As posted on my Twitter feed yesterday, the server is being upgraded to a better spec system.  We’re going from a dual-core/2GB box to a quad-core/8GB setup.  I’m pretty excited about the upgrade, as there will be significantly more procesing power available to companions.

The upgrades were to have taken place yesterday, but were delayed after discovering several accounts with insecure scripts installed.  A couple of these scripts were exploited and allowed a malicious user to upload a folder with dozens of interior junk pages to many accounts on the server.

So I spent from yesterday afternoon until 3AM this morning manually going through each account to clean them up and take an inventory of what scripts were present.  I found several accounts that had uploaded 3rd party scripts that did NOT come through me first.

Please understand that to keep the server secure and stable for everyone, I DO NOT allow 3rd party script uploads unless I have had a chance to review them first.  Although I try provide most features a traditional web host would include, my server is still a private, fully-managed hosting environment.  As posted on my web hosting page, this means that I restrict what type of scripts or 3rd party applications can be installed or uploaded.  I do not have this policy to annoy anyone, but rather, to keep your accounts secure and stable.

If you need to regularly add new scripts or plan to have another developer work extensively on your site, it would be better for you to move to a traditional web host, as they have the manpower to monitor more effectively for script exploits.

Also, if you give someone ftp access to your hosting account, please be sure to reset your cPanel password to something temporary before giving them access.  It’s also a good idea to change your password at least once a month.

As mentioned on my hosting page, I provide web hosting as a convenience and extra layer of security.  My server is intended for more low-key companions who do not want to divulge their real name to a traditional web host.  90% of my hosted clients never use ftp and only access cPanel for webmail or visitor statistics.  These are the types of accounts I would like to host on the server, as they involve far less risk to system stability.

I am still open to allowing occassional 3rd party scripts, but it really is essential that you first send it to me for  review.  If you need a hosting solution with more flexibility than this, I am happy recommend an alternate hosting provider.

Now that all of your accounts have been inventoried and cleaned up, the hardware upgrade will take place some time tonight.  I’m waiting to hear back from the datacenter on the specific timeline – so l post an update to my twitter feed when I know more.  Also, the server has been configured with more strict security measures – which may interfere with some of my editing scripts.  I haven’t had a chance to fully test all versions of the CMS that are still being used – so if you run into quirky behavior while trying to update your website, please open a support ticket and describe the problem.

And finally, with the time spent on unexpected server maintenance yesterday – I’m running a full day behind schedule.  Instead of Friday being my last day before vacation, I’ve decided to work through the weekend so I can catch back up.

Thanks!

Tara

COMMENT RSS 2.0 | COMMENT | TRACKBACK