Tag Archives: updates

Updates

It’s been some time since a post was made here on our blog. We have been extremely busy with a couple large projects. So busy we are actually expanding our office.

While we can’t release a whole lot of information at this time. We are also excited to announce that we will be Writing a modularized platform software package. From this package users will be able to add in blogs, forums, shopping carts, etc. All into the same system and all able to run multiple domains. While this will be no easy task and it will take some time to complete. We believe there is a great need for software of this calibre.

Right now there are great softwares out there for each individual task. But then you have to mesh them together, spend thousands of dollars getting them to look the same. Even then they still don’t work together they work alongside each other. A user on your forum can’t log into your shopping cart, same is true with the blog.

More about this project will be announced in the coming months as licensing and trademarking of the name are complete.

Various Updates

CLDMV has opened a Development portion to our business. With this clients or anyone for that matter can contact us for web development. We are also partnered with 1stwebstudio for design projects. So all that’s left is to offer is domains, SSLs, SEO. While we do provide domains and SSLs already there is no automation in this process.

Also CLDMV has opened a Twitter and Tumblr account for people who wish to follow updates and posts through those forms of media. The blog site has also had some minor changes in design related to social networking.

Moving forward we excited to be able to provide most web related services to existing and new clients. We are still looking for a reliable and friendly service for SEO.

Server Updates along with Security Updates

As always security is a main concern in our network. We have updated a couple services already and are in the process of updating a few more services currently.

First we have updated NGINX (our webserver) with a few additional modules which will allow us to do a few more optimizations.

We have also increased the SSL security levels. There are some downsides to this. However we believe the upsides outway the downsides.

Cons:

  • Support for IE6 on XP SSL connections have been removed completely.
  • Support for Java6 SSL connections have been removed completely.
  • Support for YandexBot 3.0 SSL connections have been removed completely.

Note: The above were already not supported as none of them support SNI (Server Name Indication). SNI is how SSL connections are defined by domain names rather than IPs. Since our network serve SSL connections based upon Domain names primarily and IPs secondary. Thus the support for the above methods of viewing a SSL site were spotty at best.

Pros:

  • SSL Security score went from 90% to 96.25%, a 6.25% increase.
  • Encryption Speed has been increased.
  • SSL connections now have a subsidiary encryption which helps even more against MITM attacks.
  • Possible BEAST exploit has been removed completely.
  • Possible Lucky Thirteen exploit has been removed completely.
  • Possible CRIME exploit has been removed completely.

Note: Above exploits above were possible due to Encryption methods which were available in the server to support the above methods of a SSL connection. With these removed the possible exploits are removed as well.

Current Status of Control Panel, security updates, and server updates

First lets start with a screen shot of the dashboard in progress for the control panel.

current-cp

Unfortunately Data prior to the 28th of May 2014 is a bit skewed. But as you can see we have plenty of navigation so consumers never get lost. We also show are currently showing all site traffic for all sites hosted under a specific user. Though with some crashes here and there we might put these charts on their own separate page per domain but still give the user the ability to view an all domain report as it’s setup right now (at their own risk).

Currently the theming for the charts is still to be completed. But we have the ability to show and hide specific points of data if we want, select a range of the data from the range bar below. And most importantly reset it all to dive into more data.

Updates outside of the control panel:

A lot of reforming to the back-end has happened in preparation of the control panel.

Security is always a concern when dealing with the online world. We have adjusted some security features. The control panel (unlike commercial panels today) will not actually be able to modify anything within the network per-say. What I mean by that is every command done through the control panel will actually hit a sub-system which allows or disallows access at that level. Which then hits the root system which can only run specific commands pre-written into the system. So unlike most control panels today where the code is on the forefront of the system, CLDMV’s back-end is segregated to many systems to prevent hacking. While data can be retrieved from the control panel anything which has to change the system will always be done through our set of sub-systems to insure stability and security.

Also it’s important to note there was a brief downtime of FTP log in and email receiving on 2014/05/31 at approx 5pm PST to 5:30pm PST. This was due to a mass restructuring of the back-end in order to support the new changes to come.

Updates to Web Server

There was a bug affecting a few clients where they could not delete files in the root of their html folders. This has been fixed. I also have a process running every day now to ensure this doesn’t happen again. The following files will server up a default file if they are not found in the html root folder:

  • robots.txt
  • favicon.ico
  • favicon.png

The default robots.txt only had one rule which is to tell all bots to limit their crawl rate to 1 page per second. Any client can place their own custom robots.txt or favicon.ico in their html root and that file will be served up instead. Some additional cleanup and security was done to the FTP service. Namely when you log into the FTP, clients will only see folders which you can actually do stuff in now. Some of which are just backup or log folders which clients can only (most of them) download the files.