Archive for the ‘General’ Category

New Colocation Services From Marietta Data Center

Friday, June 2nd, 2017

Check out Marietta Data Center for affordable Atlanta colocation options.

cPanel Web Hosting From cPanel Web Servers

Wednesday, May 21st, 2014

cPanel Web Serversis now offering low cost cPanel web hosting plans for end users who may not need a business class hosting account. All accounts include the popular cPanel control panel and reseller accounts include Web Host Manager (WHM).

Cheap Atlanta Server Colocation

Monday, May 19th, 2014

Looking for low cost Atlanta colocation? Check out Cheap Server Colocation

Atlanta Network Consulting

Thursday, May 15th, 2014

New server management services are available from Atlanta Network Consulting check them out if you need custom solutions for server management.

Easy WordPress Hosting

Thursday, November 1st, 2007

Due to the extreme popularity of the WordPress blog software, we are now offering to install a copy of WordPress for free for any new account signup. Any new customer of any of our shared or reseller hosting plans can request WordPress to be installed free of charge. This offer also applies to our blog hosting plan.

We will install the WordPress software package on your account, 3 add-on themes of your choice, setup the proper directory permissions for file/image uploads, and configure .htaccess for the URL rewrite.

IPS Explained

Sunday, June 25th, 2006

Building on the previous post about our IPS (Intrusion Protection System), people are curious to know how the devices work and how they make hosting no ads

We’ll start with a few random example attacks logged by one of our IPS devices:

06/25/2006 14:07:42 Gateway Anti-Virus Alert:
Netsky.P#fsg (Worm) blocked

06/25/2006 13:35:53 SYN flood attack dropped

06/25/2006 13:11:59 IPS Prevention Alert: EXPLOIT ASN.1
Remote Code Execution 2 (IIS),
SID: 2829, Priority: High

06/25/2006 05:15:03 IPS Prevention Alert: EXPLOIT
Invision Power Board <= 2.1.5
(from_contact) SQL Injection
Attack, SID: 3192, Priority: High

First lets explain the events listed above…

06/25/2006 14:07:42 Gateway Anti-Virus Alert:
Starting with the first entry we have a Netsky email worm attempting to enter our network via an infected email.

This Netsky worm spreads by sending out copies of itself as email attachment using its built-in SMTP engine. It gathers target recipients from certain files found on the affected machine, virtually turning the affected system into a propagation launch pad.

06/25/2006 13:35:53 SYN flood attack dropped
Next we have a SYN flood type attack.

A SYN Flood is a denial of service attack in which TCP connection requests are sent faster than the system can process them. This causes the memory to fill up, forcing the new connections to be ignored. This detection triggers whenever a large number of SYN packets are seen in a short period of time.

06/25/2006 13:11:59 IPS Prevention Alert: EXPLOIT ASN.1
Next on the list we have an attempted Windows Server Exploit.

A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.

An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

06/25/2006 05:15:03 IPS Prevention Alert: EXPLOIT
And last on the list we have an Invision Power Board forum exploit attempt.

Invision Power Board is vulnerable to a remote SQL injection attack. An exploit has been published, which allows an attacker to extract a password hash from the forum’s data base of any registered user. An attacker may then unset his cookies used by the forum – and pass the obtained hash and corresponding target User ID, authenticating himself to the server as an arbitrary user.

Intrusion Protection Systems are in place to continuously look at the data stream coming into our network, they are pre-programmed and updated “on the fly” to detect signatures of known exploits and either warn or block them based on a predefined threat level. When a remote device creates a malicious attempt on our network, the traffic has to pass through an IPS device. As the traffic goes into the IPS it rapidly scans the data stream, and makes the decision to block or allow the traffic based on its database of malicious signatures. If the data is found to be malicious it is blocked and logged before it reaches the server.

While we cannot disclose the total amount of malicious items we scan for, we can however state that we have well over 20,000 malicious signatures in our IPS databases. Those signatures include server/software exploits, email worms/viruses, and some forms of spyware. That number does not include the malicious signature databases used by our provider’s IPS devices.

The entire detection process takes place in real-time and shows no noticeable lag on the data connection to the server. All Sitestash hosting servers are protected by IPS systems, dedicated server and co-location customers have access to IPS/Firewall protected bandwidth by request.