PixelBlog

These things come in cycles but it seems as if the dreaded FTP hackers are back. Inserting malware in the form of hidden iframes, unescaped javascript into people’s sites via their own FTP details. No brute force, no server exploits, just logging in as the owner and adding the details to the bottom of (usually) index.* or default.* files. The logs show it happening so quickly that it’s obviously a robot designed to do this and this alone.

The infected sites usually download some malware to the user’s machines; usually Windows I might add (I’ve not seen it compromise anything else but never say never eh?) and then we’re not sure what it does. However it would be logical to assume that the very malware that user has downloaded furthers the goal of the original malware i.e. self-propagation or indeed zombie spam.

What we are clear on is that the original hack almost always comes from users uploading and downloading their files to the FTP in PLAIN FTP. Note the obvious here… ‘PLAIN’. FTP is a protocol from the 80s, and whilst it’s quite simple, hence why it exists today, it’s inherently insecure. Authenticating with PLAIN FTP is the digital equivalent of shouting your username and password out of your window. Would you do that? It’s trivial, absolutely trivial for a robot or someone with a packet sniffer to obtain these details.

3DPixel.net has always always recommended the use of secure FTP, namely FTP over SSL / explicit TLS via our guide at http://3dpixel.net/faq/how-to-upload-your-website-via-ftp

It is saddening to see when we receive notification that ‘my site has been hacked’ and ‘your servers have a virus’. I’m afraid to say, that our servers don’t have viruses (as much as one can say as a security focused sysadmin working on a *nix system with all the security / scanning in place) and that the site was accessed legitimately with the valid username and password. There is nothing, as server admins, that we can do to stop this. This robot / hacker HAS your FTP details. They are legitimate users to the server.

Naturally, we could implicitly ‘force’ all users to connect via FTP over TLS. As you can no doubt imagine, the amount of complaints we received about ‘not being able to connect’, ‘my old host didn’t do this’, ‘why are you making it “hard” for me to upload my website?’ questions flooded in. We even tried to persevere through the ‘we fear change’ 3 month window but, 6 months later it was obvious that this was not going to stick and we had to revert to it being ‘optional’ with a strong recommendation to use FTP over TLS. Spineless? Maybe.

Just remember, please always try to connect to your site using FTP over TLS. There is even a better, read: more secure method of FTP which is SFTP. FTP over SSH. We unfortunately do not give this to our shared customers as it requires we allow SSH access we we don’t allow in any case. Naturally, SFTP is the way to go with a dedicated or VPS server.

We thought we would publish some benchmarks of our latest generation of 3dpixel.net servers for both personal and dedicated customers.

Our primary aims are to:

a) increase performance
b) reduce power consumption

To this end, we are gradually replacing our Dual Core Nocona Xeon Servers with SCSI drives to Quad Core Harpertown Xeon Servers with the latest SSD drives from Intel.

Web serving in the main is an IO limited enterprise. This means that although CPU and memory speed are reasonably important, the speed of the hard drive subsystem is critical. This means that the drives themselves, and the controller used to power them are potentially the most important parts of any webserver.

We have opted for the new Intel X25 Solid State Drives, with all the latest firmwares applied combined with a 3Ware 9690SA RAID controller for RAID5 operations, which we have found to be the most suitable option for webserving (best reads).

Write test:
One of the supposed downsides of SSD drives is the write speed, perhaps moreso with RAID5 which has a poor write operation max compared to other RAID levels due to the complex parity calculations.

Creation of a 10GB file-
dd if=/dev/zero of=file_10GB bs=10000000 count=1k
1024+0 records in
1024+0 records out
10240000000 bytes (10 GB) copied, 61.8966 seconds, 165 MB/s

Blows the water out of our SCSI machines which usually write at about 120MB/s.

Read Test:
hdparm -t /dev/sda1
/dev/sda1:
Timing buffered disk reads: 1224 MB in 3.00 seconds = 408.85 MB/sec

Again, SCSI 15k in RAID5 reads are about 190MB/s albeit on a 3year old server.

The main point we have noticed is how fast the array seems to perform. Obviously the latency on the SSD drives is virtually non-existant versus ‘traditional media’. This should improve the general responsiveness of sites hosted.

Power Consumption:
CPUs aside, which use around 45w versus the 75w of the older Nocona Xeons (which saves 0.25amps by itself) we have worked out that saving the power of 4 15krpm SCSI drives compared to the virtual non-existant power consuming SSDs is about 50w which is 0.2amps. This means we have essentially reduced the power consumption of a standard shared hosting platform from 1amp to 0.6amps. Scaled up to a lot of servers, this is a massive power saving albeit at a cost. Having said that, the cost per GB is what we were paying 3/4 years ago for SCSI.

Green computing, with unbeatable performance

We’ve just been helping a client out with their Windows Vista Mail. Totally unrelated to our web hosting business but we like to help other companies in the same building as ourselves!

Windows Mail appears to ‘lose’ entries from the contacts list when they are typed for autocomplete in the ‘to’ field. After scouring the internet it seems that Microsoft didn’t allow Windows Mail to use the Windows Contacts for the autocomplete database. Instead, they had a temporary cache of 20-30 emails that were cycled through for this pseudo-autocomplete database.

Our client, who like many of us, emails a lot more than 20 people a day found this seemingly ‘forgetfulness’ of Windows Mail was driving him up the wall.

No solution from Microsoft save from ‘upgrade to Windows Live Mail’. It seems, even from Microsoft’s own forums, that Windows Mail was an interim and slightly rushed product to get Vista out of the door.

In any case, the client upgraded and this bug is now fixed.