Friday, September 26, 2014

Shellshock Update

As of September 26th, 2014, all OCS servers are patched against the Shellshock Bash bug.  All servers managed by OCS have been updated as well. 

If you host a Linux server with us and we do not manage your server, please run the following commands:

Debian / Ubuntu

apt-get update
apt-get upgrade

CentOS

yum update

This is a serious vulnerability.  If you have any questions about this, please contact us.

Tuesday, August 5, 2014

Network Maintenance - August 5th, 2014

We will be performing urgent network maintenance during a window beginning August 5th, at 11 PM CDT for a period of up to 5 hours.  We do not expect any significant disruption to service during this time, but there may be some momentary packet loss to some routes while we make adjustments.

Wednesday, July 30, 2014

Network Maintenance - August 3rd, 2014

Some of our customers will experience minor disruptions to network traffic in the early morning of August 3rd, 2014.  This maintenance cycle will start at 1 AM CDT and should finished by 5 AM CDT.  During this time, several brief (up to 5 minute disruptions) interruptions may occur.  We apologize for any inconvenience and appreciate your patience.

Monday, June 16, 2014

Urgent Server Maintenance - Aquarius Shared Hosting Server

We will be upgrading Aquarius this evening to increase performance on this server.  This upgrade will require two reboots - the first of which being very brief (less than 5 minutes), and the second involving about an hour of downtime.  We will perform the first reboot around 8 PM CDT today, then the second will be after 11 PM CDT.  We will announce the details as they occur on our Twitter feed.

Wednesday, April 23, 2014

Emergency Server Maintenance on Shared cPanel Server Gemini

At 11 PM CST this evening we will be bringing Gemini down for emergency maintenance.  We expect the server to be down for up to 2 hours while we replace hardware.

Monday, March 10, 2014

OCS Newsletter - New Site, DDoS, and WordPress Hacks

Welcome to the First OCS Newsletter!

We're delighted to finally publish our first official OCS Solutions newsletter!  It's a bit embarrassing being in business for over 17 years and never having done so. However, we plan to start sending newsletters two to three times a month to keep you up to date on what's going on with OCS!

If you're reading this on the web and haven't subscribed yet, please take a moment to do so by going to our website and filling the subscription form at the very bottom of the page.
OCS Solutions
Our New Website

Speaking of our website, we have an exciting announcement.  We are proud to introduce our new responsive (i.e. mobile friendly) website!

I can tell you that the old adage of the shoemaker's children not having any shoes is completely true.  Our customers come first, and our website languished for years without an overhaul.

If you haven't had a chance to see it yet, please check it out.  Keep in mind that there is a bit of dust that still has yet to settle from the redesign, so you might find the odd link that goes to a page with the old theme.  We're working on it!
Image
DDoS Attacks and WordPress / Joomla Hacks

As some of you may know, last week was quite a busy week for us.  Aquarius, one of the servers on our shared web hosting systems, suffered a substantial DDoS attack spread out over several days.  We had a repeat performance today on Taurus, another cPanel shared web hosting server.  Fortunately we were able to thwart both attacks.  Total downtime was less than 2 hours combined. 

While we're proud of the fact that we have been able to weather the DDoS storm with minimal downtime, we strive for 100% uptime, so we were disappointed we weren't able to meet that expectation.  To that end, we have deployed a substantial array of both software and hardware solutions to help prevent future attacks.  The downside: we might get some false positives while we help work out the kinks.

For example, if you have too many authentication failures with an e-mail account, or try more than 5 times to login to your cPanel account and fail, you may be temporarily blocked for up to 5 minutes.  While this block will be lifted automatically, a quick call or e-mail to us will sort this out.  We'll also whitelist your IP to help prevent that from occurring in the future.  While we know this can be inconvenient, this kind of protection is essential to protecting your account.

Regarding WordPress and Joomla hacks, we have seen a sharp increase in the number of compromised WordPress and Joomla sites over the past few weeks. In every case, this was a completely avoidable situation.  If you follow these guidelines, you will significantly lower your risk of being hacked:

  • Make sure your WordPress or Joomla site is kept up to date.  Failure to do so will result in your site being hacked.  Additionally, if we discover your site hasn't been kept up to date, we may suspend it until you can update it to protect your account and the stability of the server.
  • Make sure all plugins and themes used in your site are up to date as well. Old plugins and themes are a common attack vector.
  • Check your WordPress or Joomla site regularly for unauthorized users that may have been created.
  • Make certain you have strong passwords protecting both your WordPress/Joomla site admin and your cPanel/FTP/SSH account.  A good strong password has at least 12 characters and uses mixed case and numbers.  Do not re-use the same password that you use on other sites.
  • Consider using a password management program like KeePass,1Password, or LastPass, to protect your passwords and generate unique, strong passwords for each service you use.
  • Keep your anti-virus and anti-malware software on your computer up to date.  Just because you use a Mac or Linux doesn't mean you're immune - it is important to stay up to date with the latest threats and ensure your browser is set to automatically update when a security release is issued.
Failure to do these things puts you and your site at risk.  If you haven't updated your WordPress/Joomla site in over a month, or ever, immediately take care of this.  If you don't know how to do this yourself and don't have a webmaster to take care of this for you, contact us and we'll help.

Staying in Touch

Your subscription to this newsletter will help you stay in touch with us.  But for critical events, we update our Twitter account quite frequently.  You can follow us there during urgent situations:
https://twitter.com/ocssolutions
Of course, we're always reachable via phone at 256-764-4035, via e-mail atsupport@ocstech.com, or on the web.

Thank You!

We appreciate your business.  If there is anything we can do for you, let us know. We're always here to help!

Warm Regards,
Robert W. Oliver IICEO, OCS Solutions, Inc.Web Hosting, Design, and Internet Consulting


Thursday, January 2, 2014

Update on DoS Attacks / WordPress Issues

Over the past few days we have suffered some sophisticated DoS attacks.  While we have been able to successfully mitigate against them, we also saw, in the process, some WordPress sites hacked with brute-force attacks and known exploits.  While this affected only a small percentage of our customers, we feel it necessary to explain both how we are preventing the attacks and ways you can make sure that your WordPress site stays hack-free.

First, we are preventing the attacks via a series of filters and automatic scripts that interact with our firewall to block abusive traffic.  The filters are based around mod_security, and include rules to prevent SQL-injection attacks, common script exploits, and blocks abusive patterns of traffic.  Our automatic firewall scripts block users who are attempting to log in to a WordPress site too often, attempting to send highly unusual amounts of traffic to our server, or who are making too many connections in a very short period of time.

Unfortunately some users may be caught by these firewalls.  We've had them in place, but have strengthened them in recent days to keep up with the latest series of attacks.  They are working well, but we have seen a few false positives.  If, while using your site, you are suddenly locked out, please contact us.

As for WordPress, you must keep your site up to date.  Since WordPress is popular, it is a frequent target for hackers.  In addition to ensuring that WordPress is kept up to date, you must also make sure that your plugin and themes are updated.  We see more sites hacked via out of date plugins than we do WordPress itself.

We hope that this post has been informative.  Rest assured our focus has always been on security and reliability, and we are working tirelessly to ensure that your sites are safe, secure, and performing at top-notch speed!