Blogs on detail technical administration tasks related to cloud hosted virtual private servers with Linux or Windows operating systems

Website Not Secure? Step Closer to Secure Web

As you know Google has started an initiative to enhance connection security; Google is encouraging – some might say forcing- website owners to secure their blog or website by installing SSL certificate.  In October 2017 Google Chrome started showing “Not Secure” warning when visitors enter data on an HTTP page or if visiting HTTP page in private mode. In July 2018 Google launched the next phase, by shows “Not Secure” warning when visiting all HTTP sites through chrome. In this post, we will cover the basics and your options.

 

What is an SSL? Why move to HTTPS? What are the benefits?

In a nutshell, SSL certificate enables secure communication over the internet by encrypting the data such as your password or credit card information which is being transmitted between your computers and the server. When visiting a website or blog that is secured by SSL certificate you will see a padlock icon or green bar on the left side of your URL bar.

Moving from HTTP to HTTPS helps you with organic search ranking, in 2014 Google published a blog – HTTPS as a ranking signal – they announced that “we’re starting to use HTTPS as a ranking signal.” If you are looking for an uptick in your organic search traffic your better make the switch NOW. The other benefit is you are not only building confidence by safeguarding the communication of sensitive information but also protecting your website against hackers injecting malicious ads or spyware.  Since most of applications and tools are now communicating over HTTPS you will find it difficult to keep your website functional.

 

What SSL certificate should you get?

In this post, I am not going to talk about certificate validation level nor certificate types but I am going to talk about what is your mind, how much does it cost to get an SSL certificate? Well, you have two options; you can either to go with Open Certificate Authority and Commercial Certificate Authority.

Open Certificate Authority: it is a community-driven CA that issues free SSL certificates, Lets Encrypt and CAcert are two leading Open Certificate Authority. These types of SSL certificates do not provide any warranty, support is limited and you only need to prove the domain ownership in order to generate the certificate.

Commercial Certificate Authority: this type of SSL certificate is widely used by online stores and/or businesses. The approval process is done through Email, in some cases, the SSL Certificate Authority might ask for business registration and other government-issued documents to complete the verification process. The commercial certificate provides after-sale support, warranty up to $2,000,000 (depending on the type of certificate you order) and is compatible with 99% of browsers and systems.

 

As we have mentioned in our previous blogs, we are offering Let’s Encrypt to our customers, almost all of our website and WordPress hosting clients are now able to activate Lets Encrypt through their control panel. We also offer Commercial Certificate to our customers. For detail information about the Type of SSL certificate, we offer please click here.

About Cirrus Tech Ltd

Cirrus Tech Ltd. has been actively promoting its services to the hosting industry since 1999. The company has focused on 24/7 tech support, value-added services and a cooperative attitude towards all its clients. Cirrus is now one of Canada’s largest Web/Cloud Hosting companies in Canada.

 

Cirrus Hosting is now deploying Windows Server 2016

windows-server-2016

 

Cirrus Hosting is thrilled to announce that we are now deploying the latest version of Microsoft’s Windows Server on all our Cloud VM and Virtual Private Server (VPS) plans. Windows Server 2016 comes with lots of new features and upgrades. Let’s take a look at some of them:

 

Server footprints get even smaller with Nano

One of the biggest IT pro-related announcements Microsoft made this year was about Nano Server, a new small-footprint option for installing Windows Server 2016. Microsoft claims that Nano Server will have 93% smaller VHD size, 92% fewer critical bulletins and 80% fewer required reboots.

Nano is ideal for compute heavy tasks, or for dedicated purposes such as the mentioned DNS, IIS, or F&P. Nano can run well on both physical hardware and as a guest VM.

If you have online shop or downtime is a challenge for your system, you should give Nano a chance. You will love it!

 

Containers

If you have developed an application, your code, runtimes, tools, libraries, or anything else that your application needs to find on the running operating system in order to work can all be included in the container.

Microsoft has been working closely with Docker team to bring Docker-based containers to Windows Server. And now Windows Server 2016 offers two different types of “containerized” windows Server: Windows Server Container and Hyper-V Container. First one is for where you don’t mind container to run on the same server and the latter is for when you want completely isolated containers.

Either Docker-based or Hyper-V, if you are looking for process isolation, security and scalability in your application containers, Windows Server 2016 will satisfy your needs.

 

Improved server management with PowerShell 5.0

The latest version of Windows Server comes with PowerShell 5.0, which has many improvements, including new module called Package Management that lets you install software packages on the Internet. Also The Workflow debugger now supports command or tab completion, and you can debug nested workflow functions. And PowerShell 5.0 now runs in Nano server directly, so administration of this lightweight server platform is made even simpler.

 

Extended Storage Space

Three new features take over the software-defined storage that enables you to create HA data storage: Storage Space Direct, another cool feature of Windows Server 2016 creates redundant and flexible disk storage. Also Storage Replica replicates data at the volume level in either synchronous or asynchronous modes, while Storage QoS (Storage Quality of Service) guards against poor performance in multitenant environment.

 

Software-Defined Networking (SDN)

Greatly valuable in a virtualization environment, software-defined networking enables you to set up networking in your Hyper-V environment similar to what you can do in Azure, including virtual LANs, routing, software firewalls, and more and it makes life so much simpler for you.

You can also do virtual routing and mirroring, so you can enable security devices to view traffic without expensive taps.

 

There is a long list of improvements and it will not fit in one post of our blog. You can continue to read and learn more at System Center provided by folks at windows.

 

Are you looking to be one of the first to try the Windows Server 2016 on your cloud? We offer it Now for any Cirrus Cloud VMs or VPS.

 

Call us at 1.877.624.7787 (1.905.881.3485 if you’re in the Toronto area) or email us at sales@cirrushosting.com for more information about these features in this list or if you have any questions in getting your new server. We will be happy to assist you.

  •  Click HERE to find out more about Cirrus Hosting’s Windows hosting plans.

 

 

How to identify OpenSSL Heartbleed Bug on your cloud server and how to fix it?

Heartbleed Bug is serious vulnerability in the OpenSSL package. The HeartBleed exploit for OpenSSL only affects version 1.0.1 – 1.0.1f and 1.0.2-beta1 not patched before April 7 2014. For OpenSSL 1.0.1 the OS vendors have released official patches for this particular issue in their respected Repos so you will need to to update your OpenSSL package to the current release then you will need to restart your services that require OpenSSL such as the Apache Web server or Nginx but a full reboot of your server may be more beneficial as all of your services will be restarted.

For OpenSSL 1.0.2beta, this will be fixed in 1.0.2-beta2.

Testing:
To see the version of OpenSSL installed on your server please try the following commands from SSH:
# openssl version
# yum list installed | grep openssl
# rpm -qa | grep openssl
# dpkg –get-selections | grep openssl

 

Resolution:
The following commands will need to be ran from SSH while logged in as the Root user:
——-RHEL based OS(Redhat, Centos):
# yum clean all
# yum update openssl
# /etc/init.d/httpd stop
# /etc/init.d/httpd start
If using Nginx also use the following to restart the service:
# /etc/init.d/nginx restart
If you are using Plesk then also restart the Plesk control panel service:
# /etc/init.d/sw-cp-server restart

 

Then use the following command to see if any process are still using the old version. If there are any displayed then you will need to restart those services as necessary:
# lsof -n | grep ssl | grep -i del
-The current releases that have the issue corrected are as follows:
Centos/RedHat
64bit:
openssl-1.0.1e-16.el6_5.7.x86_64.rpm
Centos/Redhat
32bit:
openssl-1.0.1e-16.el6_5.7.i686.rpm

———

For Debian Based OS(Debian, Ubuntu):
# apt-get update
# apt-get install openssl
# /etc/init.d/apache2 stop
# /etc/init.d/apache2 start

If using Nginx also use the following to restart the service:
# /etc/init.d/nginx restart

If you are using Plesk then also restart the Plesk control panel service:
# /etc/init.d/sw-cp-server restart

Then use the following command to see if any process are still using the old version. If there are any displayed then you will need to restart those services as necessary:
# lsof -n | grep ssl | grep -i del
-The current releases that have the issue corrected are as follows:
Ubuntu 13.10: “openssl” 1.0.1e-3ubuntu1.2
Ubuntu 12.10: “openssl” – 1.0.1c-3ubuntu2.7
Ubuntu 12.04 LTS: “openssl” – 1.0.1-4ubuntu5.12
Debian (wheezy): “openssl” – 1.0.1e-2+deb7u5
——-
Alternatively, you can also download OpenSSL 1.0.1g available from their official website https://www.openssl.org/ and compile it on to your server as the issue is also corrected in this version.
If you are unable to update to the latest version of OpenSSL you can also recompile your current version of OpenSSL with the -DOPENSSL_NO_HEARTBEATS option to disable the “Heartbeats”
option.