-includes/default-constants.php:295
  •  0.2010   18242992             -> require(/home/xxxxx/public_html/
  •          fanxxx/wp-includes/vars.php) /home/xxxxx/public_html/
  •          fanxxx/wp-                settings.php:290

 

WGET

However, here the include is for a file not found in WordPress, so we continue to debug. We soon find that the URL being called was /privacy-policy/. We then execute a ‘wget’ to a remote URL. The wget then gives this information which does the redirect:

 

 0.4207 18334192 >=> ‘HTTP/1.1 200 OK\r\nDate: Fri, 02 Mar 2018 16:17:56 GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nX-Powered-By: PHP/5.3.3\r\nContent-Length:   82\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<location>http://med-shop24x7.com/site/search?q=finast&track=all-fancou</location>’

 

In the vars file we find:

  •           * @package WordPress
  •           */@require_once(‘class.wp-includes.php’);

 

The @require_once is hidden after a comment.

 

Debugging Ends


End Notes

Using this data the our staff was able to  to create virus signatures in order to detect these. Class.wp-include.php signature is available at:

http://sigs.interserver.net/info?hash=7fee30e79473e63c6393adc6fa183a2036689e4d9b3317b25bf5166d77d23b6e.

InterServer’s virus db detects most common malware and is available from https://interserver.net​.  InterServer will continue to provide security updates to our customers so stay tuned for more on the expansion of our powerful InterShield.