Return to Main Website

  • COMPLETED: Server Migration

    April 4, 2017 by Russ
  • The server migration has been completed.  There were some slight issues with IP configurations (as we had warned before) during the migration but all of those have been corrected and all services are functioning properly.

    What's New

    ====================

    CloudLinux Operating System with KernelCare
    https://www.cloudlinux.com/all-products/product-overview/cloudlinuxos
    The server your website and email is on is now using CloudLinux as its operating system.  It is much better than what we had before because now the operating system updates on its own every day.  This ensures that we have the latest and most secure operating system on our server and downtime has been virtually eliminated.  We will only need to reboot the server whenever we need to upgrade to a major version of the operating system or upgrade hardware.

    Latest cPanel Hosting Software
    Because we are now using an operating system that is consistently updated we can now update cPanel (the software that you use for your hosting account) to its latest STABLE version.  cPanel was no longer supporting Centos 5.x operating systems which was the primary reason we performed the migration to begin with.  This server is currently running cPanel version 11.62.0 (build 17) which is the latest STABLE version.  We check for cPanel updates once a week to ensure that the server remains stable and you can have access to the latest features it has to offer.

    CloudLinux CageFS
    https://www.cloudlinux.com/cagefs
    With CloudLinux we now have the added benefit of using a tool called cageFS.  This tool essentially allows us to virtually separate everyone on this server so that no one single user can see or do anything to anyone else's accounts.  This is helpful in the event that we get someone on the server that has unscrupulous intentions.

    CloudLinux LVE Manager
    https://www.cloudlinux.com/index.php/lve-manager
    Yet another tool that allows us further control of the server to maintain its stability.  You will not have to worry if your website or email will go down because of someone else on the server hogging all the resources.  This tool allows us to set CPU, memory and bandwidth limits on each account to keep the server running smoothly for everyone.

    Hardened PHP
    https://www.cloudlinux.com/hardenedphp
    Older versions of PHP are considered insecure.  As of today, PHP 5.6 is considered slightly insecure and is basically on life support for security patches.  With CloudLinux we are now able to harden PHP versions all the way back to PHP 5.1 which means older websites can still be run on our server.

    phpSelector
    https://www.cloudlinux.com/php-selector
    With this upgrade we were also able to introduce a new feature that allows you to control the version of PHP your account uses and even control the PHP extensions that you may need.  Granted, this may be unfamiliar to you, but your webmaster will appreciate the control and flexibility available in your hosting account.  PHP versions currently available are 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0 and 7.1.

    Ruby and Python selector have also been enabled on this server to add even greater options and flexibility for developers.
    https://www.cloudlinux.com/ruby-selector
    https://www.cloudlinux.com/python-selector

    SNI Support
    SNI (Server Name Indication) is a method that allows us to install multiple SSL certificates on the same IP address.  This means you no longer need a dedicated IP address if you don't want one.  Keep in mind that if you have clients or customers that are using older website browsers and they try to visit your website they will receive a certificate error and won't be able to access your website.  This service was developed to mostly help with the IPv4 crisis but now with IPv6 available it seems a moot point but it will still help you avert costs for your website hosting.

    Upgraded Server Hardware
    We thought this would be a good time to upgrade the hardware for the server to increase its stability and decrease load times.  We now have a server that has two Intel Xeon processors (4 cores / 8 threads each) and 8GB RAM.  More than enough to handle almost anything you can throw at it.  We did not upgrade the hard drives though as 1TB is more than enough for now.  We will consider upgrading the hard drive space in the future as needed.

    Current server hardware configuration:
    2 x Intel Xeon E5620 2.4GHz processors
    8GB RAM
    2 x 1TB HDD (RAID 1 - mirrored)

    Amazon S3 Backups
    We are now backing up all accounts to an Amazon S3 (simple storage) bucket.  Before we were keeping backups on a separate hard drive on the server and decided this was the best route to go to ensure that your websites, emails, forwarders and filters were stored in a secure place that we could easily retrieve in the event of a server malfunction.  Although the Amazon Web Services does cost us additional money there will not be an increase your hosting costs.

    AutoSSL from cPanel
    With this latest version of cPanel and SNI available we now have an automated feature that automatically creates a self-signed SSL certificate for your domain name for mail, ftp and website protection.  Although the self-signed certificate will work just fine for secured email and secured FTP it will not be a sufficient certificate to protect your websites.  Websites must be secured with a certificate that comes from a trusted Root CA (Certificate Authority) like AlphaSSL, GlobalSign, GoDaddy, Network Solutions, Symantec, etc.

    So basically what this means for you is you can use your domain name for secure email.

    TLS 1.0 Disabled
    Our server no longer supports TLS 1.0.  This means that our server is nearly as PCI-Compliant as most banking servers.  We only allow TLS 1.1 and TLS 1.2 connections for secured websites.  This is a good thing but can also be a bad thing for others using outdated software or outdated browsers as they won't be able to make a connection to your SSL-secured websites.  It's a calculated risk by disabling TLS 1.0 but we feel that security of our system trumps the ability of allowing unsecured connections for people using old software and browsers.  We will eventually drop TLS 1.1 support in the future as deemed necessary and will notify you when it does happen.

    Server Configuration Broadcasts
    In order to combat hackers and web bots we've disabled a majority of the specifics for our server's configuration.  So when another server or bot polls our servers for its configuration all they will get back is "Apache".  This makes it harder to guess as to what we are running and forces them to try multiple alternatives to get into our server and makes it easier for us to block them.

Powered by