Friday, 23 September 2016
From September 13th to September 16th 2016 our operations team received alerts that our managed DNS servers came under a distributed denial of service attack or DDoS for short. These types of attacks are nothing new to us here at Thexyz and in 2015 we made quite a few improvements to protect us from DDoS which you can read about here. We also recently assisted law enforcement after an unsuccessful extortion attempt from the Armada Collective.
Thexyz will not and does not respond to extortion attempts. We have dealt with DDoS attacks in the past, and just last year made immense improvements to our infrastructure to combat DDoS attacks.
What is a DDoS attack?A Distributed Denial of Service attack is where a criminal uses a large number of computers to send requests to particular website or IP address. If they can send enough requests, it will use up all the target’s resources and the site will appear to be offline.
Even if a DDoS attack is successful in knocking a website offline, it does not lead to data being compromised or lost. It is more like being stuck in a really bad traffic jam and unable to reach your destination until the traffic clears up.
Why would someone attack Thexyz?Since November of 2015, there have been extortion demands sent to various email providers, including Fastmail, Runbox, Hushmail, Zoho and ProtonMail. By doing so they are counting on the network not being able to cope with the attack and hoping that they will just pay the ransom to prevent. In one attack, ProtonMail did pay after several days of disruptions, although this did not end the attack.
What is Thexyz doing to stop it?We have been working with our data center and upstream providers to ensure we have strong mitigation for various DDoS scenarios so we are ready to adapt. We have also notified our local police department in Toronto who have been working with international law enforcement agencies that worked on previous attacks.
Our System Operations Team started receiving alerts for our Managed DNS service which saw about 20-25k QPS on each node i.e 5X more than our normal traffic. Support staff received multiple reports from people who could not access our website or webmail site. We immediately started mitigation via Neustar and tried to bring down the QPS count by evaluating tcpdump in order to identify any unusual pattern. We also moved all our traffic via all the 16 IPs and put them under mitigation with only Port 53 as allowed as it is used for UDP/TCP. This brought the QPS count under control and the alerts started to clear up.
Connectivity issues were sporadic yet repeatable. One of the major issues that we faced with this attack was the attack vector kept changing and making the necessary changes with the mitigation filter template took time as we needed to improvise every filter in real time. Since the QPS count didn’t show drastic improvement even after Neustar dropping 960K PPS and 350 Mbps traffic, we decided to cancel the mitigation and spread the load across all our datacenters and deployed legacy mitigation at each one. This plan worked initially but had its own pitfalls - We had to quickly move back to Neustar as another attack would have put this temporary setup under jeopardy. We had our internal team review the problem and it was decided that increasing our nodes at colo will help to load balance traffic against all available nodes (old & new) after mitigation from Neustar.
What improvements have we made?We are always working to improve your experience. Everyone here at Thexyz is committed to winning your business every day and we do our best to maintain industry leading uptime and reliability. Following this DDoS attack, we are making the following improvements.
- Terminate traffic with multiple GRE tunnels, instead of just one. If this can be done, all DNS traffic need not be pointed on our DNS nodes in one DC and can be spread out to multiple locations.
- Network stack optimizations on DNS servers, to accept more packets.
- Cross check current DNS server and verify if any optimizations can be done to increase the DNS throughput.
Thursday, 8 September 2016
Attach Dropbox Files Into Thexyz Webmail With A Single Click
Now you can find the new Dropbox integration app inside Webmail simply compose a new email message on find the Dropbox icon. The first time you use the Dropbox app you will need to add your Dropbox account, if you don't have a DropBox account you can sign up for a free account here. The Dropbox app integration compliments already existing Jenner integration odd compliments existing generous file attachment limit of 50 megabytes. This will allow you to send large files without having to share through the Dropbox interface, all of your Dropbox files will be accessible through the Dropbox app within webmail.
Here at Thexyz we are focusing on integrating popular services with our platform. This will allow you to manage these popular services within your account at Thexyz.
How it works
1. You will find the Dropbox app in the Compose new message window.
2. Once you have authenticated your account you can add files with a click.
Thursday, 1 September 2016
With the evolution of app development, one of the most popular dev tools – Git, which every 4 out of 5 developers will expect you to provide, is now enabled on on Thexyz Servers.
What is Git?Git was created by Linus Torvalds who is also the author of the Linux kernel. Git is a basically a distributed version control system used for software development purposes.
Linus jokingly named it “Git” – a British slang word for an “unpleasant person”.
As a version control system, Git manages and stores revisions for all types of projects, including code files, text, image, etc. It keeps “snapshots” of every change in the project’s history, so you will not risk overwriting.
This way, there will be no need for a developer to make a new server connection for every single change they make.
What is Git mostly used for?A developer would often use Git to set up a preview version of the website or app they are working on to test them out on the production server, or even on a different test/staging server.
To use Git on a web server for testing purposes, a developer will need to first create a Git repository on their local machine and then set up a cloned Git repository on the server.
Using Git repository hosting platforms like GitHub, developers can test their projects in a web-based graphical environment:
The use of SSH eliminates the need for deploying a daemon service on the server to push requests, which is one of the main security concerns of web hosts.
Using Git to deploy a simple script or an entire app on a web hosting server is a fast and easy way to spread that version controlled content over a few web hosting accounts at the same time.
This will save developers all the hassle of uploading the content to all the accounts successively over FTP. The same holds true for updates – instead of having to use FTP to upload script or app updates to each web hosting account separately, the developer will just need to push an update from the Git repository with a simple Git+SSH command.
How to create a Git repository on a web server?With Git now supported on our web hosting platform, you will be able to create your own repository directly on the server where your websites are located, instead of using third-party services like GitHub.
First of all, you will need to have SSH access enabled for your web hosting account.
We include SSH access by default with the Enterprise and with all VPS and dedicated server solutions on our platform. With all other packages, SSH is available as an upgrade.
Example UsageHere, we’ll examine a very basic Git repository usage scenario that will allow us to track and deploy a local (as in residing on our workstation) copy of a dev app in our production environment on the hosting web server.
Step 1: Prepare the remote (web server) Git and SSH environmentsLet’s assume that our production app directory resides in ~/www/my-domain.tld/ and that our Git repository is located in ~/git_repos/my_app/.
We need to execute the following in our web server environment:
$ ssh email@example.com -p 2222
$ mkdir -p ~/git_repos/my_app $ cd ~/git_repos/my_app $ git init
Now we need to tell Git to accept pushes to our working directory (~/www/my-domain.tld/):
$ git config receive.denyCurrentBranch ignore
$ editor_of_your_choice ~/git_repos/my_app/.git/hooks/post-receive
#!/bin/sh GIT_WORK_TREE=~/www/my-domain.tld/ git checkout -f
$ chmod 0750 ~/git_repos/my_app/.git/hooks/post-receive
$ mkdir -m 0700 ~/.ssh/ $ touch ~/.ssh/authorized_keys $ chmod 0600 ~/.ssh/authorized_keys
Step 2: Prepare the local (workstation) Git and SSH environmentsLet’s assume that the app you’re developing resides in ~/projects/my_app/ and contains only one example file: index.php – we’ll set up a Git repository in the same directory:
$ cd ~/projects/my_app/ $ git init $ git add index.php $ git commit -m 'initial version' $ git remote add origin firstname.lastname@example.org:git_repos/my_app
$ ssh-keygen -t rsa -b 4096
Create a ~/.ssh/config file and add the remote host info:
Host my-domain.tld Port 2222 PreferredAuthentications publickey,password
Now add the SSH public key to the production environment:
$ cat ~/.ssh/id_rsa.pub | ssh email@example.com "cat >> ~/.ssh/authorized_keys"
Step 3: Deploy your app’s code to productionNow we only need to push my_app’s code into production via Git:
$ git push -u origin master.
Git is enabled by default with all Thexyz Server-managed hosting solutions including:
Attach Dropbox Files Into Thexyz Webmail With A Single Click Now you can find the new Dropbox integration app inside Webmail simply...
From September 13th to September 16th 2016 our operations team received alerts that our managed DNS servers came under a distributed den...
We tested a bunch of FTP clients for iOS devices and found these to be the best. Most of them cost between $1 to $5 but we found the small p...
With the evolution of app development, one of the most popular dev tools – Git, which every 4 out of 5 developers will expect you to...
In recent months, Touchdown has been purchased by Symantec and the development has been put on hold. It is only iOS devices like an ...
- ▼ September 2016 (3)
- ► 2015 (34)
- ► 2014 (40)
- ► 2013 (41)
- ► 2012 (43)
- ► 2011 (69)
- ► 2010 (52)
- ► 2009 (12)