Category Archives: Upgrades

MariaDB Server Updates

In an effort to avoid this last weekends downtime again. The Database server was taken offline for a few minutes while the logs were moved to a separate hard drive. Previously there was approx 60GB of space available for the logs. This has been more than enough for nearly 2 years. However it was not enough this last weekend. So we have moved the logs into their own separate 500GB hard drive.

We will also be putting in a pruning system to avoid this issue even if the logs reach that 500GB size without auto pruning.

As with any downtime clients are compensated with much more time as a credit on their account for the downtime. For this last weekends downtime every client recieved a 1 week credit to their account for their subscription based services.

Shared Hosting

CLDMV is proud to announce that by February 1st 2014 we will be offering shared hosting on the same platform which runs our hybrid servers. While there will not be some features bundled into the system. Such as SSD, backup control, image compression, etc. It will still have the same system in the background.

This will allow customers to run non-critical applications for a reduced price. Pricing structure is still under consideration. However we will not be charging for bandwidth. Disk space charges are still up in the air.

Potentially we may charge a flat rate and give limits to the space available. We might also setup the same way we currently do with our Hybrid hosting and charge for space used. Which generally allows users to get their hosting for cheaper.

We will also be offering our Hybrid hosting clients extended backups which will automatically store their backups remotely. Pricing is still to be decided with this feature. It may roll out as a free feature.

S1 Server Upgrade

S1 server will be undergoing an upgrade between 11pm PST 2014-12-09 and 4AM PST 2014-12-10.

The upgrade will help support the growing backup space available.

Server Upgrades complete

Both MX1 and S1 Servers are back up with their new HDDs.

S1 Scheduled maintenance

The S1 Webserver and MX1 Mail server are scheduled to undergo upgrades on 2014-07-03 between 10pm and 1am PST.

There will be another Scheduled upgrade within the next week for the same servers. Luckily this should be the last upgrades for a while. Unfortunately we are growing and as such we need more hardware to support our network.

DB1 Is back up

The DB1 server is back up and running. The new HDD is setup and everything appears to be running smooth again. Again we apologize for the downtime as upgrades were needed.

Scheduled Maintenance

We were waiting to hear back on the best maintenance window to upgrade the hard drive on one of our database servers. But today it crashed due to insufficient space. We have scheduled a hard drive upgrade for 6/23/2014 between 10pm-2am PST. All clients tied to that database have been given a 1 day credit (well more than 1 day’s worth) to their account.

There will also be a slight downtime early in the morning of 6/24/2014 to setup the new hard drive for the database server. Overall total expected downtime is 3 hours max, including the downtime between 10pm-2am tonight.

DKIM Signing and Mail filtering

Spam is always a concern when you have email. We have successfully integrated DKIM signing to our email system. As it can break mail delivery this is not done automatically. DNS records need to be in place for it to work properly. Thus if you’re hosted at CLDMV please contact us in order to help you with the process of setting up DKIM.

Next upgrade we have put in place is our own custom mail filter. Right now there isn’t much to it but injecting a header into emails to show it working. But soon there will be SMTP Relay limits (used to prevent compromised emails from flooding emails outbound), Custom spam filtering though DB rules, and probably some other things which I’m not thinking of currently.

The two main issues we had with putting our own Filter in place was the ability to maintain our Anti-Virus and Spam systems that were already in place while also being able to provide a second content filter. After many hours and tons of caffeine we were able to produce a system which kept our current system intact while adding the secondary system on top of it. As always Security in this manner was a great concern. Especially considering we would be handling external content. Several limitations are at play in current mail systems which caused us to create innovate techniques in order to send emails to our own system securely. We even attempted to hack our own mail server through emails and were unsuccessful.

New feature for JS and CSS

Any website hosted with CLDMV can now automatically serve up concatenated JS and CSS files. For example:

http://cdn.cldmv.net/cldmv/min/cldmv/jquery/?base64.js,decode.js

The above URL is two separate files put together and minified as well. Now lets go over the portions of the URL:

The prefix of the URL (this is required in order to get the script to work.

The directory:

Then the marker to indicate the files you want to serve (this is required and never changes):

Then finally the files you want to serve under the above directory:

Each file is separated by a comma.

Normally to get both of these scripts to run you would include the follow urls:

Instead you can now just include:

Update: Since Chrome has an issue with double question marks I’ve reduced the code to only require a single question mark.

 

Server Updates along with Security Updates

As always security is a main concern in our network. We have updated a couple services already and are in the process of updating a few more services currently.

First we have updated NGINX (our webserver) with a few additional modules which will allow us to do a few more optimizations.

We have also increased the SSL security levels. There are some downsides to this. However we believe the upsides outway the downsides.

Cons:

  • Support for IE6 on XP SSL connections have been removed completely.
  • Support for Java6 SSL connections have been removed completely.
  • Support for YandexBot 3.0 SSL connections have been removed completely.

Note: The above were already not supported as none of them support SNI (Server Name Indication). SNI is how SSL connections are defined by domain names rather than IPs. Since our network serve SSL connections based upon Domain names primarily and IPs secondary. Thus the support for the above methods of viewing a SSL site were spotty at best.

Pros:

  • SSL Security score went from 90% to 96.25%, a 6.25% increase.
  • Encryption Speed has been increased.
  • SSL connections now have a subsidiary encryption which helps even more against MITM attacks.
  • Possible BEAST exploit has been removed completely.
  • Possible Lucky Thirteen exploit has been removed completely.
  • Possible CRIME exploit has been removed completely.

Note: Above exploits above were possible due to Encryption methods which were available in the server to support the above methods of a SSL connection. With these removed the possible exploits are removed as well.