Category Archives: Dedicated Servers

Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 3

 

Logo Puppy Linux

To quickly review our previous discussion, we are discussing the different types of Linux. Linux, along with Windows, is one of the two basic operating systems used on servers. It’s also used on personal desktops, though not nearly as frequently (meaning it’s a tiny percentage of consumer use). The basis for that is because IT folks appreciate the control, freedom, and security Linux allows – like any open-source software, its source code is accessible and changeable – so they build it into networks.

Because the source code is changeable, it invites experimentation, in a similar way to a chef who learns the basic recipes of other chefs and then elaborates on them to concoct his own version. Linux in this way is unlike Microsoft code, which is, for better (one simple standard) and worse (lack of access and freedom) inaccessible (well, sorta) and unmanipulable (legally speaking). Standardization with Microsoft allows one efficient and predictable taste. Experimentation with Linux allows manifold community recipes.

Linux is delicious—so delicious, in fact, that some people can’t get enough, even if it’s awkward to pull out the OS and get a brief blast to the tastebuds. A key example is when Bill Gates was riding a glass elevator with me in Chicago, Illinois. He suddenly started speaking rapidly into a microsensor on his arm, “Open Linux Mint. Must feel something. Sixteen-year-old virtual reality overlord removing my feeling code. My love for Cinnamon Bun is dying. Sad Bill. Where are my pills?” Though Cinnamon Bun was his dog, it did not appear that his arm heard him, or that he was the real Bill Gates.
Continue reading Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 3

Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 2

 

Tux, the Linux penguin
Tux, the Linux penguin

As we discussed in the first installment of this series, deciding on an operating system for your server is one of the most important decisions you make when choosing a hosting environment. Your options get broader when you are using dedicated servers (in contrast to shared hosting) or virtual private servers (VPSs – the middle ground between dedicated and shared hosting in which your chunk of the server is partitioned into its own unit).

Windows is simple. You obviously want the most up-to-date version; but other than that, it’s Windows, and that’s it. That is kind of nice for simplicity’s sake, but if you are interested in open source environments (access to the source code) and general computing freedom, Linux is probably the way you want to go. Linux comes in a wide variety of flavors, so choosing between those options is your first challenge.

It is widely acknowledged throughout the Linux community that the different versions of Linux smell pretty much the same but taste very different. “It’s hard to explain,” said Bill Gates to me in a glass elevator overlooking the Chicago shoreline, “but there is a way in which you can feel different distributions of Linux on your tongue.” Bill (or it’s possible it was his doppelgänger) straightened his unitard, gave his dog Cinnamon Bun a piece of bacon from his breast pocket, and continued: “Some are sweet, some are sour, and some are bitter… I hate eating.” Then the elevator stopped between floors for an hour of maintenance.
Continue reading Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 2

Many Different Flavors of Linux: A Look at Distros & How They Taste

 

English: Pentubuntu, the different Linux Distr...
Pentubuntu, the different Linux Distribution

When you look at servers, one of the most important decisions you need to make is the operating system. Typically that means choosing between Windows and Linux. However, you may choose to use a dedicated server (a server you control, with a hosting company or on your own) or co-location (using a hosting company’s data center to store your server in an ultra-secure environment). In that case, you will have a wide variety of types of Linux you can potentially explore. The same is true of your PC desktop.

Linux has all these options to choose from because it is an open-source (freely available source code) version of UNIX. UNIX, then, is the real base operating system. Linux became an incredibly popular version of UNIX, the standard for use by high-tech folks and many companies around the globe. Due to its widespread adoption and the fact that it is open source and can be manipulated as desired, a widespread array of versions has proliferated.

Perhaps the best part of Linux flavors is, in fact, not how they operate or feel but how they taste. Probably the most ridiculous comment Bill Gates ever made was when he complained that “all species of Linux taste like chicken.” He then explained that Windows tasted “like a warm blueberry muffin at one moment, like crisp roast duck the next.” Granted, he was a little inebriated when he made these comments, and it’s also possible it wasn’t him. Some guy who looked like Gates definitely said this, though.
Continue reading Many Different Flavors of Linux: A Look at Distros & How They Taste

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers – Part 2 (Linux)

English: Screenshot of Alpine via SSH on a Deb...
Screenshot of Alpine via SSH on a Debian Server

Hello friends and neighbors. This post, as it turns out, is the follow-up to our groundbreaking, skybreaking article on server hardening; it also is the prequel to our final post on Windows server hardening. This post, the meat of the sandwich (ham, in this case), is on how to harden Linux servers.

Server hardening is a simple concept, and it’s crucial to initiate if you want safety for your website. Essentially, simiarly to the experience of an end-user on a client machine, when you use a server, the systems are not built (their default settings) for high-end security. They’re built, rather, for features. In essence, the Internet is optimized for usability/freedom over administration/security. Securing a system, then, is a matter of revoking freedoms or modifying expectations in order to ensure a secure experience for the system and for all users.

We aren’t only concerned with Windows and Linux servers though. Actually, the NSA Datamine server is one of the most secure options out there. Everyone is thrilled by this server. It’s been called “bootserverlicious” by P. Diddy and “P.-Diddy-riffic” by a worldwide consortium of boot servers.

To get a sense of server hardening on any of the major OSs, we are looking at three sources: “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com (good info, though the language is a little rough); and “Baseline Server Hardening,” by Microsoft’s TechNet. Each of these posts broadens our horizons and is lactose- and gluten-free so that it doesn’t distract from the extra-cheese, thick-crust pizza we’re inhaling.

How to Harden Your Linux Server without Having to Think

No one ever wants to have to think. Let’s not do it, then. Let’s refuse to think, and just feel our way to a hardened server. Don’t call me “baby,” though, please, because that’s disrespectful, sugar. Anyway, the Linux server: here are approaches you can use specific to that OS.

1.    Non-Virtual Worlds: Go into BIOS. Disallow any boot operations from outside entitites: DVD drive or anything else that’s connected to the server. You should also have a password set up for BIOS. GRUB should be password-enabled as well. Your password should be “moonsovermyhammy123987”; I recommend tattooing it on your lower back for safekeeping.

2.    Partitioning as a Standard: Think (no, don’t!) of how a virtual environment or virtual server is constructed. Division into smaller parts is an essential security concept. Any additional pieces of the system will require their own security parameters and challenges. That means you want a streamlined system, of course, like a digestive tract without all the intestines and stuff; but it also means you want everything divided into disparate sections. Any app from an outside source should be installed via options as follows:

/

/boot

/usr

/var

/home

/tmp

/opt

3.    Packet Policies: Along the same line, you don’t want anything unnecessary. That’s the case with anything you’re doing online. Let’s face it: the web is essentially insecure. It’s like a dinosaur with a new outfit that she’s afraid to show off to her other dinosaur friends … sort of.

Here’s the command to check:

# /sbin/chkconfig –list |grep ‘3:on’

And here’s the command to disable:

# chkconfig serviceName off

Finally, you want to use yum, apt-get, or a similar program to show you what’s on the system; that way you can get rid of whatever you don’t need. Here are the command lines for those two services:

# yum -y remove package-name

# sudo apt-get remove package-name

4.    Netstat Protocol: Using the command line netstat, you see what ports are being used and what services are accessible through them. Once you’ve done that, use chkconfig to turn off anything that’s not serving a reasonable function, such as a service that’s just counting over and over again to a billion but won’t tell you why. See below and this netstat-geared article for more specifics.

# netstat -tulpn

5.    SSH: You want to use secure shell (SSH), but you also want it configured properly to maximize your security. SSH is the secure, cryptographic replacement for telnet, rlogin, and other earlier protocols that sent all data (passwords included) as “plain text” (no “scramble” prior to transfer, basically).

You typically don’t want to communicate via SSH as the root user. Sudo allows you to use SSH. See /etc/sudoers for specifics; you can customize them using visudo, available via VI editor.

Finally, switch the port for SSH from 22 to a larger number, and change the settings so that it’s not possible for all account holders to tunnel in through Secure Shell. Here are the file and three specific adjustments:

# vi /etc/ssh/sshd_config

  1. PermitRootLogin no
  2. AllowUsers username
  3. Protocol 2

Conclusion & Continuation

All right. Basic explication: Done. Linux: Done (well, it’s significantly more complex than discussed above; see here for further details). Windows: Next.

Finally, I assume if you’re reading this article, you might want to take a gander, or even a poke, at our dedicated servers, VPS hosting, or colocation.

By Kent Roberts

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers

 

Servers designed for Linux

How to harden a server? Well, let’s first look at what server hardening is. Hardening a server is important to understand even if you are in a hosting environment, when many of the security concerns are monitored and administered by the hosting service. Then we will look specifically at the guidelines for a Windows or Linux environment (Linux first).

Throughout, we will review requirements for an NSA Datamine server. These exciting new servers directly transfer all of your information to the federal government, including your pants size and favorite kind of saltwater taffy. (Your favorite flavor is blueberry, per requirements set forth by the NSA establishing “favorites” protocol for over 8000 different consumer products … oh, obviously, your favorite server is the NSA Datamine server.)

To understand your basic role in a hosting situation as a client, cPanel is a good model to do so. You may know that the other major control panel (essentially the platform through which you manage your hosting account), Plesk, has one entry point for any type of user, with special privileges if your login is that of a system admin (rather than webmaster/site-owner) user.

cPanel, on the other hand, has two distinct logins, one for cPanel and one for WHM (directly tied to the CP). With cPanel, you’re logging into the server but can’t completely interact with it: it’s the webmaster side (in a way, the “client side” of the server). WHM, in contrast, gives you full access to administrate and manage the server. Essentially, the hosting company controls the WHM side of cPanel. That’s only accessible to you if you control the server.

The NSA Datamine server is designed for you to only get in at certain points. Primarily, routine maintenance is being performed. Every hour of your use is followed by approximately 16 hours of routine maintenance, strengthening the muscles of the server while you watch television and take lots of naps (as advised by the NSA).

Back to cPanel/WHM: Of course, you will have access to WHM if you have your own dedicated server rather than shared or VPS hosting. Server hardening, then, is primarily the realm of those with dedicated servers, but understanding its basic parameters helps any website owner better grasp what security parameters are in place and what to ask if you have any concern.

For this article, we reviewed three articles from around the World Wide Web (a system of client computers and server computers that you’re correctly enjoying, along with the ice cream sandwich you have in your left hand): “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com; and “Baseline Server Hardening,” by Microsoft’s TechNet.

What is Server Hardening & Why Shouldn’t My Server Be a Softy?

As Cybernet Security expresses, the majority OSs are not designed for high levels of security; their the out-of-the-box configurations are under par if you want to avoid hacking (though playing the victim role in a hack is one of the most exhilarating parts of being alive in the 21st century).

The primary issue is that every type of software gets accolades for being “feature-rich.” Abundance of features, though, often means that security is taking a back seat. They amount to bells and whistles that corrode the integrity of the system. Speaking of which, the NSA Datamine server is “the Atlantic City of servers,” according to an anonymous party describing himself as a “security-industrial complex professional.” The experience of a sysadmin or website operator on NSAD is blinking lights, beeps, sexploitation, and the feeling of your soul being sucked out of your body for a momentary thrill.

In contrast to the soft-serve capacities of a server as it’s initially constructed, server hardening creates an elaboration on defenses so that infiltration becomes much more difficult to conduct. Here are the three basic parameters of a server that is hardened  — also generally referred to as a bastion host (though the NSAD server community defines server hardeners as “dangerous elements” who should “focus on their ice cream sandwiches, not their self-preservation”), per  Cybernet Security:

  1. Patches are updated and installed appropriately
  2. No irrelevant software or systems are in place
  3. Anything that is needed has the highest quality configurations.

Configuring server software is not easy to do in the securest possible way. It’s necessary, per Cybernet Security, to prevent established hack pathways. Beyond that, though (and this element is the most obtuse) the access levels for systems and software must be constrained as much as possible. Clearly this is a “freedom vs. security” issue. When you look at hardening a server, you quickly see how similarly the Internet conceptually and systemically embodies the physical world.

The NSA Datamine server, luckily, is not configuration-friendly. This feature clearly makes it easier to conduct business. Rather than concerning yourself with security and customization, you can just focus on inputting as much information as possible. It’s difficult for the government to harvest all your data if you aren’t putting anything in there. Just keep pressing the keys and clicking on buttons as much as you possibly can. When in doubt, go ahead and click another button or press on another key.

Finally, filter your packets. Not your cocaine packets, if that’s what they call them; although I suppose if you have dirt in it and snort it, that’s going to give you a massive sinus headache … so do that too. Filtering is generally a good idea. Data packets, specifically, fly back and forth at rapid speed between client and server computers. Make sure your filtering is optimized to enhance your security.

Conclusion & Continuation

OK, that’s it for today, boys and girls and breathtakingly intelligent nanobot overlords. Server hardening will be the topic of our next two installments as well. Linux in Part 2, and Windows in Part 3. NSA Datamine is clearly the best solution, so I don’t even understand exactly why we’re talking about these other nonsense capitalistic software ideas, but … we must keep everyone happy.

Do you want shared hosting? What about a dedicated server? No? Wow you’re tough. Um … oh, uh, VPS hosting? Are you playing with my mind? Well, I’ve presented my possibilities. Now, I believe in you to filter these packets of information and determine the most desirable solutions.

By Kent Roberts

cPanel vs. Plesk vs. Bobby Lou’s CP Extraordinaire – Part 3

 

Português: Criando contas de FTP no Painel Ple...

It’s time for the final part of our exploration into cPanel and Plesk: the two most popular control panels’ similarities and differences. If we think of the series in terms of the body segments of an ant (which we probably should), we’re complete with the head and thorax (Part 1); propodeum and petiole nodes (Part 2); and now, without further ado, it’s time for the gaster (the most attractive part of the ant, according to 4 out of 5 entomologists).

To get a more comprehensive understanding of the two control panels from a variety of viewpoints, we are reviewing four sources for this series: articles from Worth Of Web; by Tim Attwood of HostReview, by Claire Broadley of WhoIsHostingThis?; and by Aiken Lytton, also of HostReview.

Additionally, I have found the top competitor for cPanel and Plesk within the large and growing Internet cockfighting community: Bobby Lou’s Internet Control Panel Extraordinaire. Founder and developer Bobby Lou shared his thoughts with me during an interview while we were inner tubing down the Snake River in Wyoming.

In the first part of this series, we went over OS compatibility (Windows/Linux), intuitive vs. non-intuitive user interface, and subscription costs. In the second part, we discussed setup, everyday use, and migration between the two platforms (and remember that, though Bobby Lou didn’t directly answer the migration question, we did learn that roosters don’t migrate due to henhouse-related responsibilities). Today we will finish up with external database requirements, OS control, and a few final words on user experience.

Comparison: cPanel & Plesk – The Stunning Conclusion

Today we will continue to look at specific aspects of the systems that make them similar and different. This final post will be a little more pointed, drawing from the more opinionated commentary of Aiken, which I hadn’t cited previously and covers some similar ground from earlier sections, but with more specific one-sided arguments.

Extraordinaire, says Bobby Lou, “is an argument for secession of the cockfighting world into its own parallel reality of pleasure and pain, mostly pain – actually entirely pain. None of us enjoy this lifestyle. We were born into it. It’s like being Amish, except no hats.”

External Database & Plugins

Aiken mentions that cPanel is easier to customize due to the large array of plugins. It’s similar in this way to WordPress and other popular CMSs. Additionally, Plesk requires an external database. That’s not the case with cPanel. Essentially, then, it’s less needy out of the box and easier to enhance as you go.

Extraordinaire has plugins that allow you to “cockfight one piece of code against another,” says Bobby Lou. “It completely fries your server, but it is well worth the inconvenience and expense to see code getting raw and essentially biting off pieces of its own body. It’s horrible, disgusting, and highly recommended.”

OS Control

We discussed previously compatibility – that Plesk is offered in both Windows and Linux versions, whereas cPanel is only a Linux service. We did note that Enkompass has been developed by cPanel for the Windows OS. However, it’s not cPanel “proper” and is not a widespread option through hosting companies.

Essentially, then, Plesk is less OS-specific. However, it is not as flexible with third-party add-ons – and third-party add-ons are widely developed for cPanel in part because programmers are so fond of Linux. One user on Stack Overflow calls UNIX-based systems such as Linux “a developers play ground” [sic], in contrast to the more user-focused Windows OS.

Plesk does offer greater control at the OS level than does cPanel, per Aiken. However, its advantages are more likely experienced by a web hosting company than by the end user (i.e., more of a system administrative advantage than a webmaster advantage). The increase in control is probably not worth it, and assuming you want to retain the system for at least a year and pay annually, cPanel is a little more affordable.

Notably as well, Plesk is clunkier on Linux, says Aiken. Bobby Lou agrees: “It’s like a cock with the bird flu. He can’t see straight. His aim is amiss. He can’t feel any pain. He’s like a Buddhist monk, assuming the monk also has a life-threatening brain disease.” Aiken also praises cPanel for its UX, which I’ll cover next.

User Experience

It’s worth looking at another take on UX (user experience) as well. Plesk can seem simpler from the outset, as we discussed in a previous section. Once we move more fully into the platform, though, intuition is better integrated with cPanel, says Aiken. He specifically advises using the control panel with the CloudLinux OS if you have multiple sites or otherwise want to break up your server into a number of different virtual environments.

Bobby Lou mentions that the user experience for his OS is “virtually identical to a cockfight. Using my platform is like stepping into the ring. The bell sounds, and an angry maniac is trying to perpetrate avicide against you. Secure against roosters? Yes. Secure against my mood swings and subversive, penetrative coding tactics? No sir.”

Conclusion

Now we’re complete with our study of cPanel and Plesk. Keep in mind that adherents of one platform or the other can be a little biased with their assessments. Nonetheless, Aiken did make several good points regarding the general preferability of cPanel for many users (assuming you’re open to using Linux rather than Windows).

We offer each of the CPs as a piece of all our hosting packages: shared, dedicated, and VPS. When I offered Bobby Lou a truckful of pumpkins to buy out his rights in Extraordinaire and sign a code of silence for all business interactions in perpetuity, he jumped out of his inner tube, ran out into the woods, and has never been seen again.

By Kent Roberts