It’s another HostingCon Goodies day – these exciting new free tools will get your website listed in Google within 24 hours – guaranteed. If your site’s already in Google, you will get even more pages listed, and improve your page rank in seven days or less.

Simply login to your DrakNet website control panel, look for the new SEO Tools category, and click on “Get In Google.”

We’re sponsoring your Attracta™ Basic-level SEO tools account at no cost to you. It’s yours free forever, and it normally sells for $59.40/year. If you wish to upgrade from basic, you can do so from within your control panel.

What’s in your free Attracta SEO Tools account? All of the tools and services you need to get more of your site listed in Google and the other major search engines, with improved search ranking.

Getting started is with Attracta is easy

+ Log in to your DrakNet control panel
+ Click on the “Get In Google” tool.

That’s it. 30 seconds of your time and you should see your site in Google within 24 hours.

Unfortunately, DrakNet has made the difficult decision to cease offering Soholaunch Licenses to our clients and supporting the software after December 1, 2010. The includes both our direct clients, and our Reseller accounts. Please note all those using Soholaunch should have received an email with regard to this transition this morning.

The dates are as follows:

As of September 1st, 2010, Soholaunch will cease being available in Fantastico.

On December 1st, 2010 Soholaunch licenses will cease to be commercial and will revert to free licenses for any installations that are not converted or moved.

We are leaving a three month time window to allow people to prepare for the change, regardless of what your decision is. You have a few options with regards to your site:

1) You can lease Soholaunch directly for $20 per month per installation and remain with DrakNet:
https://billing.soholaunch.com/cart.php?gid=1

2) You can purchase an owned license for $200 one time and remain with DrakNet:
https://billing.soholaunch.com/cart.php?gid=1

3) You can convert your site to any of the other 150 programs we offer in Fantastio or Softaculous.

If you are planning to convert your site, we will give you a secondary account at no charge for three months with it’s own cPanel that is a subdomain of DrakNet so that you can start with a clean installation and begin building. When you are ready, we can then convert that account to your original domain name so that you will go live. (Obviously, resellers can do this on their own).

4) You can move hosts to a host that offers Soholaunch to you at no charge – if they are a cPanel host, this is a relatively easy thing to accomplish with a full cPanel backup. If you’re unsure of who to use and you want to go this route, feel free to email us.

We apologize for this inconvenience that this will cause you, and we stand ready to help you utilize any of the options in front of you to the best of our ability even if your choice is to go to another host, so please lean on us for any help you may need during the next three months regardless of your decision.

Due to a number of recent exploits, we have begun locking down some risky PHP behavior by default. This information has been in the PHP FAQ for a couple of weeks, but we wanted to do a more inclusive blog post on it.

PHP By Default

The PHP settings by default include the disabling of the following behaviors that are known to be somewhat risky when used in conjunction with really bad code:

show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen

What that means is that if you install software that requires any of these to be “on”, your software will not work the way that you want it to as the system will not allow those functions on your site.

Your Own PHP

You are not, however, limited to our security-focused PHP implementation. You can write support and let us know that you need to override settings. In response, we will copy the system’s php.ini file into phpini.txt in your home directory so that you can edit it. There are two ways that you can implement the above disabled functions on your site.

Per Directory

If you only have one directory that needs the function, the safest thing to do is to only enable something on that one directory because it limits possible incursion risks into your site. To do that, you would take the phpini.text and open it in an ascii editor (or using CPanel’s File Manager) and find the section:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.                
disable_functions = “show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen”

And edit the disabled functions. For example, to do Soholaunch backups, the directory /sohoadmin/program/webmaster needs shell_exec, so you would edit the above so that it looks like this:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.                
disable_functions = “show_source, system, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen”

Save the file as php.ini, and place it in the /sohoadmin/program/webmaster directory. For extra security, you can only upload it when you need to take a backup, and then change the filename or pull it down onto your computer and delete it to re-secure the directory.

This method will change only the directory behavior, and not the whole site behavior.

Change the Whole Site’s Behavior

If you need a function on more than one directory, or you’re unsure which directory you need the behavior changed in, you can easily change the behavior on the whole site without having to manually copy the php.ini everywhere.

To do this, you would use the same method above to change the php.ini, and then place it in your top level directory of /home/username/public_html/. Then, also in /home/username/public_html/, you would create a file called .htaccess, and you would place the following in that .htaccess:

suPHP_ConfigPath /home/username/public_html/

This tells the server that on this site, the php.ini in this directory is the one that the site should use, and not the server’s default.

A Word of Warning

There are various methods of changing php behavior floating around on the Internet, and one is the php_flag in .htaccess – please note since we run suPHP, that won’t work here. It will give you a nice error on your site if you try it, though, but best not to – trust us, isn’t going to work.

The other method we’ve seen some people recommend is uploading a php.ini file to a directory with only the behavior that you wish to change i.e. one line only as the entire php.ini file. This is bad. Don’t do this if anyone tells you to. It’s not correct even though it may appear to work.

PHP does not merge the php.ini files together, so when a custom php.ini is used it must contain all of the required directives from the main php.ini file (for example, if Zend Optimizer is required, the new php.ini must load the extension.) This is why you must email in to support so we can provide you with the server’s php.ini.

Before we headed off to HostingCon, we asked folks over on Facebook what goodies they wanted us to get, and several people asked for more software that could be easily installed.

Happy 2nd HostingCon goodie day!

DrakNet is now a Softaculous NOC Partner, and this new auto-installer has been installed across all servers and is ready for your use. You can find the Softaculous icon right next to its competitor, Fantastico.

In addition, we’ve also added Softaculous Voice Tutorials to the video tutorial section to help you out with installation.

The following software is available in your cPanel under the Softaculous icon right now.

The move of accounts from Blastoid to Espeon is now complete, except for four stragglers who decided to manage their own DNS. (If you were not resolving to the new server when we looked the morning and we found your custom DNS, we emailed you with what needs to be changed).

The problems of yesterday’s move with the databases was entirely our (ok, my) fault. In our focus on the containers and getting to know Cloud Linux, we miscalculated the combined amount of space needed for MySQL databases, didn’t double check, and filled the partition about halfway through the move. When that happens, database backends come to a screeching halt.

You guys really use an enormous amount of data.

We moved the databases to the /home partition instead of the smaller partition it defaults to, and due to the huge database usage you all tend to eat, the new machines will have that set up before we move anyone just in case we run into the issue again. The /home partition, since that’s where your web sites are, has the largest chunk of disk space allotted to it’s use and after combining the servers and placing the databases in it, Espeon has 178 Gigs used with 651 Gigs free on that partition. Hopefully, that will hold you all for a little while.

So, now that more of you are being plopped into containers, what should you be concerned about?

I have a really busy site, but I’m well within my bandwidth allotment – if I am under my bandwidth limit shouldn’t you just make my container bigger?

One site getting 3 Gigabytes of traffic a month can be far more resource intensive than one site getting 25 Gigabytes of traffic a month – it all depends on the site, and how its coded, and what it’s doing. In our TOS, we do (and have for years) place limits on those because despite everyone’s packages in the web hosting industry selling bandwidth and space, the real underlying thing that shared hosts have to be primarily concerned with is resources – CPU, memory, i/o. Those are the real numbers that matter. Space and bandwidth is really the least of the issues these days.

We will be reworking the allotments/formula there to better reflect the containers, and higher level accounts will have options to make their containers slightly bigger at no charge if they begin to outstrip their default container. But these containers are not infinite – even “the cloud” has a finite expansion point.

Once you max your container, if you are still slowing or “503ing”, you’ll know that it’s time to look at other options like VPSs, a server, a cloud server, a Hybrid, a high traffic service optimized for your software, or the like. If you have an enormous number of add on domains that are all somewhat busy, realize that they share a container, too, and it may be time to spin them off into their own account or get a reseller account just for your domain addiction. (Each Reseller subaccount does have its own container).

At the moment, we have containers defaulting to 15% of total server resources. On a server with a lot of cores, and a lot of memory, that’s a lot of resources. If you’re outstripping that, in our humble opinion shared hosting isn’t a good platform for what you are doing or there’s an issue with your site you need to address.

We came, we drank, and we bought.

We’ve been back from HostingCon for a few days, and we definitely came back with more than swag. And while the swag is cool, we think you’re going to really like some of the rollouts. Since HostingCon’s subject is the cloud, we’ll start with the cloud.

As of last night, Espeon’s OS has been switched from CentOS to CloudLinux, a Linux Operating system that was specifically created address some of the concerns of modern shared hosting environments.

Particularly, some of ya’ll’s tendency to explode and take down a server with ya, whether due to bad coding or sudden outrageous popularity.

CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to shared hosting environments. This improved performance helps us provide better support to you by enabling VPS-like containers for your resources in a cost-effective shared hosting environment, guaranteeing that you get the resource you pay for and expect without “server hogs” muscling in and stealing what’s yours.

Ok, but what if I’m a server hog?

Well, to be honest, then this kind of sucks for you.

Once a website reaches the limit of resources which has been set, the site will begin to slow down. Once the number of entry processes (apache/http requests is reached), the user will get a 503 error message. The website that is consuming too many resources will stop working but the other folks on the server will continue to run normally with no slowdown.

We will still be able to attempt to help you tweak resources but at the threshold levels we set (which are significantly higher than the TOS limits), if you are consistently outstripping your container, it’s time to either take the add ons and spin them off into their own accounts with their own resources, or look to moving to a VPS or server.

Espeon, you are already in the Cloud.

As of last night, Espeon has been running in this new environment as it was the only one on CentOS 5 (it’s the newest). All other boxes are on CentOS 4, which is end-of-lifing in Feb of 2012, which would have necessitated 5 server migrations in any case over the course of 2011. Since we know it’s coming, we’re going to start this now so there’s only one blip instead of two and upgrade all OS’s to Cloud.

And if you don’t know what any of the above meant, just read from here on out, which is in English.

Because CloudLinux architecture is designed to guard against server density issues, leaving a huge amount of idle resources isn’t necessarily something we need to do anymore (and is not very green).

It’s also far greener to get what and who we can on the server as long as there is not a performance issue and any speed sacrifice. Since everyone is allotted their slice and will be lassoed in individually without affecting overall performance, we’ll be raising our resource ceiling and moving some (or all) of Blastoid over to Espeon and retiring Blastoid.

Once that’s done, we’ll then purchase a new machine and begin leapfrogging everyone over to new and better hardware and will gauge the performance thresholds as we go.

So, what makes this Cloud Hosting?

Honestly? We don’t have any freaking idea. We spent three days at HostingCon while everyone talked about “the cloud” and everyone seemed to have different ideas of what “the cloud” was or was talking about a different “cloud”. It’s called CloudLinux, people that have it call it cloud hosting, and so we’re just going with it and let it makes us feel all cutting edge.

Just go with it, folks – really. If you try and figure it out, it will just give you a headache. Trust us.

A Soholaunch exploit has been found and there have been some problematic issues in dealing with the exploit. We don’t have much information, and some of what we do have is a bit confusing, so we’re going to try and break it down for you.

In a Nutshell: The exploit has been actively exploited for about a week. We cannot craft a signature to filter out this attempt without also breaking all Soholaunch installs (if someone has come up with a mod-security rule for it, email me. I’ll pay you. Seriously.) We can detect the exploits once found and clean them once found, though see the caveat below. We were given two patch scripts by Soholaunch and ran them on all servers. The first one didn’t work, the second one appears to potentially have worked as we did not pick up active infections last night.

We’re hopeful, at this point, things are secure from an injection standpoint. We are not comfortable assuring you of that, however.

207 of you are currently using Soholaunch licenses. We had about 125 infections, across all servers. This was a widespread exploit that was actively used, and it was more than just here.

Ok, so what’s the caveat?

The caveat is your passwords to your Soholaunch install were able to be gleaned, so even if we patch the hole and clean the infections, if your login information is not changed your site is still at a high risk of exploitation.

We are suggesting the following for all Soholaunch installations:

1. All installations should be updated. v4.9.3 r42 (which includes additional security patches) has been re-released as a “latest” build. It is highly recommended that you install it. If for some reason it breaks, simply log-in to sohoadmin and “update” to the previous build (r41), which is still listed as the “stable” build.
2. All sohoadmin logins and passwords should be reset. Logins and passwords. If you saved FTP passwords in the program, change those as well.
3. If you saved any kind of secured information in the program, like logins shared between colleagues, go change those.
4. If you do not run a firewall/virus scanner, you got notice from us that you were actively infected, and you visited your own site, go get your computer scanned.

If you leave logins and passwords the same, your site is potentially at risk. I cannot stress that highly enough.

Malware Detection by Google

We are beginning to see notices from Google that sites have been picked up by them as Malware infected. Google will send notifications to:

abuse@yoursite.com, admin@yoursite.com, administrator@yoursite.com, contact@yoursite.com, info@yoursite.com, postmaster@yoursite.com, support@yoursite.com, webmaster@yoursite.com

and as all abuse notifications come to us, so we will get the notification as well if you miss it. Once Google pegs you as dangerous, people coming from Google to your site will see the following notice in the search results:

And the following when they click through (if they click through):

If we get the email, we will send you the notification after individually scanning your site. If you do not have a WebMaster account and you have a Soholaunch site, we would suggest that you go ahead and get one now, before you potentially get the notice so that you can have your site un-pegged as soon as we’re all sure the issue is passed.

We have set up a special email for this issue so if you have any questions, email security@drak.net.

This week, DrakNet’s going to be off shmoozing at HostingCon, the once a year industry party… er, place with talks interspersed with parties.

Well, we’re not actually going to be off anywhere because lucky for us, it’s coming here to Austin.

Don’t worry, there are designated tech support folks left in charge who are strictly prohibited from becoming inebriated, and though we’re going to be meeting folks from both our data centers, there are ample grumpy people that didn’t get to go watching respective DC’s.

While we have a pretty standard “If you want to talk to the owner, we will get you to the owner a.s.a.p.” policy here, I’m going to be fairly out of pocket the next three days, so please try not to attack the staff thinking that I suddenly became completely and totally inaccessible and they’re refusing to pass you up.

Any tickets that need to go straight to me may require a tad bit longer of a wait than usual, and we’ll have a report for you when I get back in.

If you’re really good while Mom’s gone, we may even come home with new goodies for the servers.

Lecturing, begging, and pleading has done no good, so now we’re taking the next step.

Ok, it’s not really all your fault – sites are such a target these days that malware attempts are becoming ridiculously common, and while you sometimes (ok, a lot of the times) make it easy for them, sometimes it’s the software developers that miss a great big hole that you could drive a truck through. Once the truck’s parked, it’s sometimes hard to find – though Google’s getting good at it.

By the time Google finds it, you’re out of the search engine, we’ve suspended you, and frankly we’d like to help you all avoid those little “all stops” to your business, or those little infections you pass on to your visitors before we’re aware.

Last night, DrakNet installed a Malware Scanner on all servers. The malware hit management is a very simple anti-virus like quarantine system that moves offending files to a quarantine container and logs the exact source path and destination file name in quarantine locker in case we need to restore any data due to false positives (though this should never happen since we are using hashed detection). In addition, the quarantine function can search the process table for running tasks that contain the file name of the offending malware and stops any processes it may be running.

The scanner will scan daily all files changed on the server within the last two days ensuring that we get a look at any file that’s been changed whatsoever. It will let us know what it found, and what it did. It is programmed to automatically quarantine the file and infection, returning the file to its original location only if the infection was able to be removed and isolating the infected version of the file in a container so we can take a look at it. Not all infections will able to be cleaned and if that’s the case, the file will simply be removed and quarantined.

Currently, we’re running scans on every server, which we started last night. This could take a few days because of the sheer number of files on each server and depending on the number of infections, it could take us a bit to contact everyone who was found to be compromised.

Simultaneous to the full scan we began, last night’s daily scan ran as well. Each morning as we go over what was found, we will prepare emails to site owners who’s sites were found with Malware outlining what was done and general steps we recommend to check to avoid infections in the future. Those who had malware installed within the past two days are already in receipt of emails outlining the issues found.

We’re hopeful that by implementing this, we can avoid automatic suspensions and catch malware before it breeds like a cell dividing on your site, as once an entry point is established, infections tend to expand exponentially as the hacker realizes the infection has gone undetected.

You can, at any time, email support for a scan on your site if you are concerned or worried that something is going on with your site. In addition, as opposed to passing the cleaning of the infections back to you, we will run the automated quarantine and cleaning scan at no charge to you hopefully securing the site and passing it back to you without malware (though some files that may be unable to be cleaned will need to be reinstalled or rebuilt by you).

Please let us know if you have any questions about this new policy.

After a few months of not having video tutorials, DrakNet has re-launched an expanded video tutorials section located at:

http://www.drak.net/support/

We have expanded our tutorials offering from just visual tutorials to many audio/visual tutorials as well that will lead you visually and verbally step by step through some of the most basic features of your web hosting account and its software.

We’ve also expanded our tutorial offerings to include tutorials on common services used that we don’t offer specifically but which many of our clients utilize to adjunct their site’s design, like YouTube tutorials, GMail tutorials, a PayPal Series, as well as a Photoshop series.

To make the tutorials easier to find, you’ll now find a “DrakNet Video Tutorials” button in your cPanel that will take you back to our site for the most up to date and current list of tutorials.

Our current full list of tutorials is below.

cPanel/WHM

cPanel11 x3 end-user series (VOICE, English)

WHM 11 reseller series (VOICE, English)

E-mail Tutorials

Configuring Email (original) series (English)

Configuring Email (SMTP auth) series (VOICE, English)

Horde series (VOICE, English)

RoundCube series (VOICE, English)

Gmail series (VOICE, English)

DNS Tutorials

Updating DNS series (VOICE, English)

Domain Transfer series (VOICE, English)

Private Nameserver series (VOICE, English)

FTP Tutorials

Complete FTP series (VOICE, English)

Payment Gateway Tutorials

PayPal series (VOICE, English)

Web Design Tutorials

Intro to XHTML series (VOICE, English)

Graphics Design

PhotoShop CS3 Basic series (VOICE, English)

PhotoShop CS3 Designer series (VOICE, English)

PhotoShop CS3 Photo series (VOICE, English)

Content Management Systems

Joomla New Setup series (VOICE, English)

Joomla New Admin series (VOICE, English)

Joomla New CMS series (VOICE, English)

Joomla New Extensions series (VOICE, English)

Joomla New end-user series (VOICE, English)

Drupal series (VOICE, English)

DotNetNuke series (VOICE, English)

Blog Software

WordPress 2.7 series (VOICE, English)

eCommerce Software

osCommerce series (VOICE, English)

CubeCart series (VOICE, English)

ZenCart series (VOICE, English)

WHMCS 4 end-user series (VOICE, English)

WHMCS 4 Setup series (VOICE, English)

WHMCS 4 Management series (VOICE, English)

Forums Software

SMF series (English)

phpBB 3 series (VOICE, English)

SMF series (VOICE, English)

Other Web Software

phpMyAdmin series (VOICE, English)

Gallery series (VOICE, English)

Auto Installers

Fantastico series (VOICE, English)

Miscellaneous Tutorials

Intro to Web Hosting series (VOICE, English)

YouTube series (VOICE, English)