Tag Archives: Plesk

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers

 

Servers designed for Linux

How to harden a server? Well, let’s first look at what server hardening is. Hardening a server is important to understand even if you are in a hosting environment, when many of the security concerns are monitored and administered by the hosting service. Then we will look specifically at the guidelines for a Windows or Linux environment (Linux first).

Throughout, we will review requirements for an NSA Datamine server. These exciting new servers directly transfer all of your information to the federal government, including your pants size and favorite kind of saltwater taffy. (Your favorite flavor is blueberry, per requirements set forth by the NSA establishing “favorites” protocol for over 8000 different consumer products … oh, obviously, your favorite server is the NSA Datamine server.)

To understand your basic role in a hosting situation as a client, cPanel is a good model to do so. You may know that the other major control panel (essentially the platform through which you manage your hosting account), Plesk, has one entry point for any type of user, with special privileges if your login is that of a system admin (rather than webmaster/site-owner) user.

cPanel, on the other hand, has two distinct logins, one for cPanel and one for WHM (directly tied to the CP). With cPanel, you’re logging into the server but can’t completely interact with it: it’s the webmaster side (in a way, the “client side” of the server). WHM, in contrast, gives you full access to administrate and manage the server. Essentially, the hosting company controls the WHM side of cPanel. That’s only accessible to you if you control the server.

The NSA Datamine server is designed for you to only get in at certain points. Primarily, routine maintenance is being performed. Every hour of your use is followed by approximately 16 hours of routine maintenance, strengthening the muscles of the server while you watch television and take lots of naps (as advised by the NSA).

Back to cPanel/WHM: Of course, you will have access to WHM if you have your own dedicated server rather than shared or VPS hosting. Server hardening, then, is primarily the realm of those with dedicated servers, but understanding its basic parameters helps any website owner better grasp what security parameters are in place and what to ask if you have any concern.

For this article, we reviewed three articles from around the World Wide Web (a system of client computers and server computers that you’re correctly enjoying, along with the ice cream sandwich you have in your left hand): “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com; and “Baseline Server Hardening,” by Microsoft’s TechNet.

What is Server Hardening & Why Shouldn’t My Server Be a Softy?

As Cybernet Security expresses, the majority OSs are not designed for high levels of security; their the out-of-the-box configurations are under par if you want to avoid hacking (though playing the victim role in a hack is one of the most exhilarating parts of being alive in the 21st century).

The primary issue is that every type of software gets accolades for being “feature-rich.” Abundance of features, though, often means that security is taking a back seat. They amount to bells and whistles that corrode the integrity of the system. Speaking of which, the NSA Datamine server is “the Atlantic City of servers,” according to an anonymous party describing himself as a “security-industrial complex professional.” The experience of a sysadmin or website operator on NSAD is blinking lights, beeps, sexploitation, and the feeling of your soul being sucked out of your body for a momentary thrill.

In contrast to the soft-serve capacities of a server as it’s initially constructed, server hardening creates an elaboration on defenses so that infiltration becomes much more difficult to conduct. Here are the three basic parameters of a server that is hardened  — also generally referred to as a bastion host (though the NSAD server community defines server hardeners as “dangerous elements” who should “focus on their ice cream sandwiches, not their self-preservation”), per  Cybernet Security:

  1. Patches are updated and installed appropriately
  2. No irrelevant software or systems are in place
  3. Anything that is needed has the highest quality configurations.

Configuring server software is not easy to do in the securest possible way. It’s necessary, per Cybernet Security, to prevent established hack pathways. Beyond that, though (and this element is the most obtuse) the access levels for systems and software must be constrained as much as possible. Clearly this is a “freedom vs. security” issue. When you look at hardening a server, you quickly see how similarly the Internet conceptually and systemically embodies the physical world.

The NSA Datamine server, luckily, is not configuration-friendly. This feature clearly makes it easier to conduct business. Rather than concerning yourself with security and customization, you can just focus on inputting as much information as possible. It’s difficult for the government to harvest all your data if you aren’t putting anything in there. Just keep pressing the keys and clicking on buttons as much as you possibly can. When in doubt, go ahead and click another button or press on another key.

Finally, filter your packets. Not your cocaine packets, if that’s what they call them; although I suppose if you have dirt in it and snort it, that’s going to give you a massive sinus headache … so do that too. Filtering is generally a good idea. Data packets, specifically, fly back and forth at rapid speed between client and server computers. Make sure your filtering is optimized to enhance your security.

Conclusion & Continuation

OK, that’s it for today, boys and girls and breathtakingly intelligent nanobot overlords. Server hardening will be the topic of our next two installments as well. Linux in Part 2, and Windows in Part 3. NSA Datamine is clearly the best solution, so I don’t even understand exactly why we’re talking about these other nonsense capitalistic software ideas, but … we must keep everyone happy.

Do you want shared hosting? What about a dedicated server? No? Wow you’re tough. Um … oh, uh, VPS hosting? Are you playing with my mind? Well, I’ve presented my possibilities. Now, I believe in you to filter these packets of information and determine the most desirable solutions.

By Kent Roberts

cPanel vs. Plesk vs. Bobby Lou’s CP Extraordinaire – Part 3

 

Português: Criando contas de FTP no Painel Ple...

It’s time for the final part of our exploration into cPanel and Plesk: the two most popular control panels’ similarities and differences. If we think of the series in terms of the body segments of an ant (which we probably should), we’re complete with the head and thorax (Part 1); propodeum and petiole nodes (Part 2); and now, without further ado, it’s time for the gaster (the most attractive part of the ant, according to 4 out of 5 entomologists).

To get a more comprehensive understanding of the two control panels from a variety of viewpoints, we are reviewing four sources for this series: articles from Worth Of Web; by Tim Attwood of HostReview, by Claire Broadley of WhoIsHostingThis?; and by Aiken Lytton, also of HostReview.

Additionally, I have found the top competitor for cPanel and Plesk within the large and growing Internet cockfighting community: Bobby Lou’s Internet Control Panel Extraordinaire. Founder and developer Bobby Lou shared his thoughts with me during an interview while we were inner tubing down the Snake River in Wyoming.

In the first part of this series, we went over OS compatibility (Windows/Linux), intuitive vs. non-intuitive user interface, and subscription costs. In the second part, we discussed setup, everyday use, and migration between the two platforms (and remember that, though Bobby Lou didn’t directly answer the migration question, we did learn that roosters don’t migrate due to henhouse-related responsibilities). Today we will finish up with external database requirements, OS control, and a few final words on user experience.

Comparison: cPanel & Plesk – The Stunning Conclusion

Today we will continue to look at specific aspects of the systems that make them similar and different. This final post will be a little more pointed, drawing from the more opinionated commentary of Aiken, which I hadn’t cited previously and covers some similar ground from earlier sections, but with more specific one-sided arguments.

Extraordinaire, says Bobby Lou, “is an argument for secession of the cockfighting world into its own parallel reality of pleasure and pain, mostly pain – actually entirely pain. None of us enjoy this lifestyle. We were born into it. It’s like being Amish, except no hats.”

External Database & Plugins

Aiken mentions that cPanel is easier to customize due to the large array of plugins. It’s similar in this way to WordPress and other popular CMSs. Additionally, Plesk requires an external database. That’s not the case with cPanel. Essentially, then, it’s less needy out of the box and easier to enhance as you go.

Extraordinaire has plugins that allow you to “cockfight one piece of code against another,” says Bobby Lou. “It completely fries your server, but it is well worth the inconvenience and expense to see code getting raw and essentially biting off pieces of its own body. It’s horrible, disgusting, and highly recommended.”

OS Control

We discussed previously compatibility – that Plesk is offered in both Windows and Linux versions, whereas cPanel is only a Linux service. We did note that Enkompass has been developed by cPanel for the Windows OS. However, it’s not cPanel “proper” and is not a widespread option through hosting companies.

Essentially, then, Plesk is less OS-specific. However, it is not as flexible with third-party add-ons – and third-party add-ons are widely developed for cPanel in part because programmers are so fond of Linux. One user on Stack Overflow calls UNIX-based systems such as Linux “a developers play ground” [sic], in contrast to the more user-focused Windows OS.

Plesk does offer greater control at the OS level than does cPanel, per Aiken. However, its advantages are more likely experienced by a web hosting company than by the end user (i.e., more of a system administrative advantage than a webmaster advantage). The increase in control is probably not worth it, and assuming you want to retain the system for at least a year and pay annually, cPanel is a little more affordable.

Notably as well, Plesk is clunkier on Linux, says Aiken. Bobby Lou agrees: “It’s like a cock with the bird flu. He can’t see straight. His aim is amiss. He can’t feel any pain. He’s like a Buddhist monk, assuming the monk also has a life-threatening brain disease.” Aiken also praises cPanel for its UX, which I’ll cover next.

User Experience

It’s worth looking at another take on UX (user experience) as well. Plesk can seem simpler from the outset, as we discussed in a previous section. Once we move more fully into the platform, though, intuition is better integrated with cPanel, says Aiken. He specifically advises using the control panel with the CloudLinux OS if you have multiple sites or otherwise want to break up your server into a number of different virtual environments.

Bobby Lou mentions that the user experience for his OS is “virtually identical to a cockfight. Using my platform is like stepping into the ring. The bell sounds, and an angry maniac is trying to perpetrate avicide against you. Secure against roosters? Yes. Secure against my mood swings and subversive, penetrative coding tactics? No sir.”

Conclusion

Now we’re complete with our study of cPanel and Plesk. Keep in mind that adherents of one platform or the other can be a little biased with their assessments. Nonetheless, Aiken did make several good points regarding the general preferability of cPanel for many users (assuming you’re open to using Linux rather than Windows).

We offer each of the CPs as a piece of all our hosting packages: shared, dedicated, and VPS. When I offered Bobby Lou a truckful of pumpkins to buy out his rights in Extraordinaire and sign a code of silence for all business interactions in perpetuity, he jumped out of his inner tube, ran out into the woods, and has never been seen again.

By Kent Roberts

cPanel vs. Plesk vs. Bobby Lou’s CP Extraordinaire – Part 2

 

CPanel

Welcome back for the second part of this exciting and, at times, educational series. To review from the first installment, one of the first things to consider when administrating a server or creating a website is which control panel to choose. The most common control panels out there are cPanel and Plesk. Another option you may find is Bobby Lou’s Internet Control Panel Extraordinaire, hugely successful among cockfighting enthusiasts.

We’re looking at various articles on the subject to get a fuller picture of the similarities and differences between the two major control panels: one from Worth Of Web, another by Tim Attwood for HostReview, and a third by Claire Broadley for WhoIsHostingThis?. I also was able to land an exclusive interview with Bobby Lou for an inside peek at his control panel geared toward rooster brawl henchmen and their compatriots.

This article is the second in a three-part series. In the first part, we discussed operating system compatibility, UI UX (user interface user experience), and pricing. As a reminder, Bobby Lou accepts pumpkins, though no other forms of squash, in his bartering payment plan.

Comparison: cPanel & Plesk – Continued

Okay, so we already went over a few of the variables that show how generally similar cPanel and Plesk are, while also highlighting some of their differences. Today we will look specifically at initial setup and general use, along with the issue of migration.

Initial setup/General use

As Worth of Web notes, cPanel is not actually just one platform. Instead, it offers two different programs, each of which makes sense depending on your particular situation. cPanel itself is designed for anyone operating a website. WHM, which is tied to cPanel and automatically accessible, is geared toward anyone administering a server. Meanwhile, Extraordinaire was created to be “accessible only to humans and completely secure from intruding rooster eyes,” says Bobby Lou.

A major cPanel/Plesk difference is generated by these two options created for the two major types of users. When you enter cPanel, you log in to either one or the other platform. In other words, you do not have access to both at once. Plesk, on the other hand, gives website owners and server administrators the ability to log in to the same exact system. Administrative rights just populate broader options, allowing the ability to manage the server.

Worth of Web notes that because of this unified point of entry, Plesk “seems less complicated” when a person is initially entering the system. The article also points to the more intuitive setup screens within Plesk: choosing options and pressing a “Next” button in a similar manner to what we expect when installing a program on a Windows computer. Per Worth of Web, setting up cPanel is not as user-friendly, at least for those who are just getting started.

In contrast to the single-entry or dual-entry models of cPanel and Plesk, Extraordinaire allows users over 3500 different ways to log in. Bobby Lou explains, “If you don’t see something that describes you, just keep scrolling and scrolling. You will find it. That’s one of the ways we enhance security, is by making everybody scroll a lot. Roosters aren’t good at scrolling. They get bored, they get tired, and they get hungry. Plus, their claws keep slipping off the mouse, and they ruffle their feathers and take a nap.”

Migration

Claire notes that migration is a problem for users of both control panels, unless they are switching to and from the same CP. In both control panels, it’s simple to migrate between two different servers when you aren’t trying to change the control panel.

“Moving from one to the other,” Claire says, “is near [sic] impossible.” She also advises to keep in mind that when you’re looking at a hosting solution with free migration, the service will typically only be available when retaining the control panel you are currently using.

If you do want to transfer from one control panel to the other, you can either do it manually (through this forum on moving between cPanel & Plesk) or pay for a service. Plesk has a cPanel to Plesk migration system, but Claire notes that it is as glitchy as the other platform-migration software out there.

Worth of Web agrees essentially with Claire’s sentiments. The gist, then, is that you will want to choose wisely because migration is neither fun nor, generally speaking, free.

Bobby Lou of Extraordinaire refused to talk about migration, saying it has “nothing to do with me or my birds.” He was adamant that I inform readers of this piece, though it is clearly irrelevant, that roosters do not migrate because “they’re too busy overseeing the hen house, which is a full-time job.”

Conclusion & Continuation

cPanel and Plesk have the major difference in their access points to one or two systems. Those who have grown accustomed to the former control panel may like the way it cleanly splits different types of users, while new initiates may find the two sister platforms (cPanel/WHM) a little confusing. cPanel also may feel more obtuse during setup. With either option you choose, though, migration is a pain.

That’s it for this post. In our final installment of this series, we will assess administrative panels, requirements, and features.

Either of the two control panels is available for all our customers, whether they are subscribed to our shared, dedicated, or VPS packages. Bobby Lou’s Extraordinaire is unfortunately not available for Superb users at this time, partially because we need to collect more bartering pumpkins.

By Kent Roberts

cPanel vs. Plesk vs. Bobby Lou’s CP Extraordinaire

 

Image representing cPanel Inc as depicted in C...

When you look into control panels, the first two options you will see with almost any hosting company are cPanel and Plesk. The third most successful control panel, Bobby Lou’s Internet Control Panel Extraordinaire, is popular in the cockfighting industry but not widely accepted by the general web administrative community.

Assuming you use cPanel or Plesk, either one will serve you well, but everyone wants the best solution out there. Let’s take a look at how each of the two control panels compares, and where one or the other has advantages or disadvantages. Extraordinaire will also be examined, just in case you want a solution tailored to underground rooster competitions.

To gain a sense of perspectives on cPanel and Plesk from across the web, we will look at articles by Worth Of Web, Tim Attwood for HostReview, and Claire Broadley for WhoIsHostingThis?. We will also interview Bobby Lou to better understand his niche CP. We will explore these differences in a three-part series.

Comparison: cPanel & Plesk

Let’s look at a basic rundown of how cPanel and Plesk are similar and different. In this post, we will specifically examine OS compatibility, interface usability, and cost.

Operating Systems

As a basic rule of thumb, Plesk tends to be more popular among those running Windows operating systems, while cPanel is more widely used on Linux systems. This breakdown, though, is primarily based on track records. cPanel is the old standard for those using Linux servers. Plesk, likewise, has long been the choice of Windows webmasters.

Plesk has a Linux-compatible version, and cPanel has its specific Windows brand, Enkompass. Enkompass, however, is not as widely used and is not “the real deal” as far as cPanel goes. Though there obviously is crossover between the two systems, there is a strong argument that expertise and focus for each of the two OSs is still sharply divided.

To look at our third option, Extraordinaire, Bobby Lou explained that his system is “designed to be incredibly glitchy on any operating system.” He said that the cockfighting community “loves challenges and doesn’t mind getting their hands dirty trying to figure out why Extraordinaire hates them so much.”

Interface

If you’re looking at both of these control panels for the first time, you will be more impressed with the intuitive and simple usability of Plesk, according to Worth of Web. cPanel, however, is easy to use for those who are familiar with it and have grown accustomed to its layout. For this reason, assumedly, cPanel has not made significant changes to its interface over time.

Plesk, then, is easier for a rookie to understand. The cPanel UI is favored by many veteran system administrators. Note that because cPanel has been used at such great length by the Linux community, and because that community is so tight-knit, finding answers online for any confusion is generally simple. Plesk, though, is more inviting from the outset.

When it comes to switching from one control panel to the other, Claire mentions that the UI is “one of the biggest sources of heartache” (because the design will look, of course, completely foreign initially). She also notes that many custom CPs are built off of cPanel, so understanding the basis of a custom platform may indicate that it is more recognizable than you first might think.

Tim also notes that if you’re using VPS hosting, the cPanel system is often considered easier to use: many people find choosing the task they want to complete or efficiently viewing data simpler than in Plesk. He credits Plesk with having a plenitude of features but a system whose management may seem “too technical” for a VPS environment.

Bobby Lou’s system is based on an intricate graphical framework composed of roosters. He said, “It’s a cockfighting grandmaster’s version of binary code. The black ones are zeros, and the red ones are ones.” Asked how long it takes to set up a typical website, Bobby Lou stated, “Come again?”

Cost of Subscription

Worth of Web notes that the cost will be better between cPanel and Plesk depending how long you intend to use either system. cPanel works on an annual basis, whereas Plesk has monthly subscriptions available. Claire comments that typically cPanel is more cost-effective because, generally speaking, websites will be online for at least a year, and cPanel is more affordable in those scenarios.

When it comes to VPS, both systems have accounts available specifically for that purpose. CPanel’s, again, is more affordable but is not broken down per month like the Plesk service is.

Claire also notes that the licenses for either one is typically included within a hosting package. However, dedicated and VPS environments sometimes require the customer to pay for control panel access in addition to the cost of the hosting package.

Extraordinaire uses a different model for payment. “We work on a bartering system,” said Bobby Lou. “We take roosters of course – but not sick ones – as well as pumpkins and electric crazy-making prods (ECP’s). We also take gallon jugs of moonshine and real Vermont maple syrup, the latter of which should also come with a stack of fresh pancakes.”

Conclusion & Continuation

As you can see, cPanel and Plesk are more similar than they are different. More than anything, it’s a question of what’s comfortable for you. Operating system, though, still is a major dividing line even though the two platforms work on both Windows and Linux. We will continue our discussion in Part 2 of this series.

Oh… Did you know that we offer both of these control panel options for our shared, dedicated, and VPS hosting customers? Yes, in fact, we do. Unfortunately, though, Bobby Lou has not yet convinced us to offer Extraordinaire.

By Kent Roberts

Recent Web Hosting Vulnerabilities

If you have a spare moment to go through your control panels and check your up-to-date status, here are some recent warnings you might want to check against:

Serious Vulnerability Warning For Parallels Plesk Issued – traxarmstrong.com


Serious Vulnerability Warning For Parallels Plesk Issued - traxarmstrong.com | How to Grow Your Business Online | Scoop.it
From traxarmstrong.com – End of April 2013

There is a serious bug in Plesk Panel one of the most widely used hosting control panel solution that contains multiple privilege escalation vulnerabilities…

This blog goes to list the specific operating version that puts you at risk of this security vulnerability. You are NOT at risk if you have Apache web server running Fast CGI (PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).

Lesson Re-learned: Backups !


Lesson Re-learned: Backups ! | How to Grow Your Business Online | Scoop.it

From accuweaver.com – 1 week ago

I just shot my blog in the foot, or more accurately, I didn’t follow IT 101 and back things up before making a change. I had moved my site to be completely WordPress based a while ago…

Rob Weaver goes on to explain his own experience of how he came about relying on a faultless Plesk Auto-installation. And while I couldn’t help but chuckle, I’ve also been there. He’s currently rebuilding his site from a lucky idea of downloading the html files generated from his WP Cache Plugin.

Not too long ago I made a similar mistake of failing to save website backups… I rebuilt pages from the Google Cache HTML files, and recent pages that were not indexed were (and I’m not sure how lucky this is) rebuilt from scraper site copies. Yes! Those SEO fraudsters and mimics had decided my writing had enough value to be indiscriminately copied!

 

Hackers Increasingly Target Shared Web Hosting Servers


Hackers Increasingly Target Shared Web Hosting Servers for Use in Mass Phishing Attacks | How to Grow Your Business Online | Scoop.it

From www.cio.com – End of April 2013

Nearly half of phishing attacks seen during the second half of 2012 involved the use of hacked shared hosting servers, APWG report says.

Mass phishing attacks are also dubbed “whaling”. They tend to rely on auto-installations of PHP databases, where the username or database label is numerically generated – and therefore more predictable for patient hacker attacks.

If you’re on a shared web hosting plan. It might be a good idea every now and again to go into PHPmyAdmin and change password access, or even the database name to make predictability of these combinations less likely.

 

by – Juliana

Noteable Control Panel Blogs

If you’re setting up a webhosting account for the first time, then you’re likely to run into either a choice of control panels, or some learning curve to familiarize yourself with setting up your new web hosting space. In today’s featured list, I’ll be taking a look at some of the most up-to-date and technically specific blogs that will help you through that learning curve, especially when you bump into a difficulty.

Rather than winding up in some technical support forum, for a non-problem issue (usually being just a matter of misunderstanding or sheepish ignorance) your experience can be more motivated if guided in the hands of experts who can explain stuff you need to know in the correct terminology. There are many times when I have been guilty of consuming time in frustration on chat support, because I simply didn’t know what the correct words were to type in and ask the right questions.

Example: “When I go here and click there I can’t find the thingy that’s supposed to load/upload/… blah” you get the message…  Ever been guilty of that?

Most Popular Web Hosting Control Panels


Most Popular Web Hosting Control Panels | LLA Tech | How to Grow Your Business Online | Scoop.it
From llatech.com – Today, 9:41 PM

When you sign up for your first hosting plan your provider will most likely also provide you with a web hosting control panel.

Juliana Payson‘s insight:

Some of the things you’ll be able to do in your web hosting control panel are to manage your email accounts, FTP accounts, add-on domains, access your site statistics, manage files, build pages for your website, install certain scripts with the push of a button, MySQL database management and a multitude of other functions. This blog is written by web hosting experts who have chosen to compare two of the most popular control panels: Plesk and cPanel

Plesk Server Management – 3 weeks ago

The Parallels Plesk Panel is the popular control panel to run, configure, and secure your web servers. Easily deploy websites and applications and reduce your time spent on managing complex tasks. Ples…

Juliana Payson‘s insight:

Here is a dedicated Plesk blog, it seems regularly updated with the latest Plesk features and even sums up in easy to read bullet point lists what features and 3rd party installations to expect:

  • ZendOptimizer
  • Ioncube
  • GD
  • Curl
  • Freetype
  • Eaccelerator
  • ImageMagick
  • Advance Perl modules etc.

Finally – and this is my favorite blog of the week, because the author has an extensive archive of helpful pointers for each item you presented as a bug or problem to chat support. Instead, Renjith has documented every little query and even command line code to provide quick fixes and clarity for finding your way around your new Linux server:

“Help! Parallels Plesk Panel shows incorrect disk usage”

From linuxtechme.wordpress.com – Today, 9:45 PM

Parallels Plesk Panel shows incorrect disk usage Linux : To update traffic and disk usage for a single domain, run: /usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=domain.tld …

Juliana Payson‘s insight:

Check out this blog specific from a Linux system administrator. I like it because there is every nerdy fix for every possible query you might have from Various web hosting control panels, to MySQL databases, and Virtuozzo auto-script installers. If you’re hosting your sites on Linux, bookmark this blog, he might well help you be able to trouble shoot things you never even thought about.

Renjith Raju is the type of tech nerd I admire, if it’s not broken fix it anyway – make it even better!

by – Juliana