1

Addressing Ransomware Attacks


ransomwareFirst, what exactly are ransomware attacks and what’s the motivation behind them? Motivation seems easy enough to decipher – it’s monetary greed. In every instance I’d read about, there’s always some monetary demand to decipher their sites, generally in BitCoin payments (the preferred currency of cybercriminals everywhere).

One definition is, “Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim.”

The most common source of ransomware attacks

Malicious email attachments are high on our list as a common source of ransomware attacks, followed by software applications (and external storage devices) that have been infected, and what we see more often than not – websites that have been compromised. RDP (remote desktop protocol) is also used simply because it doesn’t rely on user interaction.

Can’t log into your site?

In some instances, cybercriminals use a lockscreen variant whereby they alter their victim’s logins.

Has your data been kidnapped?

Here your data files are encrypted, not necessarily only to the infected device, but to other network devices that are connected.

Early attacks could be reverse engineered, but …

You guessed it. While early attacks could be reverse engineered relatively easily, cybercriminals have developed enhanced versions that utilize exceptionally strong public key encryption.

Previous versions of ransomware attacks

When discussing public key encryption, one of the earliest versions of ransomware that used this was a Trojan horse by the name of Cryptolocker. As usual, the attackers demanded payment via bitcoin, and at the time, because of the RSA cryptology used, this was highly effective malware. Fortunately, the encryption keys for this variant were discovered leading to the development of an online tool that facilitated recovery, effectively defanging the malware.

Ransomwares attacks 

A recent attack, defined as WannaCry was disseminated in the Spring of 2017 that infected over 250,000 systems around the world. This malware utilized asymmetric encryption, making recovery difficult. Why? Using this variant, victims faced increasingly difficult recovery paths attempting to discover the private and undistributed key that was necessary for decryption.

Once again, payments via bitcoin were demanded, simply because they couldn’t be traced to the recipients. The net estimated damage from this attack alone may have exceeded $1 billion dollars.

Does paying ransomware demands guarantee you’ll get your files back?

Unfortunately, paying ransomware demands does NOT guarantee that you’ll get your files back.  Approximately 20 percent of firms or organizations that pay these fees do NOT get their data back.

The average amount of ransom demanded currently exceeds $1000

The estimated percentage of business executives that actually paid these demands ranges from 3 to 70 percent, so those aren’t exactly rocket science numbers, although across the board, fewer percentages of US companies tend to pay.

Are internet of things (IoT) vulnerable to ransomware attacks?

Unfortunately, yes, IoT is vulnerable, so it’s imperative that you take precautions. We’re talking about smart thermostats, refrigerators and security systems, as well as many other devices.

Who actually uses ransomware?

Unbelievably, ransomware kits on currently available on the dark web for less money than you might imagine. And you don’t have to be a computer geek to purchase and implement an attack. In some scenarios, the seller of the ransomware malware actually collects the ransomware payments, takes their percentage of the loot and distributes the remaining amount to the purchaser.

How would you know you were attacked?

Of course, there are the more obvious signs of attack like receiving a pop up message telling you that you’ve been attacked. Of course, the approach these cybercriminals take to extort digital currency for their misdeeds vary. Some victims are given deadlines to pay and some are simply threatened by promising to expose confidential information or data.

The key to minimizing ransomware attacks is prevention

First and foremost, backup your data in multiple locations, online and offline remotely and don’t click on suspicious attachments in emails, especially from strangers.

ProlimeHost

Brought to you by ProlimeHost

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS Services: Lightning Fast SSD Virtual Servers

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.




Understanding DDoS Attacks


DDoS attackDDoS attacks are simply distributed denial of service attacks whereby unscrupulous cybercriminals try to overwhelm a website with bogus traffic from multiple sources. At first, they primarily attacked important resources, but recently they’ve expanded their nefarious attacks on nearly everyone.

Who are their targets?

They’re currently targeting banking institutions, public libraries, news organizations, web hosting providers, auto repair shops, travel agencies, pet stores, hair salons and you name it – no one is safe from these low life Internet thugs.

Some alarming facts:

  • It’s not expensive to purchase the ability to launch DDoS attacks on the black market. For as little as $150, these thugs can acquire an attack that lasts for an entire week. What would that mean to your online business? Without protection of any kind, this would certainly affect your operations to some extent, either in terms of reduced traffic, shopping cart abandonment or higher bounce rates.
  • Thousands of attacks occur each and every day, with many of them becoming more sophisticated and complex. Just because a service states that they protect from DDoS attacks up to 20 Gbps, that alone is no guarantee that you’re protected. In fact, one leading web hosting provider contends that even 100 Gbps protection is no longer sufficient.
  • Downtime can be difficult to troubleshoot at times, but it’s estimated that one-third of all downtime incidents are caused by DDoS attacks.

The evil known as malicious botnets

These cybercriminals construct networks of infected computers and smartphones, known as botnets. Though these networks, these underbelly low-lifes of the Internet spread malicious software via infected websites, emails and social media accounts.

Once infected, control is administered remotely, clouded in stealth without the owner’s knowledge. The larger the network, the more damage can be dealt out against their targets.

DDoS attacks can overwhelm their targets

How do DDoS attack overwhelm their targets? They do this by generating tremendous floods of traffic, at a rate that servers simply cannot handle. At times, these attacks are so large that they can overwhelm a country’s international cable capacity.

The DDoS marketplace

What’s so frustrating is that it’s so simple to buy and sell these botnets on the black market. It’s essentially a sleazy underground market for silencing anyone you have a disagreement with or even your competitor. It’s widely known in gaming circles that you had better have DDoS protection if you’re running any type of gaming services.

Different types of DDoS attacks

DDoS attacks are generated and distributed in a myriad of forms, from Layer 7 attacks to Teardrops to Pings of Death to Layer 83 attacks. OK, there’s no such thing as a Layer 83 attack, but you get the picture. If there was a Layer 83, cybercriminals would find some way to attack it.

  • TCP connection attacks are designed to overwhelm all available connections to things like firewalls, load-balancers and application servers, whereas volumetric attacks attempt to consume all available bandwidth. The end result – network congestion.
  • In an effort to severely reduce network performance, a DDoS attack may consist of flooding TCP or UDP fragments, which in turn would overwhelm a network’s ability to reassemble the streams.
  • If these cybercriminals wanted to disrupt a specific aspect of a service or an application, it’s possible to generate an attack utilizing a low traffic rate, making the attack much more difficult to identify and mitigate.
  • DNS Reflection is used quite often, as it forges a victim’s IP address, making it possible to amplify the attack by over 70 times in size.

ProlimeHost

Brought to you by ProlimeHost

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS Services: Lightning Fast SSD Virtual Servers

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.




WordPress Plugins – the Highs and Lows

WordPress

WordPress themes and plugins need to be updated when patches are released

WordPress is beyond doubt, the most popular Content Management System (CMS) on the globe, followed by others like Joomla, Drupal and more, and part of that popularity comes because of the thousands of plugins that make WordPress more functional. Plugins give webmasters a way to fine tune their sites, but there is some risk involved.

Every plugin you use adds resource consumption to your site

The good side of plugins is that they enhance the functionality of websites, but the bad side is that with increased plugins comes increased risks – not only from potential incompatibility with the current version of WordPress, but from potential threats like ransomware and malware.

Add to that, some plugins are resource hogs and will detrimentally slow down your site’s performance, leading to shopping cart abandonment and increased bounced rates.

How to limit your exposure to risk?

All is not hopeless, as there are ways to limit your exposure to the risks associated with WordPress plugins. The first and most obvious would be to delete all those plugins that haven’t been activated, and most likely never will be.

You know what I’m talking about. A web developer will download a theme from ThemeForest or elsewhere, install and customize the site, but not use all of the plugins that came with that theme and then they sit there for years, never getting activated or updated. I hear some of you asking, “What’s the difference? If they haven’t been activated, what’s the damage?” The difference is that those plugins are still vulnerable to exploitation and should be deleted. Hanging on to plugins you’re never going to use is tantamount to house hording. It’s time to clean house!

Think of it this way. Each one of those plugins has an author, who is ultimately responsible for keeping their respective plugin up-to-date. The more chefs in the stew, the more opportunity for disaster.

What you need to knowSpeaking of authors

There are tons of plugins floating around of questionable design, but how would you recognize them? Our recommendation would be to limit your plugin downloads to those in the OFFICIAL WordPress.org directory. It doesn’t end there though, as from time-to-time, some plugins are removed from that directory. Authors are real people; they sometimes lose interest, they move on to bigger and better things, and they even die. Where does that leave you? Fortunately, there are some key performance indicators (KPI) available to help.

When contemplating downloading a WordPress plugin

  • Check out the Version. Is it updated regularly? Is it compatible with the current version of WordPress?
  • How many Active installations are there? Hundreds? Thousands? Millions?
  • What is its rating? 5 stars? 4 stars? I recommend reading the reviews.

What should you do when you stop using a plugin?

That’s an easy question to answer as you should immediately delete any plugins you’re not using anymore. This will demonstratively reduce your exposure to risk.

Reducing the hassle of constantly updating plugins

A good number of plugins allow you to automatically update them as revisions are released. For those that do not offer this feature, it’s best to update all of your plugins IMMEDIATELY. The longer you wait to update outdated plugins, the greater the risk. Why? Cybercriminals focus on exploiting easy targets and outdated plugins are prime territory. Security vulnerabilities are discovered every day, and those vulnerabilities are distributed very rapidly to the underground world (the dark side) of the Internet. Every second you wait to update a plugin adds to your exposure.

Protecting your site and its data

Firewalls are an essential element in protecting your site and its data from malicious attacks. The two plugins that we recommend are WordFence and Anti-Malware Security and Brute-Force Firewall.

Web application firewalls, like these analyze inbound traffic to your site and then filter out any requests deemed malicious.

Common types of attacks

What we’ve seen so far as the most common types of attacks are cross-site scripting, directory traversal, SQL injection and malicious file uploads. Trust me, once your site has been attacked, it’s a real pain cleaning it up. You’re far better off spending some time being proactive, implementing measures to protect your site from malware, rather than being reactive – attempting to clean up the mess afterwards.

ProlimeHost

Brought to you by ProlimeHost

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS Services: Lightning Fast SSD Virtual Servers

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.




RAID 5 versus RAID 10, HDD and SSD


RAID ArrayLet’s set some reference points upfront so that we can accurately discuss the differences between these two types of RAID arrays.

RAID Arrays

  • RAID 5 is a RAID ((redundant array of independent disks) configuration that uses disk striping with parity. As data and parity are striped across all of the disks, no single disk creates a bottleneck.
  • Conversely, RAID 10 combines disk mirroring and disk striping to protect data. RAID 10 requires a minimum of four disks, and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved. If two disks in the same mirrored pair fail, all data will be lost because there is no parity in the striped sets. RAID 10 provides redundancy and performance, and is the best option for I/O-intensive applications. One disadvantage is that only fifty percent of the total raw capacity of the drives is usable due to mirroring.

HDD

Raid 5 is less efficient on normal spinning hard disks (HDD) because it increases the number of random I/O operations. Writing small amounts of data more frequently results in slower performance than when writing larger amounts of data sequentially.

SSD

Conversely,  SSDs can write random smaller blocks of data more efficiently. What’s more important though is knowing the total amount of data written to the drive.

Parity

A parity drive is a hard drive used in a RAID array to provide fault tolerance. For example, RAID 5 uses a parity drive to create a system that is both fault tolerant and, because of data striping, fast. One way to implement a parity drive in a RAID array is to use the exclusive or, or XOR, function.

Striping

Disk striping is the process of dividing a body of data into blocks and spreading the data blocks across multiple storage devices, such as hard disks or solid-state drives (SSDs). A stripe consists of the data divided across the set of hard disks or SSDs, and a striped unit, or strip, that refers to the data slice on an individual drive.

Writing hard amounts of data to the array at once

With RAID 5, you’re not writing the data five times over – it’s actually 1.25 times in total with ¼ to each of four drives and the additional to the fifth drive for parity. This helps improve data recovery.

With RAID 10, all of the data is mirrored, so when using four drives, ½ of the available write bandwidth is utilized to store copies of your data.

Efficiency

RAID 10 is more efficient in that it’s able to keep the drives active (at a maximum) more so than RAID 5. However, for maximum performance (actual writing speed), RAID 5 is better because less time is used storing information that is redundant.

Workload variances

If you’re testing efficiency between these two types of RAID configurations, be aware that your results will vary depending on the type of test data you’re utilizing. A single threaded test will produce different results than say, running multiple simultaneous write threads.

ProlimeHost

Brought to you by ProlimeHost

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS Services: Lightning Fast SSD Virtual Servers

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.




Quick Start Guide for Plesk (Linux or Windows)

plesk_logo_primary_negativeFor the official Quick Start Guide for Plesk, please go to https://docs.plesk.com/en-US/onyx/deployment-guide/quick-start.76607/

This guide is NOT intended to explain how to use Plesk or delve into Plesk concepts, rather simply lay out some guidelines for getting started. If that’s the information you need, please head on over to the Plesk Administrator’s Guide.

Do you need to be a sysadmin to install Plesk?

No, you don’t need to be a sysadmin to install Plesk, but if you run into problems or encounter issues on your install, beyond trying all the suggestions offered below, sometimes a sysadmin can get the job done in minutes versus wasting a ton of production hours doing this on your own.

  • Of course, first try searching on the Plesk FAQ pages or in their Knowledge Base. Quite often, you’ll find exactly what you were looking for right there.
  • Additionally, the Plesk Community Forums are a great place to research questions and resolutions because these address real world issues that others, just like you, have encountered.
  • If all else fails, there’s always the option to contact their technical support department.

Default configuration

  • The default configuration and one-click installation instructions for Linux
  • The default configuration and one-click installation instructions for Windows

It should be noted that no product license key is installed, so you’ll need to purchase that from “Plans & Pricing.”

Plesk understands that there’s a learning curve with any software purchase, so they offer a trial product license so that you can look over their software, get a feel for its functionality and evaluate if it’s the right product for your business or organization. They give you two full weeks (14 days) to evaluate their software, AND this is not some limited funky version – it’s full functionality. Download Your Free Plesk Trial.

What if you need to deploy virtual servers from time to time?

This can be accomplished with Plesk on demand, by cloning servers. Check out Deploying Plesk Servers by Cloning.

What if I have to deploy more than one server at the same time?

In the web hosting industry, orders don’t always come in one at a time. Quite often they come in bunches. To reduce provisioning times, there are command line tools available in Plesk that enable an unattended (automated) installation procedure.

Mirroring

In order to optimize downloads, we do recommend setting up a local mirror repository. To see how, go to Mirroring Plesk Autoinstall Servers.

When you want to install Plesk for your work

The installer for Plesk operates in interactive mode, so it asks a number of queries related to what components you need to have installed. This can be accomplished either in a browser or in the command line.

Web Admin or Web Pro?

Which way to proceed, Web Admin or Web Pro, depends entirely on the specific type of business or organization that you’re running. To manage your company or organization’s (or client’s) web and mail server, Web Admin is best suited. Conversely, if you’re a web studio that hosts client’s websites, then Web Pro would best match your requirements.

What about upgrades?

As we’re all aware, versions of software change from time to time, to increase functionality, improve security and so on. Plesk makes upgrading to its latest version easy utilizing its management and server configuration tools in the GUI (graphic user interface). To see how, go to Upgrading Plesk Using Administrator GUI.

Some limitations when upgrading

If you’re upgrading going through the graphic user interface, you can only upgrade to one of three release tiers. Those are either the General release (which is our recommendation), or the Early or Late adaptor.

For more flexibility in upgrading

If you’re looking for more flexibility when upgrading, then try their interactive installer.

ProlimeHost

Brought to you by ProlimeHost

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS Services: Lightning Fast SSD Virtual Servers

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.