We’ve received a lot of feedback from our customers regarding some of the aging features of our hosting plans, most commonly related to SiteStudio and ASP.NET.  We’re excited to announce two server upgrades that will address much of this feedback, resulting in a better experience for everyone taking advantage of these features.

SiteStudio Patched

As several of you know, our website creator, SiteStudio, has looked a bit rusty lately, with known compatibility issues with newer versions of popular browsers. Recently, our IT team released a patch to update SiteStudio’s compatibility with the newest versions of common browsers (Internet Explorer, Firefox, Chrome, etc). Before this patch, the ‘Rich Text Editor’ function didn’t work as you’d expect, and some users had trouble creating tables, even when other aspects of the Editor were working.  With the new patch, these problems are now fixed, and the Editor should be completely usable again for all of our customers. Thank you to everyone for your patience while we worked to resolve this frustrating issue.

ASP.NET 4.0 for CP8 and CP10 Windows Customers

Customers using our CP8 and CP10 control panels can now take advantage of ASP.NET 4.0. This is an upgrade from the previous version of 3.5 and will provide an up-to-date work environment for customers using our Windows platforms. ASP.NET 4 provides customers with the ability to use parallel extensions, new Visual Basic and C# language features, and code contract support. More information about the new features in ASP.NET 4.0 can be found here:

http://www.asp.net/learn/whitepapers/aspnet4

To find out the Control Panel on which your account is located, simply log into your account, click on the “Manage” button next to your hosting plan, and look for “cp#” in the URL in the address bar; “#” will a number between 2 and 12 (if you don’t have a number, you’re on cp1).  If you’re not on CP8 or CP10 and want to give ASP.NET 4.0 a try, contact our support team, and they’ll be happy to walk you through the process of migrating to a newer Control Panel.

We hope all of our Windows customers on CP8 and CP10 enjoy this new feature!

Have a great week everyone!

To check your IP address:

• Login to your account and click manage on your control panel.

• Click the domains icon.

• If a shared IP address is utilized, it will be displayed in the list.

facebook.com/ixweb

Check out our page to:

• Find Status Updates
• Discover Useful Articles
• Learn about Upcoming Events
• Become part of our online community

Like us on Facebook to be eligible for raffles and other prizes.

Before I go forward, I have to explain why this supposedly easy-to-accomplish task takes us so much time: the hosting platform we’re using (H-Sphere) is built as a do-it-all entity with it’s own version of ftp, Apache, IIS, mail-daemon, etc. You cannot just upgrade or modify something without risking to break something else in the process. Of course, this will change soon as we are building our own control panel, which I hope you will love, and which is going to be so much easier to manage from both user side and sysadmin side.

Back to the issue, we have been working on implementing FTPs for some time now, and now we have a “beta” version that we can introduce to you. We activated FTPs on all cp6 servers (web300 to web349). Please keep in mind that this is a testing version and if you find any issues with it we would appreciate your feedback. If everything goes smooth on our testing batch of servers, we will activate FTPs on all servers on CP7 and CP8 by the end of the month. Of course, I didn’t forget about CP1, CP2, CP3, CP4 and CP5. However, they are running an older version of hsphere, and it will take us longer to upgrade. My educated guess says “September 1st”.

I am always waiting for your comments.

/tibi

I will skip the sparkles and coloured baloons and I will get straight to the technical details: When you login into your FTP account, before you are allowed to log in, the ftp daemon searches in your home directory for a file called “ftp.allow” to see if your IP address is specifically allowed to log in. If the file is found, and your IP address is permitted, no other checks are performed. If your IP address is not found in the list of allowed IPs, or the file is not found, the daemon searches for a file called “ftp.deny”, to see if your IP address is specifically denied. If the IP address you’re trying to connect to matches one of the entries in ftp.deny (which can be ALL: ALL  that denies everything that was not already permitted), the access will be denied with the message “530 User ‘username’ denied by access rules”. If the file is not found, or if your IP address doesn’t match anything, your access will be permitted. In addition to that, webshell access is always permitted (so you could modify the ftp.access and ftp.deny if you denied your own access by mistake).

If you have ftp-subusers defined, and they have a home directory different than the main ftp user, they will not be affected by ftp.allow and ftp.deny in your home dir. If you want to restrict their access, you need to place similar files in their home dirs.

Both ftp.allow and ftp.deny can contain one or more of the following lines

ALL:  1.2.3.4 -> this will match against the IP address 1.2.3.4
ALL: 1.2.3. -> this will match against anything that starts with 1.2.3.
ALL: 1.2.3.0/255.255.255.240 -> this will match against any IP in the range 1.2.3.0 – 1.2.3.15
ALL: ALL -> this will match everything and anything

Both ftp.allow and ftp.deny files MUST end with an empty line. Simple, right? Well, let’s see some scenarios that you may want to try:

Scenario 1: Block everything, except IP address 76.188.2.141 which is my home IP address, and IP range 12.44.215.0 – 12.44.215.255 which is the range of IPs that I have at the office (this are not the real IPs, I invented them for the purpose of this example)

The file ftp.allow should look like this:

 ALL:   76.188.2.141
 ALL:   12.44.215.0/255.255.255.0

This will specifically permit access from the said IP Address and range. Note the file ends with an empty line. Now, to deny everything else, we create a ftp.deny file that looks like this:

 ALL:   ALL

Again, make sure you have an empty line at the end of the file.

An extended version of this scenario would be to completely disallow ftp access, except for the webshell access, and then your ftp.allow file will only contain an empty line.

Scenario 2: Allow everything, except the IP addresses that you don’t like (maybe because it was your ex-webmaster that now is trying to hack your site, or because you noted there are hackers that are trying to break into your site from those ranges, or whatever reasons you may have). Say you want to allow everything but block IP ranges 8.0.0.0 – 8.255.255.255, 176.162.54.0 – 176.162.55.255, 212.35.128.64 – 212.35.128.95 and 213.1.2.4.

Your ftp.allow file will only contain an empty line. So nothing will match, and ftp.deny will be checked. Your ftp.deny file will look like this:

 ALL:   8.0.0.0/255.0.0.0
 ALL:   176.162.54.
 ALL:   176.162.55.
 ALL:   212.35.128.64/255.255.255.224
 ALL:   213.1.2.4

Again, don’t forget the empty line at the end. An extended version of this scenario would be to allow everything (the situation you are in probably now). If that’s the case, you don’t need to do anything, not even to create this files.

If you have any questiosn, feel free to comment on this blog and I will gladly respond to your concerns.

/tibi

P.S.: Thank you Mike for spotting an error I made in the post. I corrected it now

In the past year or so, we have encountered quite a few hacking attempts of our servers. Customer data has been sometimes changed, and although most of the times we were able to clean the files, or restore the hacked sites, sometimes we weren’t capable of doing that. And that of course affected you.

After a long period where I read every ftp log and every httpd log available on servers, I came to the conclusion there are 2 main ways a hacker is currently able to get to a customer files:

• via cross-site scripting, taking advantage of poor written customer php scripts, or of outdated php applications like Joomla, osCommerce, and other like this
• via ftp, either after a brute-force attack where they managed to crack weak passwords (and I couldn’t stress enough how important is to have a strong password for your FTP accounts), or via other means (there are viruses out there and malware that will steal your ftp password, and for that matter all other passwords, like on-line banking passwords and such)

While I cannot do much about scripts that aren’t written well, and except for begging you to keep your php apps updated there’s no reasonable way to enforce it, I can help you with the FTP part. Our sysadmin team has built and implemented an extra module on our servers that will allow you to say “only this ip and this ip and this ip can upload files via ftp in my account”, or, for instance “this ip and this ip can NEVER upload files via ftp” (Or you can do nothing, and everything will remain as it is now). I have tested this module and it seems to work just fine, but I am not comfortable of releasing it before I can do some more extensive testing. I need you (our valued customer) to lend me a hand and help me test it.

If you’re interested in testing it, please comment on this post and I will personally contact you via email (so make sure you fill in the “email” field of the comment section with a valid email address), and I will explain what and how to test it. Oh, and one more thing… this feature is currently available only for linux plans.

Waiting to hear from you…
/tibi

We are happy to say that we didn’t notice an increase in chats or tickets during the time our phones were down. But from now on, if you need us, we’re available 24/7/365 via phone, live-chat or tickets

If you installed WordPress 2.7.1 (or an older version) via EasyApps, I recommend you save you plugins and themes folder, as the “EasyApps upgrade” process deletes that. (Or you can just go to your wp-admin and tell WordPress to upgrade itself).

I am working on getting more EasyApps upgraded. If you want to see something else upgraded sooner rather than later, please leave a comment.

/tibi