Node 16 & Sydney Router Upgrades

During the evening of Tuesday, November 27th from 9pm that night (through to 7am on Wednesday morning) we will be performing upgrades to the hosting server known as “Node 16” in Sydney, as well as one of our many border routers of Network Presence in Sydney, Australia.

Update: These works went well on the night and during the days afterwards we found a kernel setting that was required for these upgraded Nodes, which was in-place by Monday December 3rd.

Customers with services (VPS) on the affected hosting platform(s) to be upgraded may be emailed advisory notices, and this is a general notice related to other ancillary upgrades and Infrastructure Maintenance being performed during this scheduled window of time, and specifically the short cutovers between routing upgrades that’ll affect a small segment of our Sydney based VPS customers.

This Maintenance Window starts from 9pm Sydney time on the evening of Tuesday, November 27th 2018 through to 6am on the Wednesday morning, and I’ll be personally contactable by phone & online during and after these works in-case there’s any issues that arise. During this Maintenance Window, selected network or server equipment will be worked on, upgraded and restarted. Works will be completed as quickly as possible (and where possible, timing information will be in emails to affected customers) and restarts are short service interruptions only, while upgrades may incur longer service interruptions.

This will incur outages to selected hosting services of Network Presence in Australia during this off-peak scheduled works period.
In addition, there may be some impact (short 5-10 minute periods) to the general Internet Connectivity of portions of Network Presence in Sydney during these works, though redundant routing will be utilised during these works. Our Adelaide POP is unaffected by this Maintenance Notice and works.

Progress updates during the works will be posted to our Operations Twitter Feed at https://twitter.com/netpresops

FYI and regards,
Richard.

Posted in Network Presence | Comments Off on Node 16 & Sydney Router Upgrades

Data Centre, Network & POP Maintenance Notice – Wed evening & Thu morning, November 14th/15th 2018

During the evening of Wednesday, November 14th from 9pm that night (through to 6am on Thursday morning) we will be performing upgrades to selected hosting server platforms of Network Presence in Sydney, Australia.

Customers with services (VPS) on the hosting platforms to be upgraded may be emailed advisory notices, and this is a general notice related to other ancillary upgrades and Infrastructure Maintenance being performed during this scheduled window of time.

This Maintenance Window starts from 9pm Sydney time on the evening of Wednesday, November 14th 2018 through to 6am on the Thursday morning, and I’ll be personally contactable by phone & online during and after these works in-case there’s any issues that arise. During this Maintenance Window, selected network or server equipment will be worked on, upgraded and restarted. Works will be completed as quickly as possible (and where possible, timing information will be in emails to affected customers) and restarts are short service interruptions only, while upgrades may incur longer service interruptions.

This will incur outages to selected hosting services of Network Presence in Australia during this off-peak scheduled works period.
In addition, there may be some impact (short 5-10 minute periods) to the general Internet Connectivity of portions of Network Presence in Sydney during these works, though redundant routing will be utilised during these works. Our Adelaide POP is unaffected by this Maintenance Notice and works.

Progress updates during the works will be posted to our Operations Twitter Feed at https://twitter.com/netpresops

FYI and regards,
Richard.

Posted in Network Presence | Comments Off on Data Centre, Network & POP Maintenance Notice – Wed evening & Thu morning, November 14th/15th 2018

Upgrades for Adelaide POP – October 2018

While we’ve been pleasantly surprised by the uptake of our Adelaide VPS Plans, we’re putting more VPS hosting capacity online there soon from this week in October 2018, to keep up with demand and usage there in Adelaide.

So from Tuesday to Sunday October 16th to 20th, 2018, we’ll be bringing on extra capacity for our Adelaide KVM VPS Plans from shop.networkpresence.com.au

Some existing customers in Adelaide will be offered migration to the new VPS Node there and we’ll contact relevant customers on that soon.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged , | 1 Comment

Tuning cPanel TLS for SMTP incoming email reception

Newer versions of the WHM/cPanel software often has default SSL/TLS settings in its Exim based mail server that will reject connections from some Internet hosts on the standard SMTP port (port 25) with an error like:

TLS error on connection from … (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

If this is happening, you can “dial down” the default SSL/TLS settings of cPanel’s Exim mail server through logging into your WHM site as its ‘root’ user, going to WHM -> Service configuration -> Exim Configuration Manager page and in the Find: field type “ssl”.
You’ll then see some items in the Security section of this configuration and you should set the following:

Allow weak SSL/TLS ciphers = On

Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server = Off

Options for OpenSSL = +no_sslv2 +no_sslv3

And then Save those updates.

This returns cPanel’s Exim mail server to older settings more compatible with much of the Internet’s email traffic.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged , | Comments Off on Tuning cPanel TLS for SMTP incoming email reception

How to upgrade from Ubuntu 16 or 17 to 18

VPS Customers running Ubuntu 16 or 17 can upgrade to their latest OS version, being Ubuntu 18.04 currently, with the following commands run as the root user:

apt-get update && apt-get upgrade

Then set ‘Prompt=normal’ in /etc/update-manager/release-upgrades and run (as root, preferably on your VPS Console (access to which we provide)):

do-release-upgrade

And answer Y or let it proceed with defaults.

Finally, reboot into your new upgraded kernel and system.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged , | Comments Off on How to upgrade from Ubuntu 16 or 17 to 18

How to upgrade from Debian 8 to 9

VPS Customers running Debian 8 can upgrade to their latest OS version (currently Debian 9) with the following commands run as the root user:

apt-get update && apt-get upgrade

Then change any text of the word “jessie” in /etc/apt/sources.list to “stretch” and run the above commands again, with more upgrade commands afterwards too (as root, preferably on your VPS Console (access to which we provide)):

apt-get update && apt-get upgrade && apt-get dist-upgrade

And answer Y to any prompts (eg: to restart services) or let it proceed with defaults, and when changelogs are being listed, press ‘q’ at the ‘:’ prompt to quit their listing.

Finally and before you reboot into your new upgraded kernel and system, it’s best to purge the obsoleted Debian 8 Packages, with the following commands run as root:

apt-get purge $(dpkg -l | awk '/^rc/ { print $2 }')
apt-get autoremove

FYI,
Richard.
** PLEASE NOTE THAT YOU SHOULD TAKE A FULLY RESTORABLE IMAGE OF YOUR VPS BEFORE DOING THIS UPGRADE

Posted in Network Presence, Sales | Tagged , , | Comments Off on How to upgrade from Debian 8 to 9

Suggestions for Nginx Hardening/Security

This is a quick brief listing of suggestions for Nginx web server hardening or security items to check.

Firstly, lots of this is mentioned in the Nginx instance of the ‘Awesome’ series of sites
on GitHub specifically on Nginx Security.
See https://github.com/wallarm/awesome-nginx-security

a) Disable Nginx server_tokens
– set “server_tokens off” in nginx.conf

b) Minimal error pages
– add “error_page 401 403 404 /404.html;” to sites-enabled/ files and “server” config sections

c) Settings to control Buffer Overflow Attacks

Note: Both client_header_buffer_size & large_client_header_buffers will need to be higher than suggested below if your site uses very long URLs.

client_body_buffer_size – default is 8 or 16k, can probably be much lower.
eg: client_body_buffer_size 1k

client_header_buffer_size – again, 1k is usually sufficient:
eg: client_header_buffer_size 1k

client_max_body_size – controls clients throwing too much data at the web server in
sessions.
Needs to be more if the site uses the POST HTTP method for file uploads or such.
eg: client_max_body_size 1k

large_client_header_buffers – related to larger client_header_buffer_size if needed.
eg: large_client_header_buffers 2 1k

d) Disable any unwanted HTTP methods, relevant conf items eg: in nginx.conf or a sites-enabled/ file for this are:
eg: To ensure HEAD, DELETE, SEARCH, TRACE methods won’t work
# Only GET, Post, PUT are allowed
if ($request_method !~ ^(GET|PUT|POST)$ ) {
return 444;
}

e) Ensure no PHP or JVM version or path etc information is passed back to Nginx. ie: Don’t send out X-Powered-By & Server headers to clients

f) Check SSL Ciphers, Protocol & other SSL specific settings
(i) set ssl_ciphers to:
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;

(ii) set: ssl_protocols TLSv1.3;

Other good suggestions for Nginx at https://cipherli.st/
(iii) set:
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

(iv) create & use a strong DH Parameters file with: (takes some time to run)
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096

(v) configure above .pem file, set:
ssl_dhparam /etc/ssl/certs/dhparam.pem;

(vi) ensure you’re using valid/correct X-Frame-Options,
Strict-Transport-Security and other ‘secure’ headers
eg:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains;”;

(vii) consider whether or not to implement OSCP Stapling, see https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html

g) Do “apt-get update && apt-get upgrade” and see what new Linux Packages are available for the Distro.

h) Work through the checklist of https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

i) Check on backend server or content generation (PHP, Tomcat, JVM, etc etc) settings, outside of Nginx itself.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged , , | Comments Off on Suggestions for Nginx Hardening/Security

Data Centre, Network & POP Maintenance Notice – Wed evening & Thu morning, August 8th/9th 2018

During the evening of Wednesday, August 8th from 9pm that night (through to 6am on Thursday morning) we will be performing upgrades to selected hosting server platforms of Network Presence in Sydney, Australia.

Customers with services (VPS) on the hosting platforms to be upgraded may be emailed advisory notices shortly, and this is a general notice related to other ancillary upgrades and Infrastructure Maintenance being performed during this scheduled window of time.

This Maintenance Window starts from 9pm Sydney time on the evening of Wednesday, August 8th 2018 through to 6am on the Thursday morning, and I’ll be personally contactable by phone & online during and after these works in-case there’s any issues that arise. During this Maintenance Window, selected network or server equipment will be worked on, upgraded and restarted. Works will be completed as quickly as possible (and where possible, timing information will be in emails to affected customers) and restarts are short service interruptions only, while upgrades may incur longer service interruptions.

This will incur outages to selected hosting services of Network Presence in Australia during this off-peak scheduled works period.
In addition, there may be some impact (short 5-10 minute periods) to the general Internet Connectivity of portions of Network Presence in Sydney during these works, though redundant routing will be utilised during these works. Our Adelaide POP is unaffected by this Maintenance Notice and works.

Progress updates during the works will be posted to our Operations Twitter Feed at https://twitter.com/netpresops

FYI and regards,
Richard.

Posted in Network Presence | Comments Off on Data Centre, Network & POP Maintenance Notice – Wed evening & Thu morning, August 8th/9th 2018

Server Platform Refresh 2018

Following the release of new CPU architectures, good business growth and other developments, this year’s server nodes/hosts and network upgrades are starting soon.

Accordingly, the following Node #s will be getting hardware and software upgrades & replacements from the 3rd quarter of 2018: 5, 12, 15, 16, 22, 30, 31, 33, 34, 38, 40, 42, 56, 64, 100, 102
Customers on those listed Nodes will be emailed information about their Node’s work and its timing in due course of these upgrades and refreshes.

A number of new VPS Nodes, made up of brand-name units and custom builds, will be bought online between August and November 2018 and we’ll be releasing more capacity for our Shopfront site’s VPS Plans, as well as releasing new versions of our most popular VPS Plans.

We’ll update this post as this year’s server refresh progresses, and we look forward to these upgrades.

Sept 21st 2018 Update:

Nodes 15, 33, 40, 42, 110, 111 & 112 & others in our Adelaide POP have been upgraded in this refresh and are online servicing customers.

Nodes 3, 5, 20, 21, 22 and a few more are scheduled for upgrades in early November.

Oct 19th 2018 Update:

New Node online in the Adelaide POP for Shopfront KVM VPS Plans.

FYI and regards,
Richard.

Posted in Network Presence, Sales | Tagged , , , , | Comments Off on Server Platform Refresh 2018

New features for VPS Management web pages – Firewall / Packet Filtering [in Beta to start]

Our journey to update and refresh our web-based VPS Management site and pages continues to deliver results for our customers, with our next newly deployed feature being the ability to set “Firewall Rules” and packet filters on both the incoming and outgoing network traffic of your VPS.

These settings are set through the VPS Management web pages and are enacted outside of your VPS, so the processing and operation of these filters is external to your VPS itself.

This feature is currently available as a “Beta” release, meaning that customers can contact us to have this feature enabled for their use of our web-based VPS Management pages.
General release of this capability is expected during Q3 this year ie: as soon as next month.

This completes this tranche of new features coming to our web-based VPS Management pages and site, and following the general release of the Firewall feature, our attention will turn to UI updates and better navigation for our web-based VPS Management pages.

FYI and regards,
Richard.

Posted in Network Presence, Sales | Tagged , | Comments Off on New features for VPS Management web pages – Firewall / Packet Filtering [in Beta to start]