goHost

Call: 1-866-464-6781 Subscribe to our RSS feed

2012: New Year and New Things

Happy New Year!

It is a bit cliche but we can’t help it. All of us at goHost are excited about 2012! We worked hard behind the scenes in 2011 laying the ground work for some new things we have in store this year.

In the coming weeks expect to see a number of new services, upgrades, and enhancements to our existing services. We have a lot of things in the pipeline and will be rolling out changes slowly at first. Many of the new services will be focused on helping all our customers get and stay secure in the cloud.

As we grow our service offerings, please share with us your thoughts, concerns or even any ideas.

Thank you all for your support and we look forward to working with you in 2012.

Leave a comment (None so far)

Posted in: goHost

By Robert Moses on January 5, 2012 at 8:51 am

HashDoS Web Scripting Vulnerability

Security Reasearchers have discovered a long standing vulnerabilty in many popular web application languages that can lead to a denial of service (DoS) attack. Most programing languages including PHP, Java, Python and ASP.NET are vulnerable to this HashDos vulnerabltily.

A denial-of-service attack (DoS) overloads the server with multiple requests, effectively making it unable to serve a website to new visitors. Usually such an attack strong enough to overwhelm a server requires a lot of horsepower on the attacker’s side. This vulnerability however makes things significantly easier for an attacker.

Microsoft has released an emergency/out-of-band update (KB2659883 and MS11-100) to mitigate this issue in ASP.NET and .NET Frameworks.

All our Windows Server systems have already been patched with MS11-100.

Researchers recently presented their research at the 28c3 Security Conference. The specific details relate to hashing algorithms and managing hash collisions. A specially crafted request can force a website to consume all CPU resources in an effort to resolve and manage the hash collisons. The net effect of this increased CPU load can lead to a DoS on the website.

Without fixing the core hashing algorithims and functions there are a number of workarounds that can be used to mitigate the impact of the HashDos vulnerability.

  • Reduce the length/size of HTTP parameters that can send via POST.
  • Reduce the number of HTTP parameters accepted by the web application framework.
  • Limit the amount of CPU time that any given thread is allowed to run.

These workarounds may negatively impact the operations of your web application and should be reviewed and tested before being deployed into a production enviroment.

References and further reading:

  • http://en.wikipedia.org/wiki/Denial-of-service_attack
  • http://en.wikipedia.org/wiki/Hash_collision
  • http://technet.microsoft.com/en-us/security/advisory/2659883
  • http://technet.microsoft.com/en-us/security/bulletin/ms11-100
  • http://blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx
  • http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx

Leave a comment (None so far)

Posted in: Best Practices

By Robert Moses on December 29, 2011 at 4:49 pm

Robert Moses featured in Web Application Security Virtual Conference

goHost Director of Technology Robert Moses will be a panel member in a Web Application Security Virtual Conference hosted by Applicure on December 7th.

Details: On December 7th Applicure Technologies will host a Virtual Conference which includes a panel of security experts and Web hosting market leaders. The panel will feature in-depth discussion of defense techniques for the most common attacks and security vulnerabilities as well as methods to increase revenue while reducing support costs.

Read more about our Web Application Firewall service.

Leave a comment (None so far)

Tagged with: , , ,

Posted in: goHost

By Robert Moses on December 1, 2011 at 11:19 am

Now Available: Parallels Plesk Panel 10.4

Parallels Plesk Panel 10.4 is now available with any dedicated server or virtual server plan.

Parallels Plesk Panel Boxshot

This updated version of Plesk includes a number of new features and many performance improvements including:

  • New! Configurable PHP settings
  • New! Support for Web Deploy and Web Matrix
  • New! Control over Apache Modules
  • New! Quick Preview of websites
  • New! Mobile Server Monitor and Mobile Server Manager

You can read more about the features of Plesk 10.4 or contact us to get Plesk 10.4 today.

Leave a comment (None so far)

Posted in: Products

By Robert Moses on November 30, 2011 at 12:02 pm

dotDefender 4 Web Application Firewall Is Now Available

We have partnered with Applicure to offer the new version of web application firewall (WAF) to our customers – dotDefender 4.

dotDefender is an advanced, customizable software web application firewall that provides protection against malicious attacks and website defacements.

Read more →

Leave a comment (None so far)

Tagged with: , ,

Posted in: Products

By Robert Moses on September 16, 2011 at 2:24 pm

Reasons to Stay Up to Date

One of the greatest things about the Internet is the incredible amount of innovation that occurs on an almost daily basis. New or improved products, software and services are released all the time. Improvements and updates are sometimes major releases and sometimes small but important fixes to resolve bugs or security issues. It can be challenge to keep up with all these updates and changes but in the end it is usually more costly, complicated, and risky to not stay current and keep pace. Put simply: You must stay current because falling behind is far more expensive, risky and problematic than updating.

If you don’t update…

Read more →

Leave a comment (None so far)

Posted in: Best Practices

By Robert Moses on August 30, 2011 at 11:07 am

DC2: Advisory: Hurricane Irene: 2011-08-27

As you would expect, our site operations personnel in cooperation with our Equinix IBX facility partners have taken additional precautionary measures to guard against interruption of customer services due to the approaching hurricane. We do not expect any service disruptions but have prepared this advisory to answer questions and provide information.

Please read the full advisory post for more information.

Update: As of 08/28/2011, DC2 is under normal operation and no incidents were detected or reported during Hurricane Irene.

Leave a comment (None so far)

Tagged with: , , ,

Posted in: Status

By Robert Moses on August 27, 2011 at 10:12 am

Internet: Serious Business, Serious Security

Internet security (or lack thereof) has had its share of press in the recent weeks. We have seen the large scale breach of Sony’s PlayStation Network service by hackers, the websites of organizations like PBS and the CIA attacked by the LulzSec group and the data breach of Citigroup are just some examples. All these events serve as a sobering reminder that in today’s Internet it is not a question of if you will eventually get hacked, but when.

Read more →

Leave a comment (None so far)

Posted in: Best Practices

By Robert Moses on July 6, 2011 at 3:04 pm

Site Monitoring and Alerting with Google Webmaster Tools

Recently a friend contacted me with a now common but always anxiety-producing problem: “Help! One of my websites has been hacked!” I helped him begin the usual clean up processes: We looked at the site and found some hidden malware scripts, removed them, restored the site from a backup and updated an out-of-date script (with a known vulnerability) and rotated all the passwords.

After the dust settled we talked about the incident; I wanted to make sure that my friend would take steps to avoid or minimize the risk of this happening again. After talking with him I realized that he hadn’t visited this site in at least 2 weeks, and it appeared the site was hacked and remained hacked for almost as long!

Read more →

Leave a comment (None so far)

Tagged with: ,

Posted in: Best Practices

By Robert Moses on July 1, 2011 at 3:41 pm