Issue # 8 NOV. 2006

Kudos Where Kudos Are Deux
Being the awesome company we are, there are a couple announcements with regards to recent promotions of our staff. Tim Rhoads, formally in customer care is our new Billing Manager! Congratz, Tim! In addition, our shameless Editor-In-Chief and self-proclaimed town cryer Matt Wolff has been made Channel Marketing Manager. That means our two veteran support reps have sadly moved up but they'll still be around, should you need them. But who cares about them when there's all sorts of exciting, new faces around to help out.

Speaking of Which...
We have a few new faces to introduce as the midPhase family keeps growing! Ron Cotoni is a new systems administrator for us, as is John Tichnell! Ron comes from Boston with the accent to match, John hails from Michigan and is presently building the first midPhase Robot to fetch us snacks and soda. Joining us in our support department are Matt Berry, Azi Higgs and Danni Gauger! Three shiny, fresh voices on the other end of the line ready and waiting to assist you in all your customer service needs. Give 'em a hearty 'welcome to midPhase' should you get them on the horn!

Behold the Power of Affiliates
Well folks, we've done it. We've passed the half million dollar mark for Affiliate payouts and the checks keep going out the door! This explosive growth we're seeing is a direct result of our fantastically successful Affiliate system and thusly we only have you, the customer, to thank. So thank you. Remember, you can make cash off your relatives, friends and enemies alike by referring them to midPhase Services for the web hosting needs. Check out http://www.midPhaseAffiliates.com and sign up today!

Q & Looong A explained.
In this section, we will have various midPhase employees answer customer questions in each addition. As the newsletter grows, we'll do our best in also answering more questions. Send your technical, business, marketing, design/programing questions to qna@midphase.com.

Q: "How can I secure my site?" as answered by John Skopis, systems administrator.

From a shared customers perspective there really isn't much to do to
secure your site other than use a secure password and use secure software
because midPhase takes care of the physical server security. I could turn this
into a secure password lecture but I am not going to because we all know the
difference between a good and a bad password. Now, what do I mean exactly by
secure software? Well There a lots of CMS systems out there so its a good idea
to use one that is actively maintained and properly tested. Actively
maintained does not necessarily mean you should only use software like
Wordpress, Joomla, and Drupal it just means that if there is a security
vulnerability found that a patch will be released in a timely fashion. Also,
it doesn't do much good if the patch is released and you don't apply it
because you weren't staying current. Most OSS applications have some sort of a
mailing-list or some means of notifying their user's when updates are
released. If you installed your app via Fantastico you can upgrade via
Fantastico also. The other important point I made was that its good to use
software that has been heavily tested because it will be more secure, more
efficient, and have less bugs.

The other thing I would like to talk about that applies to all of our clients
about is formmail scripts. If you are not doing so already I would strongly
urge you to switch to cgiemail, which is a very simple and secure email
script. You can find cgiemail in the scripts library section of your control
panel along with some easy to follow instructions. You can easily convert an
existing form to use the cgiemail script, or create a new form.

If you are a VPS or dedicated client it gets a little bit more interesting
because midPhase does not monitor the specific processes running on your
server. Strange behaviors will always attract attention, usually from an
admin, but if you notice something that you think is strange describe the
behavior and send in a ticket. Well how do you notice something strange if you
have no idea how to use a shell? WHM has a few utilities to examine processes.

"show current running processes" - This can show you backdoors spawned via a
vulnerable script:

whm output:
1657 (perl) /usr/bin/perl /tmp/usr/local/apache/bin/httpd

ps output:
nobody 1657 0.0 0.0 5912 1136 pts/3 S 11:34 0:00 /usr/local/apache/bin/httpd

Via ps (unix command to show current processes) this process looks almost
normal (it might look a little more convincing to the trained eye if I didn't
spawn it from a terminal and instead I spawned it from a webserver), however
in WHM it stands out from the other processes because 1) the 'name' and 'exe'
are different than the other httpd processes and 2) the cwd is suspicious
looking. /tmp is a worldwriteable location so its fairly commonplace to find
reminance of exploits there. Anyway, what is it? Who knows it could be
scanning, brute-forcing, an IRC bot or a bindshell. Whatever it is you dont
want it on your server and you dont want it to come back. In an effort to save
space here I think a Q+A in the forums is most appropriate.

And of course no talk about security would be complete without everyone's
favorite activity, log analysis! Seriously though you can find out all sorts
of things by scanning your logs. Your logs can be downloaded via cPanel in the
FTP manager section or possibly the raw access logs section. If you run a
mambo site try searching for the terms: "GLOBALS" "wget" "tmp" "cmd" "exec"
"shell" "pacifico"

I could go on for days about this stuff but I wanted to save some room for
tech cocktail pictures. ;]

November is the first full month into what is traditionally the busy season for web hosting companies. But funny that, midPhase just didn't see a slow season this year! It just keeps getting busier and busier, a frantic pace that quickens the pulse and exhilarates the senses. We've added a whole bunch of features as well as a couple staffers but never fear, there's always more to come!