Network Presence Blog | Blogging networkpresence.co

Upgrades for Adelaide POP – October 2018

Posted on October 16, 2018 by richard

While we’ve been pleasantly surprised by the uptake of our Adelaide VPS Plans, we’re putting more VPS hosting capacity online there soon from this week in October 2018, to keep up with demand and usage there in Adelaide.

So from Tuesday to Sunday October 16th to 20th, 2018, we’ll be bringing on extra capacity for our Adelaide KVM VPS Plans from shop.networkpresence.com.au

Some existing customers in Adelaide will be offered migration to the new VPS Node there and we’ll contact relevant customers on that soon.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged Adelaide, vps | 1 Comment

Tuning cPanel TLS for SMTP incoming email reception

Posted on September 20, 2018 by richard

Newer versions of the WHM/cPanel software often has default SSL/TLS settings in its Exim based mail server that will reject connections from some Internet hosts on the standard SMTP port (port 25) with an error like:

TLS error on connection from … (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

If this is happening, you can “dial down” the default SSL/TLS settings of cPanel’s Exim mail server through logging into your WHM site as its ‘root’ user, going to WHM -> Service configuration -> Exim Configuration Manager page and in the Find: field type “ssl”.
You’ll then see some items in the Security section of this configuration and you should set the following:

Allow weak SSL/TLS ciphers = On

Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server = Off

Options for OpenSSL = +no_sslv2 +no_sslv3

And then Save those updates.

This returns cPanel’s Exim mail server to older settings more compatible with much of the Internet’s email traffic.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged cPanel, vps | Comments Off

How to upgrade from Ubuntu 16 or 17 to 18

Posted on September 14, 2018 by richard

VPS Customers running Ubuntu 16 or 17 can upgrade to their latest OS version, being Ubuntu 18.04 currently, with the following commands run as the root user:

apt-get update && apt-get upgrade

Then set ‘Prompt=normal’ in /etc/update-manager/release-upgrades and run (as root, preferably on your VPS Console (access to which we provide)):

do-release-upgrade

And answer Y or let it proceed with defaults.

Finally, reboot into your new upgraded kernel and system.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged Ubuntu, vps | Comments Off

How to upgrade from Debian 8 to 9

Posted on September 7, 2018 by richard

VPS Customers running Debian 8 can upgrade to their latest OS version (currently Debian 9) with the following commands run as the root user:

apt-get update && apt-get upgrade

Then change any text of the word “jessie” in /etc/apt/sources.list to “stretch” and run the above commands again, with more upgrade commands afterwards too (as root, preferably on your VPS Console (access to which we provide)):

apt-get update && apt-get upgrade && apt-get dist-upgrade

And answer Y to any prompts (eg: to restart services) or let it proceed with defaults, and when changelogs are being listed, press ‘q’ at the ‘:’ prompt to quit their listing.

Finally and before you reboot into your new upgraded kernel and system, it’s best to purge the obsoleted Debian 8 Packages, with the following commands run as root:

apt-get purge $(dpkg -l | awk '/^rc/ { print $2 }') apt-get autoremove

FYI,
Richard.
** PLEASE NOTE THAT YOU SHOULD TAKE A FULLY RESTORABLE IMAGE OF YOUR VPS BEFORE DOING THIS UPGRADE

Posted in Network Presence, Sales | Tagged debian, upgrade, vps | Comments Off

Suggestions for Nginx Hardening/Security

Posted on August 8, 2018 by richard

This is a quick brief listing of suggestions for Nginx web server hardening or security items to check.

Firstly, lots of this is mentioned in the Nginx instance of the ‘Awesome’ series of sites
on GitHub specifically on Nginx Security.
See https://github.com/wallarm/awesome-nginx-security

a) Disable Nginx server_tokens
– set “server_tokens off” in nginx.conf

b) Minimal error pages
– add “error_page 401 403 404 /404.html;” to sites-enabled/ files and “server” config sections

c) Settings to control Buffer Overflow Attacks

Note: Both client_header_buffer_size & large_client_header_buffers will need to be higher than suggested below if your site uses very long URLs.

client_body_buffer_size – default is 8 or 16k, can probably be much lower.
eg: client_body_buffer_size 1k

client_header_buffer_size – again, 1k is usually sufficient:
eg: client_header_buffer_size 1k

client_max_body_size – controls clients throwing too much data at the web server in
sessions.
Needs to be more if the site uses the POST HTTP method for file uploads or such.
eg: client_max_body_size 1k

large_client_header_buffers – related to larger client_header_buffer_size if needed.
eg: large_client_header_buffers 2 1k

d) Disable any unwanted HTTP methods, relevant conf items eg: in nginx.conf or a sites-enabled/ file for this are:
eg: To ensure HEAD, DELETE, SEARCH, TRACE methods won’t work
# Only GET, Post, PUT are allowed
if ($request_method !~ ^(GET|PUT|POST)$ ) {
return 444;
}

e) Ensure no PHP or JVM version or path etc information is passed back to Nginx. ie: Don’t send out X-Powered-By & Server headers to clients

f) Check SSL Ciphers, Protocol & other SSL specific settings
(i) set ssl_ciphers to:
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;

(ii) set: ssl_protocols TLSv1.3;

Other good suggestions for Nginx at https://cipherli.st/
(iii) set:
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

(iv) create & use a strong DH Parameters file with: (takes some time to run)
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096

(v) configure above .pem file, set:
ssl_dhparam /etc/ssl/certs/dhparam.pem;

(vi) ensure you’re using valid/correct X-Frame-Options,
Strict-Transport-Security and other ‘secure’ headers
eg:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains;”;

(vii) consider whether or not to implement OSCP Stapling, see https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html

g) Do “apt-get update && apt-get upgrade” and see what new Linux Packages are available for the Distro.

h) Work through the checklist of https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

i) Check on backend server or content generation (PHP, Tomcat, JVM, etc etc) settings, outside of Nginx itself.

FYI,
Richard.

Posted in Network Presence, Sales | Tagged Nginx, security, SysAdmin | Comments Off

Data Centre, Network & POP Maintenance Notice – Wed evening & Thu morning, August 8th/9th 2018

Posted on July 17, 2018 by richard

During the evening of Wednesday, August 8th from 9pm that night (through to 6am on Thursday morning) we will be performing upgrades to selected hosting server platforms of Network Presence in Sydney, Australia.

Customers with services (VPS) on the hosting platforms to be upgraded may be emailed advisory notices shortly, and this is a general notice related to other ancillary upgrades and Infrastructure Maintenance being performed during this scheduled window of time.

This Maintenance Window starts from 9pm Sydney time on the evening of Wednesday, August 8th 2018 through to 6am on the Thursday morning, and I’ll be personally contactable by phone & online during and after these works in-case there’s any issues that arise. During this Maintenance Window, selected network or server equipment will be worked on, upgraded and restarted. Works will be completed as quickly as possible (and where possible, timing information will be in emails to affected customers) and restarts are short service interruptions only, while upgrades may incur longer service interruptions.

This will incur outages to selected hosting services of Network Presence in Australia during this off-peak scheduled works period.
In addition, there may be some impact (short 5-10 minute periods) to the general Internet Connectivity of portions of Network Presence in Sydney during these works, though redundant routing will be utilised during these works. Our Adelaide POP is unaffected by this Maintenance Notice and works.

Progress updates during the works will be posted to our Operations Twitter Feed at https://twitter.com/netpresops

FYI and regards,
Richard.

Posted in Network Presence | Comments Off

Server Platform Refresh 2018

Posted on June 28, 2018 by richard

Following the release of new CPU architectures, good business growth and other developments, this year’s server nodes/hosts and network upgrades are starting soon.

Accordingly, the following Node #s will be getting hardware and software upgrades & replacements from the 3rd quarter of 2018: 5, 12, 15, 16, 22, 30, 31, 33, 34, 38, 40, 42, 56, 64, 100, 102
Customers on those listed Nodes will be emailed information about their Node’s work and its timing in due course of these upgrades and refreshes.

A number of new VPS Nodes, made up of brand-name units and custom builds, will be bought online between August and November 2018 and we’ll be releasing more capacity for our Shopfront site’s VPS Plans, as well as releasing new versions of our most popular VPS Plans.

We’ll update this post as this year’s server refresh progresses, and we look forward to these upgrades.

Sept 21st 2018 Update:

Nodes 15, 33, 40, 42, 110, 111 & 112 & others in our Adelaide POP have been upgraded in this refresh and are online servicing customers.

Nodes 3, 5, 20, 21, 22 and a few more are scheduled for upgrades in early November.

Oct 19th 2018 Update:

New Node online in the Adelaide POP for Shopfront KVM VPS Plans.

FYI and regards,
Richard.

Posted in Network Presence, Sales | Tagged Adelaide, Colo, Colocation, Sydney, vps | Comments Off

New features for VPS Management web pages – Firewall / Packet Filtering [in Beta to start]

Posted on May 10, 2018 by richard

Our journey to update and refresh our web-based VPS Management site and pages continues to deliver results for our customers, with our next newly deployed feature being the ability to set “Firewall Rules” and packet filters on both the incoming and outgoing network traffic of your VPS.

These settings are set through the VPS Management web pages and are enacted outside of your VPS, so the processing and operation of these filters is external to your VPS itself.

This feature is currently available as a “Beta” release, meaning that customers can contact us to have this feature enabled for their use of our web-based VPS Management pages.
General release of this capability is expected during Q3 this year ie: as soon as next month.

This completes this tranche of new features coming to our web-based VPS Management pages and site, and following the general release of the Firewall feature, our attention will turn to UI updates and better navigation for our web-based VPS Management pages.

FYI and regards,
Richard.

Posted in Network Presence, Sales | Tagged Firewall, vps | Comments Off

Search for:
Recent Tweets

Tweets by netpres
Recent Posts
Tags
- Adelaide
- Apache
- API
- Appliance
- Backups
- Big Data
- Canberra
- Cloud
- Cloud Computing
- Colo
- Colocation
- cPanel
- DNS
- Eucalyptus
- Hadoop
- IaaS
- Infrastructure
- ipv6
- ISP
- Java
- linux
- Managed VPS
- memcached
- NetPres
- open source
- OpenStack
- Oracle
- PaaS
- Peering
- PHP
- Ruby
- SLA
- SSD
- SSL
- Storage
- Sydney
- SysAdmin
- Tomcat
- Training
- upgrade
- VDS
- VPN
- vps
- Wordpress
- Xen
November 2024

M T W T F S S

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30

« Oct
Meta
Archives
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- February 2023
- December 2022
- October 2022
- September 2022
- June 2022
- May 2022
- March 2022
- December 2021
- November 2021
- August 2021
- July 2021
- May 2021
- April 2021
- February 2021
- December 2020
- November 2020
- October 2020
- September 2020
- May 2020
- April 2020
- March 2020
- January 2020
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- February 2018
- January 2018
- December 2017
- September 2017
- July 2017
- June 2017
- April 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011

Recent Tweets

Recent Posts

Tags

Meta

Archives