Wednesday, July 30, 2014

Network Maintenance - August 3rd, 2014

Some of our customers will experience minor disruptions to network traffic in the early morning of August 3rd, 2014.  This maintenance cycle will start at 1 AM CDT and should finished by 5 AM CDT.  During this time, several brief (up to 5 minute disruptions) interruptions may occur.  We apologize for any inconvenience and appreciate your patience.

Monday, June 16, 2014

Urgent Server Maintenance - Aquarius Shared Hosting Server

We will be upgrading Aquarius this evening to increase performance on this server.  This upgrade will require two reboots - the first of which being very brief (less than 5 minutes), and the second involving about an hour of downtime.  We will perform the first reboot around 8 PM CDT today, then the second will be after 11 PM CDT.  We will announce the details as they occur on our Twitter feed.

Wednesday, April 23, 2014

Emergency Server Maintenance on Shared cPanel Server Gemini

At 11 PM CST this evening we will be bringing Gemini down for emergency maintenance.  We expect the server to be down for up to 2 hours while we replace hardware.

Monday, March 10, 2014

OCS Newsletter - New Site, DDoS, and WordPress Hacks

Welcome to the First OCS Newsletter!

We're delighted to finally publish our first official OCS Solutions newsletter!  It's a bit embarrassing being in business for over 17 years and never having done so. However, we plan to start sending newsletters two to three times a month to keep you up to date on what's going on with OCS!

If you're reading this on the web and haven't subscribed yet, please take a moment to do so by going to our website and filling the subscription form at the very bottom of the page.
OCS Solutions
Our New Website

Speaking of our website, we have an exciting announcement.  We are proud to introduce our new responsive (i.e. mobile friendly) website!

I can tell you that the old adage of the shoemaker's children not having any shoes is completely true.  Our customers come first, and our website languished for years without an overhaul.

If you haven't had a chance to see it yet, please check it out.  Keep in mind that there is a bit of dust that still has yet to settle from the redesign, so you might find the odd link that goes to a page with the old theme.  We're working on it!
Image
DDoS Attacks and WordPress / Joomla Hacks

As some of you may know, last week was quite a busy week for us.  Aquarius, one of the servers on our shared web hosting systems, suffered a substantial DDoS attack spread out over several days.  We had a repeat performance today on Taurus, another cPanel shared web hosting server.  Fortunately we were able to thwart both attacks.  Total downtime was less than 2 hours combined. 

While we're proud of the fact that we have been able to weather the DDoS storm with minimal downtime, we strive for 100% uptime, so we were disappointed we weren't able to meet that expectation.  To that end, we have deployed a substantial array of both software and hardware solutions to help prevent future attacks.  The downside: we might get some false positives while we help work out the kinks.

For example, if you have too many authentication failures with an e-mail account, or try more than 5 times to login to your cPanel account and fail, you may be temporarily blocked for up to 5 minutes.  While this block will be lifted automatically, a quick call or e-mail to us will sort this out.  We'll also whitelist your IP to help prevent that from occurring in the future.  While we know this can be inconvenient, this kind of protection is essential to protecting your account.

Regarding WordPress and Joomla hacks, we have seen a sharp increase in the number of compromised WordPress and Joomla sites over the past few weeks. In every case, this was a completely avoidable situation.  If you follow these guidelines, you will significantly lower your risk of being hacked:

  • Make sure your WordPress or Joomla site is kept up to date.  Failure to do so will result in your site being hacked.  Additionally, if we discover your site hasn't been kept up to date, we may suspend it until you can update it to protect your account and the stability of the server.
  • Make sure all plugins and themes used in your site are up to date as well. Old plugins and themes are a common attack vector.
  • Check your WordPress or Joomla site regularly for unauthorized users that may have been created.
  • Make certain you have strong passwords protecting both your WordPress/Joomla site admin and your cPanel/FTP/SSH account.  A good strong password has at least 12 characters and uses mixed case and numbers.  Do not re-use the same password that you use on other sites.
  • Consider using a password management program like KeePass,1Password, or LastPass, to protect your passwords and generate unique, strong passwords for each service you use.
  • Keep your anti-virus and anti-malware software on your computer up to date.  Just because you use a Mac or Linux doesn't mean you're immune - it is important to stay up to date with the latest threats and ensure your browser is set to automatically update when a security release is issued.
Failure to do these things puts you and your site at risk.  If you haven't updated your WordPress/Joomla site in over a month, or ever, immediately take care of this.  If you don't know how to do this yourself and don't have a webmaster to take care of this for you, contact us and we'll help.

Staying in Touch

Your subscription to this newsletter will help you stay in touch with us.  But for critical events, we update our Twitter account quite frequently.  You can follow us there during urgent situations:
https://twitter.com/ocssolutions
Of course, we're always reachable via phone at 256-764-4035, via e-mail atsupport@ocstech.com, or on the web.

Thank You!

We appreciate your business.  If there is anything we can do for you, let us know. We're always here to help!

Warm Regards,
Robert W. Oliver IICEO, OCS Solutions, Inc.Web Hosting, Design, and Internet Consulting


Thursday, January 2, 2014

Update on DoS Attacks / WordPress Issues

Over the past few days we have suffered some sophisticated DoS attacks.  While we have been able to successfully mitigate against them, we also saw, in the process, some WordPress sites hacked with brute-force attacks and known exploits.  While this affected only a small percentage of our customers, we feel it necessary to explain both how we are preventing the attacks and ways you can make sure that your WordPress site stays hack-free.

First, we are preventing the attacks via a series of filters and automatic scripts that interact with our firewall to block abusive traffic.  The filters are based around mod_security, and include rules to prevent SQL-injection attacks, common script exploits, and blocks abusive patterns of traffic.  Our automatic firewall scripts block users who are attempting to log in to a WordPress site too often, attempting to send highly unusual amounts of traffic to our server, or who are making too many connections in a very short period of time.

Unfortunately some users may be caught by these firewalls.  We've had them in place, but have strengthened them in recent days to keep up with the latest series of attacks.  They are working well, but we have seen a few false positives.  If, while using your site, you are suddenly locked out, please contact us.

As for WordPress, you must keep your site up to date.  Since WordPress is popular, it is a frequent target for hackers.  In addition to ensuring that WordPress is kept up to date, you must also make sure that your plugin and themes are updated.  We see more sites hacked via out of date plugins than we do WordPress itself.

We hope that this post has been informative.  Rest assured our focus has always been on security and reliability, and we are working tirelessly to ensure that your sites are safe, secure, and performing at top-notch speed!

Friday, December 6, 2013

VDS Network Maintenance - December 7th, 2013

On December 7th, 2013, at 10 PM CST, we will be performing some network maintenance on one of our VDS networks.  We do not anticipate any downtime, but there may be a brief period of increased latency during a 2 hour window.  Only a small portion of our VDS customers will be affected by this.

Tuesday, December 3, 2013

PHP and MySQL Upgrades

During the month of December, 2013, on all of our cPanel shared hosting servers, we will be upgrading MySQL and PHP to maintain security and increase performance.  We will be upgrading PHP to version 5.4, and MySQL to version 5.5.  These are fully supported versions by the PHP and MySQL developers, and moving to these versions ensures that we'll continue to receive security updates.  It is simply unsafe to continue using anything lower after December 31st, 2013, when these previous versions become end of life.

The upgrade will not affect the vast majority of our customers.  Customers running WordPress will encounter no issues whatsoever.  We have also tested many other popular PHP scripts, such as Drupal and Gallery, and found no issues.  We encourage all customers to keep their PHP scripts up to date to avoid any compatibility issues, and ensure the highest level of security.

Some customers with old code may be affected by this change.  While we anticipate issues will be minor, we cannot rule out that you may have to either upgrade your scripts or change your code to support this change. It is very important that you check to see if your code is compatible with these new versions.  If you are running custom PHP code and fail to check on this as soon as possible, you may experience issues if your code isn't compatible.

We do not expect any downtime during these upgrades.

PHP and MySQL Upgrade Frequently Asked Questions

Q - Will I have to do anything?

Probably not.  This change will only affect a small percentage of our customers.  We estimate less than 2% of our customers are running PHP code on their site that will be affected by this upgrade.

Q - OCS developed my website.  Will I have to do anything?

If your site was developed after 2010, you probably won't have to do anything.  Previous sites that use PHP may be affected.  If so, we will contact you to determine how to proceed.

Q - If I run WordPress, am I affected?

No, we have not found any issues with WordPress.

Q - I'm using Ruby on Rails - will there be any issues?

We do not anticipate any issues with Ruby on Rails and the MySQL upgrade.  The mysql and mysql2 gems will be upgraded along with the MySQL upgrade, and your site should continue to use your database as it normally does.

Q - What exact date is this change going to take place?

Since we have many shared hosting servers, the upgrades will take place over the month of December.  If you need the date that your specific server will be upgraded, please contact us.

Q - Can you not continue to use the older versions?

Because security is our top priority, this is not possible.  Anything lower than PHP 5.4 is going end of life at the end of the year, meaning any security issues or bugs found in PHP past that point won't be fixed.  A similar situation is happening with MySQL versions below 5.5.  Upgrading to PHP 5.4 and MySQL 5.5 will fix this issue.

Q - I have a dedicated server or VDS - will I be affected?

No, not in this upgrade.  However, if you have a managed server or VDS, we will be contacting you separately to arrange for an upgrade.

If you have additional questions, please feel free to contact us.