All our forward facing servers were patched and TLS1.0 disabled as per PCI compliance guidelines.

As always you can put your Trust in DNI to provide you fast response to your PCI Compliancy issues.

After our vendors released OS patches we patched all servers immediately after. This includes all clients on our bi monthly patching service.

What is glibc?

The glibc library is a core part of the Linux operating system based on the standard C library. This is a critical library and without it Linux will not function.

If you would like to learn about the details of this vulnerability please visit https://community.qualys.com/blogs

We immediately began patching all managed servers on 4/8 as soon as OS vendors published their patches. Any virtual and dedicated server clients on Centos6.5,Redhat6.5,Cloudlinux6.5 are patched and notified about the security concern. If you did not get a notification from us this is because your server was not found to be vulnerable meaning your OS and Openssl version were listed as being safe from the HeartBleed bug.

All our shared hosting domains were not vulnerable at the time of the HeartBleed bug disclosure as our systems did not run the versions that were vulnerable.

If you have any questions. Please put in a support ticket and we will be happy to answer any of your concerns.

Validating a registrant’s email address

• Effective immediately, the registrant contact needs to be validated upon the purchase or transfer of a domain name, or if the registrant’s first name, last name or email address have been modified.

• Reminder emails will be re-sent on days 5, 10 and 13 within the 15-day validation window; messages on days 10 and 13 of this process are sent to the Admin, Tech and Billing contacts as well.

• The same process takes place if a WHOIS Data Reminder Policy (WDRP) notice, 30 day expiration notice or 5 day expiration notice bounce. It’s therefore crucial to ensure that your WHOIS data information is correct.

• Failing to receive a response within 15 days requires us to suspend the domain name. As a result, the name will be placed on ClientHold, rendering the domain name inactive.

• This process applies to all gTLDs. There is no impact to existing names as long as they are not modified, and WDRP/expiration notices do not bounce.

ICANN’s Registrant’s Benefits and Responsibilities.

ICANN’s site for registrant education.

On csf and apf firewalls add to the /etc/csf/csfpre.sh or /etc/apf/preroute.rules

#Attack on wordpress:

/sbin/iptables -I INPUT -p tcp –dport 80 -m string –string “Log+In&testcookie=1” –algo kmp -j DROP

Add this to your modsecurity2 rules:

<LocationMatch “/wp-login.php”>
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:313371
SecAction “phase:5,deprecatevar:ip.counter=2/30,pass,nolog,id:313372”
SecRule IP:COUNTER “@gt 1” “phase:2,pause:300,deny,status:406,setenv:RATELIMITED,skip:1,nolog,id:313373”
SecAction “phase:2,pass,setvar:ip.counter=+1,nolog,id:313374”
</LocationMatch>

And if all else fails you can block all wp-login.php in the main apache config :

<Files wp-login.php>
order deny,allow
Deny from all
</Files>

or chmod 000 all wp-login.php files:

For clients wanting to secure their wordpress login edit your .htaccess in your ftp folder and add the below with the ipaddress that need to connect to your wordpress login:

<Files wp-login.php>
deny from all
allow from xxx.xxx.xxx.xxx
</Files>

#note this command is for Hsphere clusters change the path to where your web files are located.

find /hsphere/local/home -type f -name ‘wp-login.php’ -print0 | xargs -0 chmod 000

If you have any further questions please dont hestitate to contact us.

One may ask what does a SoftLayer Certified Partner do?

While SoftLayer has a variety of Certified Partners, Dynamic Net, Inc. is a SoftLayer Certified Partner that specializes in server security and server administration.

Server security includes, but is not limited to hacker clean up, server hardening (securing a server against hackers), security audits, server migrations, disk clean up (i.e. /var partition full), mysql optimization, apache optimization, php optimization, trouble shooting high server cpu utilization, trouble shooting high server load, and much more.

Our U.S.-based, level 3, high skilled skilled staff work with cpanel, Parallels H-Sphere, and Parallels Plesk as well as Linux-based servers not running an automation system.

We do work on a contract basis with a deposit prior to any work being started; and once a client is under contract, can often perform new work on just a phone call or an email.

Most of our customers are small businesses that fall under the radar of what a government calls a small business (i.e. one to ten employees, often far less than a million in annual sales) where money is tight.

While we are far from cheap for our rates, we do bill fairly and can often finish tasks with higher quality and speed than a less skilled party who charges a lot less.

If you have servers with SoftLayer and need security and server administration services, please contact us to go over your needs.

We enjoy working on new projects and with customers building long term relationships.

I lost track of how many times I’ve heard that phrase or variations like it to justify business decisions whether it be employer vs. employee or business vs. customer.

If your focus is building and maintaining relationships, the “vs” should always be a red flag. If your focus is on the dollar, then you might miss the “vs.” part of the equation.

How many of you have heard the phrase, penny wise and dollar foolish?

May I propose to you that if you believe “This is business, not personal” when it comes to any relationship, you are losing more dollars than if you treat every issue as being very personal?

How much longer do relationships survive if you treat each one with loving care? That each decision and action are personal to the recipient; and, their feelings always matter.

What’s the life time value of your customers? Do you want that life blood to be extended for as long as possible? Then consider making it very personal in the right ways.

What are your thoughts? Please share them in the comment area below.

Let me share with you some tools you can use to save you time; and, still allow you to participate in the social media arena.

BufferApp has a free version, and an upgraded (paid) version.

BufferApp allows you to pre-schedule your posts to Twitter, Facebook, and LinkedIn.

Personally, I use the free version of BufferApp to schedule ten (10) twitter posts; and as the day goes by, I re-fill those ten so that come 8 PM at night there’s 10 posts ready for the next day.

TweetDeck, currently my favorite tool for Twitter gives you the ability to schedule posts far out (much more than the Buffer free version) along with keep track of various searches, your twitter inbox and more.

Another alternative, one that has a lot of flexibility but runs slower than a snail (even on a brand new computer, 16 GB RAM, Intel I7-2700 3.50 GHz CPU) is Hootsuite that beats out both of the above in that you can really get into managing and scheduling with a large number of social networks.

Oh, before I forget, if you get involved in twitter chats, I highly recommend TweetChat.

Now for time saving steps:

• Schedule out your tweets using BufferApp or TweetDeck or HootSuite.
• For Facebook, consider using scheduled posts vs. an application.
• For LinkedIn, while you could use BufferApp or HootSuite, I find it better to really go niche for what you post which means you will be posting more quality, less often. That means you often don’t need a tool to do it for you.

In the end, just like in the road sign picture — stay focused on building your business, and living your life.

Small Business Resource: Customer Loyalty 3.0: How to Avoid Getting Customer Loyalty and Social Media Backwards

Do you have tools or techniques you use to save time on social networking? Share them in the comments below.

The next time I get a phone call to go over hacker clean up, server hardening, server administration where the prospective customer is more concerned over the $100.00 per hour rate than the problem costing them customers and potentially their business, I hope remember to share with them this article.

Imagine reading Service Suspension – Ongoing unanswered abuse complaints thinking to yourself, the person is in a jamb…. I hope they get someone who can really help them (maybe we could, not sure), then later on reading the person who initiated the post also runs a “All you can Eat” (i.e. unlimited support tickets, unlimited labor time) server administration business where they advertise a long list of what they can do for you for just $15.00 per month. I guess, they are so packed with work they could not solve their own problems.

Imagine, for just $15.00 per month you “24/7/365 USA-Based Technical Support” plus “24/7/365 Server Monitoring (5 Minute Intervals)” of your servers plus “Guaranteed 15 Minute Response On Monitoring Alerts” and so much more… sounds like a great deal? Right?

Now, I’m sure if you did a study of people who have heard and even believe in the quote, “you get what you pay for,” or variations of it, the percentage would be high.

Yet, how many actually do their homework to determine if something is really to good to be true?

For example, would you know right away that $15.00 per month for 24×7 coverage 365 days per year with a guaranteed response time of 15-minutes and unlimited administrator work (i.e. unlimited hours of work per month) was a deal too good to be true?

What if they removed the word, “unlimited,” and only included one hour per month? Would it then be more realistic?

In order to answer that question, what’s the going hourly rate for a server administrator? For a security administrator?

In the United States, for a server administrator, the going hourly rate ranges from $30.00 per hour to $52.00 per hour; for security administrators, the hourly rate ranges from $38.00 per hour to $56.00 per hour. In both cases, that doesn’t include benefits.

If a company is saying you get just even one hour for $15.00 when the going rate for an experienced party is $30.00 to $38.00 at a minimum….. get the picture?

You might get marketing speak that the employees multi-task and can work on many tasks at the same time… but isn’t that like someone who worked 2,000 real hours putting down 6,000 billable hours?

What are your thoughts on this subject? Did you purchase time thinking the rate was good or even average only to find out you were taken in by a “too good to be true” event? Let us know your thoughts below.