At least in SQL Server 2005 and 2008 – mind you, you should be using a newer version than those mentioned – backing up a database to a network drive is not immediately possible. I am not sure if it is just a security reason, but in the end it does not matter if you really have no other option like it happened to me. A legacy product is still using an older version of SQL Server and I needed a copy of a database, but did not have enough space on the SQL server itself to do so. The only option available was to use a mapped drive. However, SQL Server is tricky and does not accept a mapped drive that was only mapped on the OS level; SQL Server wants its own drive mapping. [Read more…]
Happy Thanksgiving. Yes, I know – I am two days late, but it is still Thanksgiving Weekend and so I think this still counts. I hope you had a good holiday weekend so far. Did you know that Thanksgiving is a time to switch to a new web host?! Many web hosting providers have some awesome deals available and if you are in the market for a new web host or want to save some money compared to your existing web hosting, then now is the time. These cheap web hosting deals will not last forever as you can imagine. [Read more…]
In Windows Active Directory you can easily copy an existing user and create a matching account for a new user. For whatever reason this cannot be done through the ADUC GUI (ADUC – Active Directory Users and Computers) when it comes to groups. I find this very annoying – especially if you have groups with dozens or even hundreds of users. I thought there must be a better way of doing this and indeed – PowerShell is your friend when it comes to such tasks. [Read more…]
I am a customer with WiredTree for quite a while now and I wanted to tell you about my recent experience with them. My web hosting itself has seen many moves over the years. I started out with shared web hosting at some smaller hosts, but back in 2003 I opened a reseller account with HTTPME.com. Then one of my websites grew and grew and I needed a dedicated server. I sold that website in 2009 for a nice 5-digit price tag and retired the dedicated server. I still had my reseller accounts with HTTPME the entire time. [Read more…]
In my recent article here I showed you how to secure your WordPress installation. WordPress is a very popular blogging and content management software. It has grown a lot over the years and the more it became popular the more it became a target for sophisticated attacks from hackers and criminals. So, it is extremely important that webmasters like me and you keep their WordPress installations up to date and secure.
WordPress has been target of many sophisticated attacks, but not too long ago some hackers went back to the basics (so to speak) and they are attempting brute force attacks against the login pages of a WordPress installation. These hackers took control of over 100,000 computers – most likely some sort of a bot net – and they are using these computers and their Internet IP addresses to run automated attacks against other websites.
As an example, my own website (http://www.webhostingresourcekit.com) uses WordPress. I am not using it as a blogging software, but more like a content management system as you can see. When I noticed the increase in attacks against my website I took additional action. I had already secured WordPress through plugins and other measures, but I did not want to risk to become victim of a brute force attack. So, I added the extra protection by forcing an additional layer of password protection onto my WordPress login and administration area. These 2 layers are independent from each other and even if one would guess the first level user ID and password, it makes it much more difficult to start automated attacks. I am not saying it is impossible to hack my website, but it takes care of most automated attacks. Online security is like security in real life. You can protect your house with extra locks, motion detectors, a sophisticated security system, and a lot of other security measures, but if someone wants to break in they will still break in. However, the common thief will fail and it will take more a more sophisticated criminal to get past the extra layers of security. The ROI for such an endeavor has to be worth the additional effort and most people will simply shy away and pick easier targets (aka somebody else’s house). The same strategy applies to your website (or mine for that matter).
The attackers mentioned above are running dictionary attacks against WordPress. They use common knowledge that the default user ID for most installation is called “admin” and they know that too many people are not using complex passwords, but passwords based on words found in common dictionaries. They combine the “admin” user account with easy to guess passwords and then run their sophisticated attacks from over 100,00 hijacked computers so that it is almost impossible to block these attacks based on where they come from.
So, when I wrote my tutorial on how you can secure your WordPress installation with just a few simple steps I did look at my website statistics and posted a screenshot to show the number of attacks. After just 2 days my website had recorded over 4,500 attacks. A day later I took another look and the number had more than doubled. Over 10,000 dictionary based attacks in roughly 3-4 days – that is quite a bit. For one if I would have used an easy to guess password my website would have been open for the attacker, but secondly these attacks also add load to my web server. Load means that the website slows down and makes the visitor experience less pleasant. The load issue is secondary, but still important.
Here is an article by Forbes magazine that describes the same situation I am talking about. They mention 90,000 IP addresses, while I have seen other reports mentioning over 100,000 IP addresses. At that level it does not matter. But when even the mainstream media starts writing about it, the issue should not be ignored. The article at Forbes shows a few steps on how to secure your website and it is a good start, but do not stop there. It pays off to go the extra mile when it comes to security.
One of my more popular websites is using WordPress. I am using a specific security plugin to protect the website and every once in a while I received a notification from the plugin that somebody had tried to access the administrator section of WordPress, but the plugin had it blocked. This functionality became even more important with the recent increase in attacks against WordPress. While my web server is already very secure thanks to Wiredtree (affiliate link), it is up to each Webmaster like yourself to further protect your website based on which software you use.
If you are running a vCloud Director environment, host maintenance and host management is a bit different. Changes you make in vCenter might not reflect correctly inside vCloud. If vCloud Director does not know about certain changes, the stability and performance of your environment is at risk. [Read more…]
Sometimes things happen for no reason. I am working in a new, inherited environment these days and a lot of my time is spent investigating, gathering data and information, and of course putting out fires here and there. The last system administrator had left before I started and so I am flying blind a bit, but that is alright. [Read more…]
Recently I ran into an issue with a VMware server running ESX 4.1 U2. The server started crashing randomly. Working with Dell we did a lot of troubleshooting and they replaced a lot of hardware during the process. Dell could not pinpoint the faulty part and so they started replacing motherboard, CPUs, RAM, Memory Riser Cards, the motherboard (again), and the 2 Qlogic HBAs. At that point Dell required that the HBA Firmware needs to be upgraded due to the replacement parts not being on the latest version. And that’s where things became ugly. [Read more…]
Unless you are living under a rock you have probably heard by now how important it is for a website to load fast. Search engines like Google and Bing have adjusted their search algorithms to include load speed of a website into the decision of how a website ranks. But a fast loading website is not only important for search engine rankings, it is also important to provide the best possible user experience. [Read more…]