Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

Croc Monster posted:

I wonder how Arvixe is doing after the EIG buyout earlier this year. Surely it...

*checks WHT shared hosting subforum, which I haven't visited in months*

Oh. Yep.

Bonus points for an ASO thread on the first page too.

EIG waited a year I think before they fired almost everyone.
I had some customer come from Arvixe too, said the support and service quality changed overnight.

Adbot
ADBOT LOVES YOU

Unity Gain
Sep 15, 2007

dancing blue
Wow. And I just saw they bought out Verio and the rest of Site5 as well.

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

Croc Monster posted:

Wow. And I just saw they bought out Verio and the rest of Site5 as well.

They also bought Resellerclub.

If EIG decided to quit, they would take half the internet down.

Unity Gain
Sep 15, 2007

dancing blue

DarkLotus posted:

They also bought Resellerclub.

!!! That one I missed.

No joke about their size..

sleepy gary
Jan 11, 2006

Is Site5 bad now?

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

sleepy gary posted:

Is Site5 bad now?

The general consensus is to avoid anything owned by EIG at all costs.

Impotence
Nov 8, 2010
Lipstick Apathy

DarkLotus posted:

The general consensus is to avoid anything owned by EIG at all costs.

reiterating 'at all costs'

literally get the gently caress out, no matter what it takes, immediately, if there is an eig acquisition

Crazy Jesus
May 18, 2005

"I don't know what you people did to him down there, but he hasn't been the same since..&
I haven't been able to access any of my websites hosting with Lithium Hosting for 2 days now with no explanation other than there's an issue with the server.

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

Crazy Jesus posted:

I haven't been able to access any of my websites hosting with Lithium Hosting for 2 days now with no explanation other than there's an issue with the server.

This isn't the thread for this, please submit a ticket if you're having issues.

Crazy Jesus
May 18, 2005

"I don't know what you people did to him down there, but he hasn't been the same since..&

DarkLotus posted:

This isn't the thread for this, please submit a ticket if you're having issues.

I did, and this was the incredibly unhelpful response:

quote:

Hello,

We've acknowledged the intermittent issues on the server status page, please refrain from opening tickets for existing issues.

Regards,

Troy
Account Manager
Lithium Hosting Support

Salt Fish
Sep 11, 2003

Cybernetic Crumb

Crazy Jesus posted:

I did, and this was the incredibly unhelpful response:

So this isn't the thread for talking about it, and additionally their helpdesk isn't the place for talking about it either. Where exactly should people talk about downtime then?

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!
Have you checked to see if the issue status changed?
If you're still having issues and a service issue is resolved you may submit a ticket.
The point of that response was, if a service issue was already reported and acknowledged and the text of the issue description said "we're working on it, please refrain from opening tickets", please don't open a ticket.
Perhaps I could have worded my response to you a little better, sorry for that.

diremonk
Jun 17, 2008

I'm looking to move off of my current shared hosting provider onto something that offers a bit more reliability and speed. I have four or five domains all running wordpress, but I'd like to do a bit of experimenting with other content systems. Would moving everything over to AWS be a good idea or would it better better to go with a different provider?

Impotence
Nov 8, 2010
Lipstick Apathy

diremonk posted:

I'm looking to move off of my current shared hosting provider onto something that offers a bit more reliability and speed. I have four or five domains all running wordpress, but I'd like to do a bit of experimenting with other content systems. Would moving everything over to AWS be a good idea or would it better better to go with a different provider?

If you aren't a devops hipsterbeard, don't bother with AWS. If you are just a shared hosting user, don't use AWS or you will get completely ruined/hosed if you overlook something and get your card hit for $5k

Nohearum
Nov 2, 2013
My dad has Alzheimer's so I got him a cheap chinese GPS tracking watch so we can find him if he gets lost. The watch will upload its position via GPRS at a set interval to any IP address or domain you specify. I need a cheap/free vps that can read the coordinates as they come in and generate a table of Google maps links for the last 10 known positions or something. This should require minimal cpu/bandwidth/storage.

Any suggestions?

Vulture Culture
Jul 14, 2003

I was never enjoying it. I only eat it for the nutrients.

Nohearum posted:

My dad has Alzheimer's so I got him a cheap chinese GPS tracking watch so we can find him if he gets lost. The watch will upload its position via GPRS at a set interval to any IP address or domain you specify. I need a cheap/free vps that can read the coordinates as they come in and generate a table of Google maps links for the last 10 known positions or something. This should require minimal cpu/bandwidth/storage.

Any suggestions?
For this use case, I'd look at AWS Lambda. You're not running any servers, and you just pay by the request for your application. Something like this can probably stay comfortably within their free tier.

Otherwise, a t2.micro instance on AWS is free for the first year.

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

Nohearum posted:

My dad has Alzheimer's so I got him a cheap chinese GPS tracking watch so we can find him if he gets lost. The watch will upload its position via GPRS at a set interval to any IP address or domain you specify. I need a cheap/free vps that can read the coordinates as they come in and generate a table of Google maps links for the last 10 known positions or something. This should require minimal cpu/bandwidth/storage.

Any suggestions?

Something like that doesn't really need a VPS, you'd do just fine with a cheap shared hosting plan.
Your resource and bandwidth requirements don't even justify a VPS unless you're a control freak ;)

LiterallyAnything
Jul 11, 2008

by vyelkin
Cross posting this-

I have to distribute files to multiple work from home users (using VPN) who aren't able to reach shares on the domain due to... well, I'm not sure really. Either something with Corp IT security policies or something with Net Eng and the routing. Either way these users can't hit shares on our primary domain even though they have domain accounts (AD restrictions?).

Anyway, I need to find a way to get files out to these individuals. Preferably a method that would involve them clicking a simple batch or vbs script that will pull down the files from (somewhere) and replace them with files currently on the PC.

There's a webserver that serves pages to all users regardless, so I think that's how I'll have to go about it, but I'm not sure where to begin. Will this have to be like a FTP thing? Thanks for any help in advance.

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

dropbox public folder?

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!
Linode has some splaining to do...
https://twitter.com/linode/status/684448030867734528

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!


How many big ugly security breaches is that for them? Ugh.

Are the DDoS's still going on?

DarkLotus
Sep 30, 2001

Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

Bob Morales posted:

How many big ugly security breaches is that for them? Ugh.

Are the DDoS's still going on?

I've heard some things about this breach that scare me. I admittedly have a Linode account (dns and dev stuff) and am in the process of cancelling everything.
The DDoS's are still going on, the management portal is very unstable and server latency is miserable at best.

Thalagyrt
Aug 10, 2006

Bob Morales posted:

How many big ugly security breaches is that for them? Ugh.

Are the DDoS's still going on?

I'm fairly confident that Linode has been compromised since July, if not earlier. I work for one of those three customers (not vNucleus - that's a side gig I do because I enjoy it) and we moved off of Linode after an incident in July. We've been under strict gag orders from legal about that incident until today when Linode finally announced their compromise. Really, the only way I can see that this attacker could have gotten in the way they did (they logged into our Linode Manager account on the first try using a username that wasn't used anywhere but in Linode Manager, using valid 2fa and valid password) was if they had access to the Linode Manager database, which echoes the announcement today. I'm pretty sure that the recent WP Engine compromise was achieved through the same attack vector, too.

The CEO refuses to let the engineers move off of ColdFusion. It's really sad. They've got some good engineers there who are forced to work with bad tools because of the CEO's ego problem.

Edit: Looks like they're finally getting the goahead to rewrite - an engineer posted on HN that they're rewriting in Python. Good to hear!
Edit 2: Other people speaking out: https://twitter.com/theckman/status/684448901810778112

Thalagyrt fucked around with this message at 21:11 on Jan 5, 2016

Unity Gain
Sep 15, 2007

dancing blue

oh ffs.

Guess it really is time to move to Digital Ocean.

e: or maybe AWS and route 53 like all the cool kids, but I really don't cotton to al the work involved.

Unity Gain fucked around with this message at 21:22 on Jan 5, 2016

Thalagyrt
Aug 10, 2006

Croc Monster posted:

oh ffs.

Guess it really is time to move to Digital Ocean.

It's been a good idea to ditch Linode for a long time. I mean, just the mere fact that they're running ColdFusion in 2016 should be screaming "stay away" at you.

MrMoo
Sep 14, 2000

Bob Morales posted:

How many big ugly security breaches is that for them? Ugh.

Are the DDoS's still going on?

Cannot follow the link to the blog due to a DDoS, awesome sauce.

Unity Gain
Sep 15, 2007

dancing blue
Yeah. At least my sites (NJ datacenter) are up and running and snappy. For now. It's funny, a few weeks ago I started writing some ansible playbooks for provisioning my platforms in case of just such a problem. Kinda abandoned it over the holidays. Looks like I should get back to work on them pronto.

Thalagyrt
Aug 10, 2006

Goddamn, you goons are quick. Someone copied/pasted my post onto hacker news within like 2 minutes.

nem
Jan 4, 2003

panel.dev
apnscp: cPanel evolved

Bob Morales posted:

How many big ugly security breaches is that for them? Ugh.

Are the DDoS's still going on?

It hit Zayo's data center in Atlanta. We were affected, as was the entire data center, including its in-house brand NetDepot. The attackers hit the edge router instead of actual machine they wanted to offline. Around 2 hours of intermittent downtime on New Year's Day :confuoot:.

Sometimes you feel bad for the network engineers who mitigate these onslaughts.

Unity Gain
Sep 15, 2007

dancing blue

MrMoo posted:

Cannot follow the link to the blog due to a DDoS, awesome sauce.

Just came back up for me , but still can't connect to linode proper.

Choice quote:

linode posted:

Thank you for your patience, understanding and ongoing trust in Linode.

Ahahahahaha, no.

Thalagyrt
Aug 10, 2006

quote:

I'm glad to see that this information has now been publicly disclosed. In July 2015, we suffered a compromise at PagerDuty via the Linode Manager. I hope that we can provide a bit more of an official in-depth post-mortem of our compromise, but I'd be happy to disclose some of the details here.

Using the access gained within the Linode Manager, the attacker reset the root password on a few systems, and used Lish to gain root access. We were alerted to this activity and fully revoked the attacker's access within 60 minutes of the first node being compromised. Working with Linode support, we discovered which user account was being used and completely deactivated the user. We also isolated the VMs, and performed forensics on read-only copies of their disk images.

In our situation the attacker knew one of our user's passwords and MFA secret. This allowed them to provide valid authentication credentials for an account in the Linode Manager. It's worth noting that all of our active user accounts had two-factor authentication enabled. An interesting data point was that the user who had their account compromised was no longer in possession of the MFA secret themselves. Their cell phone had been reset (thus deleting all data) 8 months prior. The user could not log in to the Linode Manager if they wanted, so it was our determination that the key could not have been obtained from the user and was more likely on Linode's side.

We also have evidence from access logs provided by Linode that the attackers tried to authenticate as an ex-employee, whose username ONLY existed in the Linode database. It was absolutely unique and was not used elsewhere by the employee making the username an accidental honeypot. This was another piece of data supporting that Linode was the source of our compromise.

We immediately reached out to them not only to inform them of their compromise, but to assist them in investigating it. We were confident that the Linode database had been breached, and that the secret key used to encrypt information in the database had been compromised as well.

In addition to reaching out to Linode, we also worked with a third-party security firm to audit our work done during the incident. Likewise, around the same time we reached out to law enforcement to assist in investigating the attack. I believe our public disclosure includes this information[1]. This was in the middle of July 2015.

The response we got from Linode was that they had no evidence of the compromise being on their end. They could not explain how the attack occurred, but they were confident they were not the vector.

In the end, we migrated away from Linode because of this breach (even before it was publicly disclosed) in Aug 2015. We also never were able to confidently disclose that Linode was the vector due to lack of confirmation from their end. While all of us who responded to the incident were confident they were the source, we now thankfully have the data to confirm it.

https://news.ycombinator.com/item?id=10845985

JBark
Jun 27, 2000
Good passwords are a good idea.
Hey, an upside to my slowness in moving away from HostGator (EIG) to Linode, since I had no clue there were these sorts of issues with Linode until I was reading about all the ongoing DDoS stuff. Was going to have our US office add credit card info to our account this week after months and months of procrastination. Guess that's on hold. :)

I was just about to ask, "is DigitalOcean fine for running production websites?", then realised that I obviously don't care, since I'm using EIG right now.

revmoo
May 25, 2006

#basta
Holy poo poo my credit card was stolen and was used last night and I concluded it was Linode. I came here to ask if anyone was having issues.....

Unity Gain
Sep 15, 2007

dancing blue
^^^^^^ None here.

MrMoo
Sep 14, 2000

Ugh I hope not, I'm more than 8,000 miles away from the bank I'm using for that :stare:

revmoo
May 25, 2006

#basta
Had two small charges for Tmart (never heard of it) and then a $300 purchase online at wal-mart.com that went through. Which means they had my full info. I've been on a very short list of sites since the LAST time my card got stolen (also was on Linode, hmm........) including basically Amazon and B&H and not much else.

Thalagyrt
Aug 10, 2006

Ouch. Having your CC compromised sucks. :(

Hopefully that doesn't happen to too many people.

Impotence
Nov 8, 2010
Lipstick Apathy
my bank auto-blocked linode yesterday apparently; valid non-expired cc that has been paying this for the last 2 years

We attempted to process payment, but your credit card issuer declined the transaction. For the time being, your services are still running; however we require the balance to be paid
Thank you for using Linode.

Unity Gain
Sep 15, 2007

dancing blue
My linode payment went through as normal. Moved out of pending after a couple of days and is showing as a proper posted transaction.

Adbot
ADBOT LOVES YOU

Kleedrac
Jan 16, 2008

Mii, myself & I

deep impact on vhs posted:

iredmail is great for self-hosted mail but it can be a hassle to upgrade if you get behind by a few versions- works with all mail clients afaik and includes roundcube for webmail

for storage, if you're running a *nix/bsd box you already have openssh which means you can use sftp: https://www.digitalocean.com/community/tutorials/how-to-use-sftp-to-securely-transfer-files-with-a-remote-server

dunno about the rest but i hope this helps

on an unrelated note i should probably spin up a backup server or start pulling stuff down nightly just in case

code:
reverie@apollo ~ $ wc -l /etc/nginx/nginx.conf 
294 /etc/nginx/nginx.conf
i would hate to have to write this loving config all over again

setting up hsts, ocsp stapling and spdy was a bit of a bitch, plus all of the performance poo poo

This post got me started on a route to set up a mail server using iredmail - thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply