Traffic Issues – Asia / Middle East / North Africa

By Netnibble Support | December 19, 2008

We are seeing high levels of latency and and reduced bandwidth to our services in Asia and Australia. This appears to be a major cable breakdown between Europe and Asia and the Middle East, although we are still attempting to find the exact reason.

Our Network Team are attempting to pin-point the cause for the drop in connectivity and, meantime, traffic is being re-routed along alternate routes.

Customers west of the affected areas may find difficulty in connecting to their servers in the areas affected.

We will update this entry with further information as soon as we receive it.

UPDATE: Three submarine cables carrying Internet traffic between Italy and Egypt in the Mediterranean Sea have been damaged. Also affected are major cellphone networks and trading data between stock exchanges and dealers. Indications are that this will take several days to repair. Meantime all traffic is being re-routed and, as a result, high latency is being experienced. A large portion of the traffic is been re-routed via Hong Kong, which is affecting our services there.

Further information is available at BBC News, Bloomberg.com and other agencies.

Tagged as:

Topics: Infrastructure, Service Announcements | No Comments »

Christmas Crackers from Netnibble

By Dave-C - CEO | December 11, 2008

It’s just 2 weeks to Christmas, but Santa arrives a little early at Netnibble!

Here at Netnibble we’re always looking for ways to improve our customers’ experience of the Netnibble way of hosting. With the addition of new servers and new hosting locations we’re planning to increase the scope of our services in the New Year, but we don’t want our existing customers to feel that we’re leaving them out when it comes to Christmas Crackers!

With this in mind I’d like to tell you about some major enhancements to Netnibble Hosting that we’re about to roll out:

1) Matrix Mail: We all hate spam, and it can account for up to 90% of daily inbound email traffic. Currently the servers your accounts are hosted on handle all mail processing as well as web serving and other duties. We’d like them to concentrate more on web serving, and less on filtering out those dirty rotten spam mails, so we’re introducing our new mail server matrix to process all incoming mail for you. These matrix servers will become the first line of defence for incoming mail and, by checking all mail against public blackists, SPF records, caller ID, and a number of custom rules we’ve developed, we expect to reduce the total mail hitting our hosting servers by a minimum of 60%. This releases more resources for the web-servers and reduces the amount of unwanted mail hitting your inboxes. Over the next 3 weeks Matrix Mail will be rolled out to all existing customers other than those who host their email elsewhere – You need do nothing to implement this process. Just enjoy the reduction in incoming spam and the improved performance of the server your account is hosted on!

Our new Matrix Mail Servers are designed to handle anything that’s thrown at them – Typically they’re Quad-Processor servers with multiple drives in RAID configuration, and each in separate geographical locations on dedicated high-speed network connections. Initially two primary servers will handle the mail, and we have additional hot-standby servers on-line and ready to jump in and help out if needed. Additional servers will be deployed as demand requires.

2) Web sites are getting bigger, so our quotas are too!: As you probably already know, unlike a majority of web hosts, here at Netnibble we NEVER over-sell or over-populate our hosting servers. We prefer to work on the principal of “what you buy is what you get”, and this is demonstrated by the ongoing excellent uptime our servers (and customers) enjoy through servers not being over-loaded. However, we are also aware that each customer wants to cram more into their web space and deliver more via their bandwidth allowance, whilst remaining concious of the current credit crunch and, in some cases, poor currency exchange rates. We’re here to help and, bucking the current trends in the web hosting industry, we’ve been investing heavily in more servers and more locations. As a result, I’m happy to announce an increase in quota and bandwidth allowances across the full range of our hosting plans.

Our PHASE-1, PHASE-2 and PHASE-5 plans will be adjusted over the next couple of weeks (completion by Christmas Eve, of course!) to DOUBLE the disk space and TREBLE the bandwidth currently allocated to you. Again, you need do nothing – The upgrades are automated and not service-impacting and you will soon see the additional resources allocated to you from within your control panels.

In addition, if you want to move your domains nearer to your customer base or the area from which you receive most visits, Netnibble now has cPanel hosting servers in the following locations:

- Clifton, New Jersey, USA
- Dallas, Texas, USA
- Seattle, Washington, USA
- Los Angeles, California, USA
- Herndon, Virginia, USA
- Maidenhead, England
- Luxembourg, Europe
- Singapore, Asia
- Sydney, Australia

To arrange a site move simply open a ticket with Support and we will liase with you to arrange a convenient time to move you over with minimum disruption.

We have some more goodies scheduled to roll-out for the New Year, but  we’re not quite ready to tell you about them yet. We hope that the upscale to our services described above is of benefit to you, and we look forward to serving you in 2009, and for many years to come.

Finally, on behalf of all the management and staff at Netnibble, I would like to wish all our customers and their families and friends a very happy Christmas, and a prosperous and joyful New Year!

Best wishes,

Dave-C
Chairman and Managing Director, Netnibble Ltd.

http://www.netnibble.net

Tagged as:

Topics: Netnibble Tidbits, Service Announcements, Special Offers | No Comments »

Virginia data-center (PEER1) outage

By Tony Walker - Support Manager | December 3, 2008

At approximately 17:50 GMT a power outage occured at the PEER1 data-center in Virginia USA. At around 18:05 GMT power was restored and servers started to come back on-line. Unfortunately our server ORACLE failed to reboot successfully and we are awaiting an engineer to investigate.

Given the number of servers throughout the data-center affected by this outage, we ask for your patience whilst we wait for the issue to be resolved. We will update this message once we have further information.

Update 23:30 -  Oracle is now back on line. We would like to thank customers for their patience during this outage.

Tagged as:

Topics: Infrastructure, Service Announcements | No Comments »

Upgrades, moves, and new services

By Dave-C - CEO | September 25, 2008

Please don’t think that because I haven’t written anything for a month that there hasn’t been anything worth writing about. Far from it! We’ve been a tad busy here at Netnibble and it’s been more important to get all the forward planning and work done (details below) than detail it here (until now). So, without further ado, let me give you a swift roundup of the latest goings on …

ASIA: It seems that the energy crisis has a world-wide effect. Of course no-one doubted that recent increases in oil, gas and electricity prices wouldn’t have a global impact, but it seems Asia (I guess because of the sheer population numbers all using oil, gas and electricity) has felt the effects first. So it was no big surprise to us that we received an email from one of our suppliers letting us know that they were bailing out of Asia and moving to the USA. We saw it coming. We re-negotiated our services out there and are currently planning and implementing the migrations of a number of customers’ servers and VPSs  (and our own) from one data-center to another. So, from 1st October to around 14th October, we’re bracing ourselves for some overtime and a lot of “live migrations”. Kudos to our customers who have all embraced this necessary uprooting and relocation – You won’t be paying the resulting increased charges which result from this move, simply because I believe a deal is a deal regardless of whether you’re paying $2.95 or $295 for Asian services with us.

HONG KONG: Talk about a double wammy! A few months back we added some initial service in Hong Kong. Quite bluntly, the network stability we’ve experience there has been nothing short of atrocious. In fact, the word “stability” does not belong in the sentence I just typed. Service availability since the beginning of July has been 98.3296% – Not good, and not what we both guarantee and work to. So, at the end of this week, we’re uprooting our box there and moving it into another data-center. We’ve received a whole heap of promises about improved network availability, so we’re going to run with it and see how it pans out.

Enough of the doom and gloom – Since Netnibble’s inception we’ve always worked on the basis that cutting corners on the hardware and networks we deploy our services on was a bad idea. If we went that way, one day it would turn around and bite us in the bum(s). Almost 3 years later I (with some great personal pleasure) can report that this policy has worked well up to now and has led us to focus on using the services of two suppliers for our main USA hosting services. In the last 3 years we’ve shopped around, switched around, and generally caused ourselves more than a few migranes along the way as we strive to provide a quality service to our ever-growing customer base. Effective today our shared hosting, VPS, and dedicated server offerings are being realigned to be available from 3 primary USA data-centers in Los Angeles California, Clifton New Jersey and Herndon Virginia. Of course, anciliary services (support, mail, DNS fail-over, etc) will still run from other data-centers by necessity, but I’m now happy with our infrastructure and it will take a lot to drag me away from the set-up we now have. It works for us and it works for our clients, and that’s what counts.

NEW PRODUCTS: As Netnibble approaches its third real birthday in the hosting industry, the stability we’re now built upon means that we can begin to roll out new products, focusing for now on what our existing customers need, or might need in the near future. Our shared hosting customers know that we don’t over-sell our resources (rather unique in this industry!) and a number have asked how they can add extra resources to the hosting packages they already have. Well now they can – Our new EXTREME hosting package bridges the gap between shared hosting and dedicated servers, by offering a high-resource package on a shared server with a maximum of 12 customers per box. So, if you have a busy forum or on-line shop, we can now provide you with a souped-up hosting environment without the need for you to upgrade to a powerful VPS or dedicated server. Starting at just US$24.95 per month you’ll be hosted on a 12th-share of a server that has all the guts and power you need to serve your busy site, whilst allowing you to concentrate on running your business and not learning how to admin a VPS or server. Full details of this new package will be announced shortly.

Also coming up shortly are a new DNS clustering service (you might not host with us but you sure as heck need a better DNS service than the one provided by your current host!), and a rather unique style of dedicated server/VPS all rolled into one unit, where we mount a single VPS onto a server – we manage the box, you manage the sole VPS within it (you get a lot of help from us on that too), and available in the UK and USA.

Finally, I want to say a word of thanks to our customer base. It seems that we have one of the lowest churn rates (the number of people hopping from one host to another to find the best deals and service) in the industry. We are grateful to you for your loyalty! Just today I got a comment (compliment) from one of our customers describing us as a paragon within this industry (OK, I had to look that up on Wikipedia!). Your positive feedback (or otherwise) is always appreciated and acted upon where necessary. We’re now looking forward to “Year 4″ of Netnibble, and planning the roll-out of more products to suit the people who entrust their hosting to us. It’s going to be a good year!

Tagged as:

Topics: Infrastructure, Netnibble Tidbits, Service Announcements, Technical | No Comments »

New variant on MPACK hacking

By Dave-C - CEO | August 26, 2008

I thought these villains had been quiet for too long and then, last night, I happened to notice a support ticket in our queue from a customer claiming that we had hijacked his site, or the server it was on. The ticket had already been pushed up the line to one of our senior techs so I called him up and asked what he had discovered.

“It’s a new MPACK trick” he told me – Now it seems that instead of inserting iframes and javascript into every page they can find on sites they manage to invade, they’re going for HTACCESS files. Basically they target referrers (typically the big 3 search engines Google, Yahoo! and MSN) and if your site gets a hit via a link on the search engine the HTACCESS file then redirects your visitor away to a malware site. And for n00bs who don’t really know (or care?) what an HTACCESS file should look like or contain, they’re inserting 30 to 40 blank lines at the top of the file in order to convince you that it’s actually empty.

Fortunately this hack is easier to fix than its predecessor as it usually only involves one file. We now have a stock of standard HTACCESS files for popular scripts like WordPress and Joomla! that we can just drop straight in and over-write the malicious file if anyone else reports this issue.

<sigh> I wonder what they’ll think of next? </sigh>

EDIT: After writing this I noticed an article on TheRegister about what is possibly the result of one of these hacks. It’s worth a read, and thanks to the author, Jesper M. Johansson, for the time he obviously spent researching this.

Tagged as:

Topics: Security | No Comments »

Joomla! 1.5.* Vulnerability

By Dave-C - CEO | August 14, 2008

Project: Joomla!
SubProject: com_user
Severity: Critical
Versions: 1.5.5 and all previous 1.5 releases
Exploit type: Password Reset Forgery
Reported Date: 2008-August-12
Fixed Date: 2008-August-12

Description

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file).

Affected Installs

All 1.5.x installs prior to and including 1.5.5 are affected.

Solution

Upgrade to latest Joomla! version (1.5.6 or newer) HERE, or patch /components/com_user/models/reset.php with the code below:

After global $mainframe; on line 113 of reset.php, add:

if(strlen($token) != 32) {
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}

Many thanks to QT for the heads up on this one!

Tagged as:

Topics: Security, Technical | No Comments »

California earthquake

By Netnibble Support | July 30, 2008

Yesterday morning a 5.8 magnitude earthquake occurred 29 miles outside of Los Angeles, near Chino Hills, California. We are pleased to advise customers of the 2 facilities we use in Los Angeles that these data-centers were unaffected and continue to operate normally.

More details of the earthquake can been found HERE

Tagged as:

Topics: Infrastructure, Service Announcements | No Comments »

DNS Vulnerability – Cache Poisoning

By Smitch - CTO | July 19, 2008

Recently a new DNS vulnerability has been discovered (Read the story here) which allows a malicious hacker to poison a DNS cache. The ability to poison a cache allows someone to redirect traffic (web, ftp, email, etc) away from intended sites to a hacker’s own site(s), which may host virii, trojans, bot-inserters, etc, so it is important to protect yourself against this type of exploit.

Without going into huge detail here, we all need to take a look at our own ISP’s DNS setup, and also the DNS most of us run on our VPSs and servers. The vulnerability is, as yet, undisclosed, but will be announced at the Black Hat Conference on August 7th. (Read this article). After that, the vulnerability will be out in the wild and we all know that hackers will be looking to exploit it as much as possible before everyone has an opportunity to secure their set-ups.

DNS-OARC have provided a web-based tool which you can use to check your home or office ISP’s DNS resolvers for vulnerability. If either of the test results report “POOR” you need to get onto your ISP’s case, right now, and ask them what they’re doing to fix things before the 7th August deadline. Click here to run the test.

You should also check your own VPSs and servers to see if they allow recursive look-ups and, if they do and you have no need for this, turn off recursion. Our Support Team will be happy to test and advise on all customer set-ups. If you are unsure what to do simply open a support ticket. Our own DNS clusters are already secure, and our recursive name-servers are currently being modified to prevent any intrusions.

Any customers who suspect that their own ISP’s DNS is exploitable and that this will not be fixed promptly are welcome to open a ticket to support asking for details of our recursive name-servers which they may then use. Public services like OpenDNS are also available.

Tagged as:

Topics: Security | 1 Comment »

Scheduled maintenance, Ariel, Hong Kong

By Netnibble Support | July 17, 2008

We are planning to conduct scheduled maintenance on our Hong Kong server, Ariel, during the following window:

Date: 19 July 2008
Local Time: 1am – 2am (GMT+8)
Maintenance: This window is a follow-up check of a previous maintenance. The node may be down for up to 30 minutes and will allow us to provide a better and more stable service in the future.

Tagged as:

Topics: Infrastructure, Service Announcements | No Comments »

Pandora off-line for a short while

By Netnibble Support | July 14, 2008

Our server Pandora in Pennsylvania is currently offline for an operating system re-install (version change). No customers are affected by this and the server will be back up shortly.

Tagged as:

Topics: Infrastructure, Service Announcements | No Comments »

« Previous Entries