How to Install Python on Windows

Reading Time: 2 minutes

Python is a popular programming language for developing applications. The Python design philosophy emphasizes code readability and focuses on clear programming for both small and large-scale projects. Python allows you to run modules and full applications from a large library of resources (or even applications you write yourself) on your server. Python works on a number of popular operating systems, including Windows Server OS.

Continue reading “How to Install Python on Windows”

Install vsftpd on Ubuntu 16.04

Reading Time: 3 minutes

Installing vsftpd allows you to upload files to a server, the concept is comparable to that of Google Drive.  When you invite specified users to your Google Drive they can create, delete, upload and download files all behind a secure login. Vsftpd is excellent for company’s looking for an alternative to Google Drive or for anyone who wants to create a robust server. This “Very Secure File Transfer Protocol Daemon” is favored for its security and speed and we’ll be showing you how to install vsftpd on an Ubuntu 16.04 LTS server.

 

Pre-Flight Check

  • These instructions are intended specifically for installing vsftpd on Ubuntu 16.04.
  • You must be logged in via SSH as the root user to follow these directions.
Warning:
FTP data is insecure; traffic is not encrypted, and all transmissions are clear text, including usernames, passwords, commands, and data. Consider securing your FTP connection (FTPS).

Step 1: Updating Apt-Get

As a matter of best practices we update apt-get with the following command:

apt-get update

Step 2: Installing Vsftpd

One command allows us to install vsftpd very easily.

apt-get -y install vsftpd

Step 3: Configuring Vsftpd

We’ve installed vsftpd, and now we will edit some options that will help us to protect the FTP environment and enable the environment for utilization. Enter the configuration file using the text editor of your choice.

vim /etc/vsftpd.conf

Change the values in the config file to match the values below and lastly, save exit by typing

:wq

 

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
ascii_upload_enable=YES
ascii_download_enable=YES

 

Click Here for a Further Explaination on Each Directive
Anonymous_enable: Prohibit anonymous internet users access files from your FTP. Change anonymous_enable section to NO.

Local_enable: If you have created users you can allow these users to log in by changing the local_enable setting to YES.

Write_enabled: Enable users the ability to write the directory, allowing them to upload files. Uncomment by removing the # in from of write_enabled:

Chroot jail: You can “chroot jail” local users, restricting them to their home directories (/home/username) and prohibiting access to any other part of the server. Choosing this is optional but if you state YES follow the steps in Step 4 for removing write privileges and making their own directory for uploads. If you select NO, the user will have access to other directories.

Step 4: Editing Permissions for a User

If you have an existing or new user that is not able to connect, try removing write privileges to their directory:

chmod a-w /home/username

Step 5: Creating the User a Directory

Create a directory just for FTP, in this case, and we are name it files. Afterward, this user will be able to upload and create files within the files folder:

mkdir /home/username/files

Step 6: Accepting FTP Traffic to Ports

There are a few ways to open ports within a server, below is one way of opening port 20 and 21 for FTP users to connect.

Note
Directly passing iptable commands, like below, can break some firewalls. In whichever method you choose to edit your iptables ensure that port 20 and 21 are open.

iptables -I INPUT 1 -p tcp --dport=20 -j ACCEPT

iptables -I INPUT 1 -p tcp --dport=21 -j ACCEPT

Step 7: Restarting the Vsftpd Service

Restarting vsftpd enables changes to the file (step 3) to be recognized.

service vsftpd restart

Step 8: Verifying Vsftpd

Now for a little fun, let’s connect to our FTP to verify it is working.

ftp 79.212.205.191

Example Output:

ftp 79.212.205.191
Connected to 79.212.205.191.
220 Welcome to FTP!
Name (79.212.205.191:terminalusername):<enter your FTP user>

You’ll also be able to connect via an FTP client, like Filezilla, using the IP address of your hostname and leaving the port number blank.  Take it for a spin and try to upload a file or write a file. If you enabled the chroot jail option, the user should not be able to go to any other parent directory.

 

Malicious Activity Detector (MAD) for Windows

Reading Time: 3 minutes

One of the simplest goals of server security is keeping administrator credentials private. There is no better way to achieve this than through strict firewall rules that only allows specific IPs to authenticate. However, there are some situations where it is necessary to open a login prompt to the broader Internet. In this case, the only thing barring anonymous internet users from unauthorized access is your password. The stronger your password, the better off you are, but even the most cryptic passwords can be guessed given enough tries.

Malicious Activity Detector (MAD) helps protect you in these instances. It functions by monitoring login attempts to several services, and if it detects malicious activity, it applies a temporary block on that IP. If more attempts come in, the block continues to last longer. This method is exceptionally effective in preventing a successful brute-force attack while limiting the number of system resources expended.

 

Installation of MAD

Depending on the configuration and age of your server, you may already have it installed. Check the installation status by looking for an item in your Start Menu shown below.

Installing Liquid Web's Malicious Activity Detector for Windows tightens security for you server.

The program path is C:\Program Files (x86)\Liquid Web\MAD\MADGUI.exe

You may also check if “MAD.exe” is running from your Task Manager. If you don’t see it there, please Contact Support so that we may get it up and running for you. Once running,  we can move on to the configuration.

 

Note:
MAD will be installed on all Windows servers by default in the future.

 

Configuring MAD

MAD’s default settings offer protection for the most vulnerable services, and extra configuration is not required. That said, you may find yourself wanting to change its behavior, and we’re happy to give you the tools you need.

Let’s start with the most common change you may want to make: whitelisting and blacklisting. Opening the MAD Configure utility will get you on the right page. From here, you only need to choose the radio button for the list you want to modify, enter the IP, and click the button. You can remove entries in either list by right-clicking. This page also allows you to start or restart the service, but you shouldn’t need to use those functions.

The List tab easily let's you add in blacklisted or whitelisted IPs.

The next page is where most options are located. All of the service scanners list three choices for each: Enabled/Disabled, BlockThreshold, and Retention.

Our Malicious Activity Detector allows you to adjust settings for maximum security.

Enabled/Disabled -You may want to disable scanners for services that you do not have installed, but it is generally recommended to leave all options enabled due to minimal performance cost.

BlockThreshold – This setting controls how many ‘strikes’ it takes to be blocked. These are set fairly high by default to avoid affecting legitimate users, but you may want to lower the threshold to increase MAD’s sensitivity.

Retention -This refers to the size of the window that MAD looks at to determine if a user has met the BlockThreshold in seconds. By default, this is set to 300 (five minutes).

Example:
Set your BlockThreshold to 10 and your Retention to 300. If 9 failed attempts occurred at 12:00 and a failed attempt occurs before 12:05 it will be blocked. By 12:06 you will be in a new period and will be able to attempt 9 more times before being blocked.

PermaBlock – Sometimes robots can’t take the hint after being temporarily blocked several times in a row. The PermaBlock list remedies this situation. By default the retention period is 2 hours, this scanner checks for IPs that have been temp blocked five times (or your custom BlockThreshold). If it gets a hit, it does as the name implies and adds it to your blacklist, where it is managed much like manual entries.

AuditPolicy – This setting determines if MAD is allowed to edit your login event auditing policy. Disabling AuditPolicy is not recommended and may prevent MAD from working as intended.

TempBlockTimeout -When a block is triggered on one of the scanners the offending IP address will be blocked for this amount of time. Measured in seconds with a default setting of 900 (15 minutes).

 

Reviewing MAD Logs

MAD creates logs of all of the actions that it takes. It is good practice to review them regularly to see what has been going on. For example, if a certain service seems to be getting attacked more often than others you may want to consider hardening your firewall rules or MAD’s configuration itself.

Our Malicious Activity Detector keeps logs of anyone attempting to connect to your Windows server.

MAD also creates events in Windows Event Viewer under the ‘Applications and Services Logs’ folder. These events are most helpful for long-term investigation, as the folder will hold historical data for quite some time.

MAD also creates Events for long-term investigation, as the folder will hold historical data.

MAD for Windows is an excellent tool in your security arsenal, but a proactive plan is always better than a reactive one. We recommend utilizing Windows Firewall to ensure that only things that must be publicly accessible are. For further reading on security visit some of our other articles:

Security for Remote Desktop
Best Practices for Your Firewall

Reverse DNS Lookup

Reading Time: 3 minutes

DNS is typically used to resolve a domain name to an IP address. This act is known as a forward resolution and enacted every time you visit a site on the internet. Reverse DNS (rDNS), as its name implies, is a method of resolving an IP address to a domain name.

The DNS records used for resolving an IP address to the domain name are known as pointer (PTR) records. A particular type of PTR-record is used to store reverse DNS entries. The name portion of the PTR-record is the IP address with the segments reversed and “.in-addr.arpa” added at the end of the record. The “.in-addr.arpa” portion of the record refers to the “address and routing parameter area” (arpa). rDNS uses “in-addr.arpa” for IPv4 and “ip6.arpa” is used for IPv6 addresses.

For example, the reverse DNS entry for IPv4 IP “1.2.3.4” would be “4.3.2.1.in-addr.arpa”.

 

The use of reverse DNS is for the same reason as standard (forward) DNS. It is easier to remember and identify a domain name than a string of numbers. rDNS is less critical than forward DNS, as forward DNS records are required to load up a website. Sites will still load fine in the absence of a reverse DNS record.

Email Servers commonly use rDNS to block incoming SPAM messages. Many mail servers are set to automatically reject messages from an IP address that does not have rDNS in place. Though the rDNS record can block spam, it is not a reliable means and is used mostly as an extra layer of protection. It is also important to note that merely enabling rDNS can still result in rejected messages due to a variety of reasons.  Additionally, rDNS is also used in logging to help provide human readable data rather than logs consisting entirely of IP addresses.

 

Reverse DNS lookups query the DNS servers of a domain for a PTR (pointer) record. If the domain’s DNS server does not have a valid PTR record setup, it cannot resolve a reverse lookup.  However, if a domain does have a PTR record, you can do a rDNS Lookup by using the method below.

 

Numerous online tools can be used to perform a rDNS lookup. A few examples of these online tools are linked below:

https://mxtoolbox.com/ReverseLookup.aspx

https://www.whatismyip.com/reverse-dns-lookup/

https://www.iplocation.net/reverse-dns

 

You can also perform a rDNS lookup manually from command line. In Linux, the command you would use is “dig” with the added “-x” flag. 

If you are on a Windows computer, you would typically use the “nslookup” command, though you could also use “ping -a”. An example of the Linux command and its output shown below:

dig -x 8.8.8.8

 

Output:

;<<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36810
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa. IN PTR
 
;; ANSWER SECTION:
8.8.8.8.in-addr.arpa. 21599 IN PTR google-public-dns-a.google.com.
 
;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 18 11:58:54 EDT 2018
;; MSG SIZE  rcvd: 93

 

You can see the full rDNS PTR record for that IP in the “ANSWER SECTION” leading 8.8.8.8 back to the Google subdomain, google-public-dns-a.google.com :

8.8.8.8.in-addr.arpa. 21599 IN PTR google-public-dns-a.google.com.

Liquid Web makes it easy to set up and manage rDNS for your servers IPs. Just follow the steps outlined in our Knowledge Base article below:

https://www.liquidweb.com/kb/using-manage-to-update-reverse-dns/

 

Setting up a reverse DNS record is straightforward and can be beneficial to ensure that an IP does indeed belong to the domain it claims. If you are unsure who your DNS provider is, follow our helpful guide in locating where you should add the rDNS record.

What is mod_deflate?

Reading Time: 3 minutes

How mod_deflate works

When a visitor accesses a website, a request is made to the web server for a specific kind of data. An example might be a home page of a site. Next, the web server locates that data and delivers it to the client who is requesting that data – basically back to the web browser.

In this example, the speed at which the home page loads can depend on a variety of factors. One of them could be how long it takes to find and deliver the data for that page. This is just one example.

Some of that data – such as javascript files, css files, and php files – can actually be compressed into smaller sizes before they are delivered back to the visiting client or browser at the smaller size. The visitor can now have a more optimized browsing experience.

This is where mod_deflate comes in.

Continue reading “What is mod_deflate?”

Upgrading PHP on Windows

Reading Time: 1 minute

Performing an upgrade to PHP on Windows Server

Keeping your software and applications up to date is a crucial part of maintaining security and stability in your web hosting systems. Unfortunately, updating system components and back-end software can sometimes be a frustrating and a difficult process. However, thanks to Microsoft’s Web Platform Installer, upgrading PHP on a Windows server with IIS is as simple as a few clicks.

Continue reading “Upgrading PHP on Windows”

How to Use a Remote Desktop

Reading Time: 2 minutes

Remote Desktop Protocol or RDP provides access to your Windows Server’s operating system from your desktop, workstation machine, mobile device or laptop. The connection to your server will be encrypted and it offers some enhancements that allow you to attach local drives and devices.

Most modern Operating Systems have support for Remote Desktop. A Remote Desktop Client made by Microsoft is available in the Apple Appstore, the MacOS store, Google Play, the Chrome Web Store for ChromeOS and of course in the Windows Store. On Linux you may need to download a 3rd party option such as RDesktop or FreeRDP which you can get through a repository or it will be pre-installed on some distro’s.

Continue reading “How to Use a Remote Desktop”

Configuring and Troubleshooting WHMCS Crons

Reading Time: 3 minutes

Over the years WHMCS has made some changes to where it stores certain directories, specifically directories outside of public_html. The goal of this is to increase overall security by moving sensitive files to a more protected location. While this change does help to improve WHMCS security, it also adds a few steps of complexity.

This article is meant to help simplify this complexity, or at least provide a reference configuration that you can use to troubleshoot cron issues, or gain a better understanding of WHMCS crons in general. I used WHMCS 7.3 for this article, but the general concept and instructions should apply for any 7.0 version of WHMCS.
Continue reading “Configuring and Troubleshooting WHMCS Crons”