Worried about Dirty COW? You should be, because last week a serious vulnerability was discovered in the Linux kernel which runs the majority of the world's servers. It was so critical that it can lead to a privilege escalation, denial of service, or information leaks. And it's called Dirty COW! Why the name Dirty COW? It gets its name from the Linux sub-system, called Copy-On-Write or COW, in which it appears.
You may well have seen reports in national dailies about it, and now it's spread to Android Phones as well. Basically, if you've got a website then you are potentially at serious risk because it could take weeks before web hosts get round to patching the kernel on their servers. Then the server will need to be rebooted resulting in downtime.
Unless of course you're a WebSpain client! Because when we switched to Cloud Linux earlier this year we also purchased Kernel Care as part of the package. KernelCare keeps Linux servers secure with all the latest kernel patches available immediately, and they're automatically applied without needing to reboot the server. So no security issues and no downtime!
It keeps running permanently and checks for any kernel security updates every 4 hours. If there's an update available, it just applies it without any human intervention or downtime. Our kernel was patched on 21st October......literally as the news broke.
If you're not a WebSpain client then you just have to cross your fingers that somebody is going to take action at some point to protect your business interests. Timescale is impossible to estimate......but I can guarantee that the less you paid for your hosting then the longer it will take. If it's even patched at all! But that's what happens when your main priority is cheap!
It just demonstrates, once again, how proactive we've always been in this area, and how not all web hosting is created equal.
If you're serious about your business then you need a serious provider. If you're not serious about your business, or perhaps you just don't care......then there's plenty of providers out there that would be a perfect fit for you. But we're not one of them!
We've now entered the CloudLinux era, as our main UK server is now running on this commercial operating system. CloudLinux is purely designed for shared hosting environments, and delivers numerous benefits to you as a user, and to us as a web host.
1. Each account is contained within a “Lightweight Virtualized Environment” (LVE), that totally isolates each user. This means that tenants cannot jeopardize the stability of anybody else's site, or the server, because each one will be allocated a specific amount of memory, CPU etc that they can use.
2. CloudLinux OS also “cages” tenants from one another using a component called CageFS to minimise the risk of security breaches. This way, unstable scripts or malware are unable to spread across other sites causing defacement. This short video is a bit simplistic but it shows how individual users are caged to prevent them causing harm to anybody else's site.
3. LVE Manager will limit all CPU, IO, memory resources, numbers of processes, and concurrent connections per each user to maintain stability right across the platform.
4. CloudLinux comes with a PHP Selector which will allow users to define the version of PHP that they use. But unlike others, we will not be using this component to continue to run outdated and vulnerable versions of PHP.
If PHP have discontinued security updates for a particular version then it will be removed, because we won't abuse this feature by turning it into a "workaround" for potentially vulnerable software. That's just asking for trouble.
5. We have also implemented the additional security initiative known as Kernel Care! This automatically updates the linux Kernel of the operating system as soon as vulnerabilities are discovered. There's no waiting weeks for patches to be released while you remain at risk......it happens instantly!
The implementation of CloudLinux was something that we have been working towards for many months. Earlier this year we doubled the server memory to 32GB, and changed the PHP handler to FPM-FCGI, in order to take full advantage of CloudLinux and recent advances in server processes.
And when the time came to implement it, we didn't just get the datacentre support staff to handle the process, we took the unprecedented step of paying for the services of an external CloudLinux specialist to carry it out. Simply because we wanted to ensure that all aspects of this operating system were deployed in the most effective way possible.
It's a very specialised system, and a generic "one size fits all" installation is not what we wanted. We wanted it fine-tuned and optimised just for our sites!
As I've stated before, not all web hosting is the same. We know for a fact that we were already offering a far superior hosting platform to our competitors anyway.....the majority of which only operate on reseller accounts on other companies' shared servers. I'm not knocking that......we all have to start somewhere, and that's where we were 15 years ago.
But the reality is that you can't compare that environment to the type of infrastructure that we deliver via our own private dedicated servers. Now with the addition of CloudLinux, we've taken a big step forward once again!
We're determined to offer our clients the very best in all areas......and we'll make whatever investments that need to be made in order to achieve that, at no additional cost to yourselves!
Bottom line is that nobody else does what we do.....in the way that we do it. That is absolute fact, and for those of you who've been with us for many years......I'm not telling you anything you don't already know.
We're reluctant webhosts! We never wanted to provide web hosting. All we ever wanted to do was build websites.....nothing else. But back in 2003 we reached the point where it was impossible to get anything done on potential clients' hosting services because more often than not they were unreliable, slow, and in some cases unfit for purpose. So we had no choice, we had to provide hosting ourselves!
We wanted the best that we could realistically afford at the time. So for some years we struggled to break even on hosting......just to be able to build sites. Then we'd outgrow our resources, so costs increased once again! In 2007 we had to move from reseller accounts to virtual private servers (VPS), then in 2009 onto a Hybrid VPS. By 2011 we'd outgrown all flavours of VPS's.....and it was onto Dedicated Servers!
We share with no one, we don't sell hosting to outsiders, and only our clients with our sites are on there. We actually turn hosting business away every week simply because we do not want a bad neighbourhood.
We're not server administrators.....we're web designers. So we pay for the highest level of server management that the datacentre can provide, with a guaranteed 5 minute response time 24/7/365......using the same upstream provider since 2009. We're in good hands.....and so are you!
Now let's look at some of the different aspects related to hosting!
Server uptime: Our uptime percentage over the last year is 99.97%. That figure is up there with some of the best in the industry! It means that over the last 12 months the server has only been inaccessible for 2 hours 37 minutes. And approximately an hour of that was down to scheduled network maintenance performed overnight GMT.
How do we know if a server goes down? We use a remote monitoring service to ping our server (send a signal) every minute of every day. If the remote server doesn't get a response it sends me an instant text message that something may be wrong. It's no joke getting a false alarm at 4AM, but it happens. You see why we never wanted to be web hosts?
Backups: Many hosts claim to have them.....but don't always take that as read! We actually do.....using the industry leading R1Soft backup system.
Every Monday/Wednesday/Friday starting at 12AM an automated process makes a backup of every site on the server, and then stores it on another server in the same datacentre. It repeats this process throughout the month till it eventually reaches it's maximum of 10 backup points. Then the oldest backup is replaced with the newest, and the process continues.
Security: One very important point here! If you are still running on outdated software that has now been withdrawn, then none of the factors below will help you much. This is because your site may well have security vulnerabilities that cannot be patched due to age, so an intruder could potentially just walk straight in without the alarm going off. If this applies to you, then you've already been informed of the situation. Now here's some (but not all) of the security processes that are in effect:
We take the hosting side of the business very seriously.....despite the fact that we never wanted to be webhosts. But as we had no choice, we thought that just like design, we'd better do it to a standard that surpasses all others.....so we did!
Let's summarise the facts:
1. Unlike others, we are not hosting resellers on low budget shared public servers. These are our servers!
2. We turn away business regularly because we won't expose our clients to any potential risk by taking in outsiders.
3. We have a solid infrastructure that is professionally managed and running on business class networks.
4. Throughout the years we've invested back into the business to deliver a better quality hosting environment.
So don't compare what we do with others.....because not all web hosting is created equal!
WebSpain offer secure and professional web hosting services as part of our Managed Service Plans in two worldwide locations (London and Detroit). These are both prestigious datacentres that are connected to premium business networks. Reliability, consistency, server speed, and security are paramount to ensure that your business is being promoted effectively.
The wrong location on a low budget, overloaded, and unreliable server is not a professional platform on which to do business. Your website is a critical part of your business......but how seriously do you really take it? You need to know where your site is located, what server security is in place, and if there are site backups!
If you cannot confirm that protective measures are in place to safeguard your critical data then your business (and your future) are at risk! However, there is a more professional option! WebSpain run private servers in the UK and US for our clients.....and we don't provide budget shared hosting as others do, we deliver enterprise strength account management and data security. There's a big difference!
Do not confuse our services as listed below with the basic web hosting accounts that are sold by hosting providers. They are two TOTALLY different things! Because we do not sell basic web hosting services, we deliver Managed Service Plans which include hosting services for our web design clients.
What we provide with our Managed Services Plans:
Site security updates applied on day of release.
Site errors rectified subject to site software being current.
Enterprise strength site security firewall.
Malware removal on sites using Cloud based Auto Clean for infected files.
Uptime monitor checking connectivity to your site every 5 minutes 24/7/365.
Proactive monitoring of site and server security notifications related to your account.
E-Mail delivery monitoring.
Ongoing DNSBL IP Reputation Checks.
Ongoing Domain Reputation checks powered by Google Safebrowsing.
Daily account backups to a remote server on the network using R1 Soft technology.
Twice a day database backups.
PHP version upgrades subject to site software being current.
Immediate site and mailbox restoration.
GDPR compliancy implementation.
SSL / Dedicated IP address implementation.
Cloud Linux optimised servers.
Industry-leading commercial server security system.
Sites protected within CageFS individual containers.
KernelCare seamless operating system security updates with no server reboot required.
cPHulk Brute Force Detection.
Shell Fork Bomb Protection.
Optimised ModSecurity rules.
High CPU, RAM, and disk inode allocations to each site.
SSD Hard Disks.
Rapid response to clients with personal support 365 days a year.
Please note that no web host will manage, update, and rectify faults on your WEBSITE. All they support is the SERVER and the NETWORK.
So if you choose to use a basic web host then your website is your responsibilty!
Our enterprise level hosting resources are only available for our web design clients as a component within our Managed Service Plans.