Blogs on detail technical administration tasks related to cloud hosted virtual private servers with Linux or Windows operating systems

New Vulnerability in Exim Mail Server, CVE-2019-16928, cPanel & WHM Patch Is Out

National Vulnerability Database (NVD) posted a warning on 27/09/2019 about the new vulnerability
effecting Exim Versions 4.92 to 4.92.2, to read more please click here. For those of you who are not
familiar with Exim, Exim is an open-source message transfer system and its main task is to accept the
messages from the source and deliver them to the final destinations (to a remote host or a program). Since
cPanel & WHM uses Exim this vulnerability could affect any server running cPanel & WHM or any Linux
server running Exim mail server. We advise you to upgrade your cPanel & WHM by taking the following
steps in the WebHost Manager interface:

WHM >> Home >> cPanel >> Upgrade to Latest Version

If you have subscribed to our Management plan III and IV we will be scheduling a management task to
update your cPanel&WHM.

What Is a Web Server?

A web server is a software that is running on dedicate, virtual or embedded server, which is capable of delivering the requested data made through the web. Typically web server’s task is to process and deliver the requested information (website contents and data) that is stored on the server. Thanks to uptick in internet of things (IoT) adaptation the web server is embedded in smart devices such as wireless security camera, fridge, and thermostat so that you can manage and monitor your devices on your network.

Some of the well-known web servers are Apache, NGINX, and IIS; the most common communication protocol used between the browser and the web server is Hypertext Transfer Protocol (HTTP). Once the web server receives your request it will fetch the requested data (document, Image or files) and send it backs to the browser.

Vulnerability in Exim mail server, CVE-2019-10149, cPanel & WHM patch is out

National Vulnerability Database (NVD) posted a warning on 06/05/2019 about the flaw that was found in Exim Versions 4.87 to 4.91 to read more please click here. For those of you who are not familiar with Exim, Exim is an open source message transfer system and its main task is to accept the messages from source and deliver them to the final destinations (to a remote host or a program).  Since cPanel & WHM uses Exim this exploit could affect any server running cPanel & WHM bellow v78.0.27. We advise you to upgrade your cPanel & WHM by taking the following steps in the WebHost Manager interface:

WHM >> Home >> cPanel >> Upgrade to Latest Version

Individual Linux distros also released their patches, for more information please refer to Debian, OpenSuse, and Red Hat.

How to update my VPS and how to upgrade my Control panel

The most important task of every server administrator or web admin is to keep OS (Windows or Linux), Applications and Control Panel up-to-date.  It does not only make your infrastructure more secure but also you can take advantage of new features. Microsoft and other software companies are constantly working to release patches to fix vulnerabilities, applying the patches in a timely manner increases your server security significantly and saves you a lot of time and money to restore your server from backup. If you are using a control panel to manage your website and emails then you should keep Plesk and cPanel up-to-date to not only keep your site secure but also you can take advantage of latest applications and tools offered by Plesk and cPanel. In this blog, I cover how to update the OS and Plesk / cPanel.

  • Updating Windows 2012/2016 VPS: As you now Microsoft Windows offers automatic OS update download and install; however as a server or web admin you prefer to manage server load and have a say on how and when to download the updates, install and reboot the server.
    1. RDP to your VPS as Admin or with your own username and password if you have administrative privileges
    2. Click on start or point your mouse to the lower-right corner of the screen and on Search
    3. Type “Windows Update” and click on “Windows Update”
    4. Click on Check for updates, windows looks for latest updates available.
    5. You have the option review the available updates, you can either install all the available updates of select those you would like to install at this time. Click on update and install.
  • Updating Linux VPS: Linux update is simple and straight forward
    1. Lunch a terminal emulator like PuUTY to SSH to log in to your Linux VPS
    2. To update the sever type the following
RHEL / CentOS Ubuntu
# yum –y update # apt-get update && apt-get upgrade
  • Upgrading Plesk to the next release: Upgrading the control panel is a bit tricky, to be safe I suggest that you take a backup of your entire website on your local computer and also to avoid any surprises/glitches just wait a few days after the new release to update your control panel.  Please check the new Plesk version is compatible with your VPS OS version. If you are using Plesk 10 or 11 please consider migrating to a new setup than upgrading Plesk. During the upgrade process, your websites will be down and your Plesk panel will be unavailable.
    1.  Log in to your Plesk panel
    2. Click on “Updates and Upgrades ”under Tools& Settings”
    3. Click on “install or Upgrade Product”
    4. Choose a Plesk version from the drop-down list and click Continue.
  • Upgrade cPanel / WHM: I suggest that you take a backup of your entire website on your local computer and also to avoid any surprises/glitches just wait a few days after the new release to update your control panel. 
    1. Log in to WHM
    2. Type “Upgrade” in the search bar and click on “Upgrade to Latest Version”
    3. Click on “Click to Upgrade”

Different types of RAID and RAID levels, advantages and disadvantages

One of the challenging tasks of every system administrator is to strike a balance between reliability and performance when choosing a dedicated server. Some might say choosing a rite Redundant Array of Independent Disks (RAID) option and level is critical, but what is RAID and why is it so important?

Wikipedia defines RAID as “data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. ”  RAID should be considered as part of a business continuity plan and it improves reliability by replicating the data on one or multiple disks. It also improves the performance by enhancing the read write function from/to one or multiple drives. There are two main component in every RAID setup RAID level and RAID control.

Table below shows some of the most common RAID levels.  

Level Minimum # disks Redundancy Disk space utilization Read speed Write Speed Ideal Application
RAID 0 2 None 100% Fast Fast Image & video editing
RAID 1 2 Yes – 1 disk 50% Fast Moderate DB & critical data
RAID 5 3 Yes – 1 disk ~80% Moderate Slow Archiving
RAID 6 4 Yes – 2 disks ~70% Moderate Slow App server
RAID 10 4 Yes – 1 disk 50% Fast Moderate Critical data

In a nutshell RAID controller task is to control the RAID array, to make sure drives are working as the logical unit and computer recognize it as such. There are mainly two types of RAID controller, software and hardware RAID controller. Software RAID relies on computer CPU to control the read / write process, although sever CPU is supper fast these days but still it creates computation overhead and utilises server resources depending on the RAID level. Hardware RAID controller on the other hand is equipped with internal processor like ARM or ASIC to control the array.

Comparison table below shows some the advantages and disadvantages of different RAID types.

RAID Controller Advantage Disadvantage
Software Low cost, easier to reconfigure the array Slow, changing the failed drive is not easy, not suitable for RAID 5 & 6
Hardware card Faster read / write, replacing failed disk is easy Requires additional hardware
Hardware card+ cache Improves I/O performance Cost , susceptible to loss of data in case of power failure

Automatic and Rebootless Linux Kernel Update – KernalCare

The main responsibility of every system administrator is maintaining software and security updates, this can be a daunting task if you are managing multiple servers, operating in different time zone and hosting your server / VPS in multiple locations. You need to schedule a task with your clients/stakeholders, take the servers offline and apply the patches manually. If you are running a Linux OS (CentOS, Redhat, Ubuntu, Debian,…) now you can apply security patches automatically to a running kernel thanks to Kernel Care.


KernelCare solution runs in the background, as soon as new patches and security updates are available (every 4 hours it checks for new patches) KernalCare will automatically applies the new patches without rebooting the server. This amazing service saves you time and money while ensuring your OS if up to date and secure.  Below are some of the KernelCare features and benefits:

  • Easy setup: It only takes 4 commands to install, register the key, check and apply the patches
  • Save time and money: You no longer need to spend the time to apply the patches or worry about keeping your Kernel up-to-date, run your servers for years without reboots and without compromising on security.
  • Fast rollout: KernelCare team engineers analyze new vulnerability and security list and will release patches in no time.
  • Rollback capability: You can rollback with a single command, without system reboot or any impact to your operation.
  • Supports most Linux flavours: CentOS/RHEL/CloudLinux OS 6 & 7, CentOS Plus 6 & 7, Amazon Linux, Oracle Linux RHEL-compatible 6 & 7, UEK 3, 4 & 6 R3, Debian 7, 8 & 9, Ubuntu LTS 14.04, 16.04 & 18.04, OpenVZ & Virtuozzo, Proxmox VE 3, 4 & 5, Xen4CentOS 6 & 7


KernalCare is an add-on service; we can set it up on your dedicated server or cloud VPS/VM. Call us at 1.877.624.7787 (1.905.881.3485 if you’re in the Toronto area) or email us at for more information about these features in this list or if you have any questions in getting your new server. We will be happy to assist you.


5 Key Steps to Prepare Your Online Store, E-Commerce Store, For the Holiday Season

The holiday season is fast approaching and I am sure you are working hard to make more money this season!!! You have secured your suppliers, reviewed all your processes from order fulfillment to defining your shipping policy to promotions and advertising but what about your online store?

Can your site handle the traffic spike?
First thing first; take a look your historical data and with a simple analysis you should be able to identify when the website traffic spike could potentially occur; to stress test your site you can use performance-testing applications to simulate the traffic (please communicate with our hosting provider before stress testing your website site). If you are hosting your website on VPS or Cloud VM you should be able to scale up your resources for a month or two to handle extra higher demand.

Make it easy to order
Make sure your shopping cart page is optimized, simple to navigate and easy to make a payment. Well, optimized shopping card should load quickly, should contain all the important information about the product, shipping, and ToS. It should also be easy to read and displayed on a single page. It is vital in today’s competitive online business world to give your customers different payment options for instance Credit Card, PayPal and if you want to be adventures you can accept BitCoin.

Business continuity and Redundancy
It is a nightmare if your website goes offline during the holiday shopping season; you should start putting together a business continuity plan. Conduct a risk assessment of your operation and come up with strategies to safeguard your business against the preventable risks. Make sure all your plugins are up to date and you have applied all the security patches; make sure you are using strong passwords and you have the backup of your website on your local computer. If you are hosting your website on a cloud VM with a reputable hosting company like cirrus hosting your server should be immune from hardware failure, because your data is not tied to a single server and in event of hardware failure your VPS or VM will be loaded on new hardware in a matter of minutes. You can also consult with your hosting provider to explore load balancing option so that you can distribute traffic between multiple servers. Load balancing is a cool option but it requires advanced technical know-how and it is much more expensive.

Website load time
Speed matters!!! In average a well-optimized e-commerce site should load under 3 seconds. There are a few simple steps you can take to reach the load speed of 3 seconds or thereabouts. In my opinion, the most important step is you should choose a light theme and compress your images – you can use Google Page Speed toll to see if your site benefits from compression, consider enabling caching feature and reduce redirects.

Site security and customer trust
An important aspect of any business let alone e-commerce is earning customers trust. One way of achieving that is by securing your communication between your client computer and your server through SSL. You have the option to use a free, open source SSL certificate like Lets Encrypt or a commercial SSL certificate like Comodo. You can learn more about SSL certificates here

Are You Looking For Reliable Enterprise Backup Solution? We Got You Covered!

The web/cloud hosting industry is an extremely competitive market; Hosting companies invest heavily in enhancing their infrastructure to provide reliable services and assist customers with implementing their business continuity plans. Studies show implementing a robust backup and restore solution -on dedicated and virtual machines – is the most pressing tasks of IT departments. At Cirrus Tech we partnered with R1Soft to provide reliable backup solutions to small business and corporate customers.

We interviewed Ali Mirdamadi, CEO of Cirrus Tech Ltd. to find out more about Cirrus Hosting Backup solution.

Q: Why taking the backup is important?

Ali: In IT world, data protection is basically the most important task that a customer faces.  I’ll give you an example If the server breaks like CPU failure or faulty memory you can always change those parts, However if you have a bad drive then you are mostly in the situation where your data is impacted somehow, It’s either lost or corrupted which is why data protection and backup is extremely important and for that, backup solutions are needed so that you be sure you have something to go back to.

Backups are not just for disasters recovery but they are also important when you face with other challenges like a fallen victim to cyber-attacks specifically where your data/website is encrypted or defaced by a hacker, or maybe your server is infected with a virus and you want to go back to your original data. Even human errors can cause data loss; people accidentally delete files or folders.

Q: Why we choose R1Soft?

Ali: We used to provide an in-house backup solution but we felt that the R1soft solution offers additional features that may appeal to most of our customers. In developing our corporate services, we always partner with leaders in the respective fields to offer more value-added services to our customers. We also wanted to choose the product that offers support for protecting various lines of business applications like Microsoft SharePoint and Microsoft Exchange Server.

first and foremost R1Soft is a very robust solution that actually WORKS all the times, we do not have to worry about backup failing on us, if you can’t use the backup to restore your data then what is the point of having a backup in the first place! Based on our own experience, R1Soft came to our rescue in a few occasions.

Q: What are the R1Soft features?

Ali: R1Soft has unique features that make it ideal and extremely suitable for our business and our customers.

  • Continues Data Protection – R1Soft reads the data directly from the disk or volume and uses block-level backup which drastically reduces the disk and network I/O.
  • Control Panel Interface – R1Soft has a web interface which allows our customer to manage their backup and restore.
  • Quick Restore – R1Soft also allows the customer to restore individual files. Or restore the entire server from scratch meaning your operating system, configuration, an application and data. So in one shot you basically restore the entire server.
  • Multi-Platform Support: R1Soft supports a variety of operating systems. We are not worried about OS compatibility.
  • Data Retention Policies – R1soft give you the option to specify the frequency of “recovery points” (backups) and customers are able to create as many recovery points as they choose. You can take backups that are 15 minutes apart or weeks apart. And since it is taking incremental backups it always backups the changes.
  • DB Backup- R1Soft supports taking backups directly from databases, which give customers a peace of mind that all backups are consistent. In another word, if you have a database open and you take a backup at the same time, that backup may not have all the information in the database. R1Soft allows you to actually get a direct backup from MySQL databases that are another important point that R1Soft offers. (this is an add-on service)

As a hosting provider, we offer flexible pricing to our customers and our customers have the option to choose onsite or offsite backup regardless where their actual server or virtual machine resides. For detail information about our backup plans please click here.

Website Not Secure? Step Closer to Secure Web

As you know Google has started an initiative to enhance connection security; Google is encouraging – some might say forcing- website owners to secure their blog or website by installing SSL certificate.  In October 2017 Google Chrome started showing “Not Secure” warning when visitors enter data on an HTTP page or if visiting HTTP page in private mode. In July 2018 Google launched the next phase, by shows “Not Secure” warning when visiting all HTTP sites through chrome. In this post, we will cover the basics and your options.


What is an SSL? Why move to HTTPS? What are the benefits?

In a nutshell, SSL certificate enables secure communication over the internet by encrypting the data such as your password or credit card information which is being transmitted between your computers and the server. When visiting a website or blog that is secured by SSL certificate you will see a padlock icon or green bar on the left side of your URL bar.

Moving from HTTP to HTTPS helps you with organic search ranking, in 2014 Google published a blog – HTTPS as a ranking signal – they announced that “we’re starting to use HTTPS as a ranking signal.” If you are looking for an uptick in your organic search traffic your better make the switch NOW. The other benefit is you are not only building confidence by safeguarding the communication of sensitive information but also protecting your website against hackers injecting malicious ads or spyware.  Since most of applications and tools are now communicating over HTTPS you will find it difficult to keep your website functional.


What SSL certificate should you get?

In this post, I am not going to talk about certificate validation level nor certificate types but I am going to talk about what is your mind, how much does it cost to get an SSL certificate? Well, you have two options; you can either to go with Open Certificate Authority and Commercial Certificate Authority.

Open Certificate Authority: it is a community-driven CA that issues free SSL certificates, Lets Encrypt and CAcert are two leading Open Certificate Authority. These types of SSL certificates do not provide any warranty, support is limited and you only need to prove the domain ownership in order to generate the certificate.

Commercial Certificate Authority: this type of SSL certificate is widely used by online stores and/or businesses. The approval process is done through Email, in some cases, the SSL Certificate Authority might ask for business registration and other government-issued documents to complete the verification process. The commercial certificate provides after-sale support, warranty up to $2,000,000 (depending on the type of certificate you order) and is compatible with 99% of browsers and systems.


As we have mentioned in our previous blogs, we are offering Let’s Encrypt to our customers, almost all of our website and WordPress hosting clients are now able to activate Lets Encrypt through their control panel. We also offer Commercial Certificate to our customers. For detail information about the Type of SSL certificate, we offer please click here.

About Cirrus Tech Ltd

Cirrus Tech Ltd. has been actively promoting its services to the hosting industry since 1999. The company has focused on 24/7 tech support, value-added services and a cooperative attitude towards all its clients. Cirrus is now one of Canada’s largest Web/Cloud Hosting companies in Canada.


Cirrus Hosting is now deploying Windows Server 2016



Cirrus Hosting is thrilled to announce that we are now deploying the latest version of Microsoft’s Windows Server on all our Cloud VM and Virtual Private Server (VPS) plans. Windows Server 2016 comes with lots of new features and upgrades. Let’s take a look at some of them:


Server footprints get even smaller with Nano

One of the biggest IT pro-related announcements Microsoft made this year was about Nano Server, a new small-footprint option for installing Windows Server 2016. Microsoft claims that Nano Server will have 93% smaller VHD size, 92% fewer critical bulletins and 80% fewer required reboots.

Nano is ideal for compute heavy tasks, or for dedicated purposes such as the mentioned DNS, IIS, or F&P. Nano can run well on both physical hardware and as a guest VM.

If you have online shop or downtime is a challenge for your system, you should give Nano a chance. You will love it!



If you have developed an application, your code, runtimes, tools, libraries, or anything else that your application needs to find on the running operating system in order to work can all be included in the container.

Microsoft has been working closely with Docker team to bring Docker-based containers to Windows Server. And now Windows Server 2016 offers two different types of “containerized” windows Server: Windows Server Container and Hyper-V Container. First one is for where you don’t mind container to run on the same server and the latter is for when you want completely isolated containers.

Either Docker-based or Hyper-V, if you are looking for process isolation, security and scalability in your application containers, Windows Server 2016 will satisfy your needs.


Improved server management with PowerShell 5.0

The latest version of Windows Server comes with PowerShell 5.0, which has many improvements, including new module called Package Management that lets you install software packages on the Internet. Also The Workflow debugger now supports command or tab completion, and you can debug nested workflow functions. And PowerShell 5.0 now runs in Nano server directly, so administration of this lightweight server platform is made even simpler.


Extended Storage Space

Three new features take over the software-defined storage that enables you to create HA data storage: Storage Space Direct, another cool feature of Windows Server 2016 creates redundant and flexible disk storage. Also Storage Replica replicates data at the volume level in either synchronous or asynchronous modes, while Storage QoS (Storage Quality of Service) guards against poor performance in multitenant environment.


Software-Defined Networking (SDN)

Greatly valuable in a virtualization environment, software-defined networking enables you to set up networking in your Hyper-V environment similar to what you can do in Azure, including virtual LANs, routing, software firewalls, and more and it makes life so much simpler for you.

You can also do virtual routing and mirroring, so you can enable security devices to view traffic without expensive taps.


There is a long list of improvements and it will not fit in one post of our blog. You can continue to read and learn more at System Center provided by folks at windows.


Are you looking to be one of the first to try the Windows Server 2016 on your cloud? We offer it Now for any Cirrus Cloud VMs or VPS.


Call us at 1.877.624.7787 (1.905.881.3485 if you’re in the Toronto area) or email us at for more information about these features in this list or if you have any questions in getting your new server. We will be happy to assist you.

  •  Click HERE to find out more about Cirrus Hosting’s Windows hosting plans.