Friday, 23 September 2016

From September 13th to September 16th 2016 our operations team received alerts that our managed DNS servers came under a distributed denial of service attack or DDoS for short. These types of attacks are nothing new to us here at Thexyz and in 2015 we made quite a few improvements to protect us from DDoS which you can read about here. We also recently assisted law enforcement after an unsuccessful extortion attempt from the Armada Collective.
Thexyz will not and does not respond to extortion attempts. We have dealt with DDoS attacks in the past, and just last year made immense improvements to our infrastructure to combat DDoS attacks.

What is a DDoS attack?

A Distributed Denial of Service attack is where a criminal uses a large number of computers to send requests to particular website or IP address. If they can send enough requests, it will use up all the target’s resources and the site will appear to be offline.

Even if a DDoS attack is successful in knocking a website offline, it does not lead to data being compromised or lost. It is more like being stuck in a really bad traffic jam and unable to reach your destination until the traffic clears up.

Why would someone attack Thexyz?

Since November of 2015, there have been extortion demands  sent to various email providers, including Fastmail, Runbox, Hushmail, Zoho and ProtonMail. By doing so they are counting on the network not being able to cope with the attack and hoping that they will just pay the ransom to prevent. In one attack, ProtonMail did pay after several days of disruptions, although this did not end the attack.

What is Thexyz doing to stop it?

We have been working with our data center and upstream providers to ensure we have strong mitigation for various DDoS scenarios so we are ready to adapt. We have also notified our local police department in Toronto who have been working with international law enforcement agencies that worked on previous attacks.

Our System Operations Team started receiving alerts for our Managed DNS service which saw about 20-25k QPS on each node i.e 5X more than our normal traffic. Support staff received multiple reports from people who could not access our website or webmail site. We immediately started mitigation via Neustar and tried to bring down the QPS count by evaluating tcpdump in order to identify any unusual pattern. We also moved all our traffic via all the 16 IPs and put them under mitigation with only Port 53 as allowed as it is used for UDP/TCP. This brought the QPS count under control and the alerts started to clear up.

Connectivity issues were sporadic yet repeatable. One of the major issues that we faced with this attack was the attack vector kept changing and making the necessary changes with the mitigation filter template took time as we needed to improvise every filter in real time. Since the QPS count didn’t show drastic improvement even after Neustar dropping 960K PPS and 350 Mbps traffic, we decided to cancel the mitigation and spread the load across all our datacenters and deployed legacy mitigation at each one. This plan worked initially but had its own pitfalls - We had to quickly move back to Neustar as another attack would have put this temporary setup under jeopardy. We had our internal team review the problem and it was decided that increasing our nodes at colo will help to load balance traffic against all available nodes (old & new) after mitigation from Neustar.

What improvements have we made?

We are always working to improve your experience. Everyone here at Thexyz is committed to winning your business every day and we do our best to maintain industry leading uptime and reliability. Following this DDoS attack, we are making the following improvements.
  • Terminate traffic with multiple GRE tunnels, instead of just one. If this can be done, all DNS traffic need not be pointed on our DNS nodes in one DC and can be spread out to multiple locations.
  • Network stack optimizations on DNS servers, to accept more packets.
  • Cross check current DNS server and verify if any optimizations can be done to increase the DNS throughput.
We set out to build a highly resilient Anycast Managed DNS service backing on mitigation services provided by Neustar and this attack was the first one which caused intermittent outages in the course of last 1 year. While we do have some lessons learned and some improvements to make, we continue to be confident that this is the right strategy for us.
Thursday, 8 September 2016

Attach Dropbox Files Into Thexyz Webmail With A Single Click

Now you can find the new Dropbox integration app inside Webmail simply compose a new email message on find the Dropbox icon. The first time you use the Dropbox app you will need to add your Dropbox account, if you don't have a DropBox account you can sign up for a free account here. The Dropbox app integration compliments already existing Jenner  integration odd compliments existing generous file attachment limit of 50 megabytes.  This will allow you to send large files without having to share through the Dropbox interface, all of your Dropbox files will be accessible through the Dropbox app within webmail.

 Here at Thexyz we are focusing on integrating popular services with our platform. This will allow you to manage these popular services within your account at Thexyz.

How it works

1. You will find the Dropbox app in the Compose new message window.

2. Once you have authenticated your account you can add files with a click. 

Thursday, 1 September 2016

With the evolution of app development, one of the most popular dev tools – Git, which every 4 out of 5 developers will expect you to provide, is now enabled on on Thexyz Servers.


What is Git?

Git was created by Linus Torvalds who is also the author of the Linux kernel. Git is a basically a distributed version control system used for software development purposes.
Linus jokingly named it “Git” – a British slang word for an “unpleasant person”.

As a version control system, Git manages and stores revisions for all types of projects, including code files, text, image, etc. It keeps “snapshots” of every change in the project’s history, so you will not risk overwriting.

This way, there will be no need for a developer to make a new server connection for every single change they make.

What is Git mostly used for?

A developer would often use Git to set up a preview version of the website or app they are working on to test them out on the production server, or even on a different test/staging server.

To use Git on a web server for testing purposes, a developer will need to first create a Git repository on their local machine and then set up a cloned Git repository on the server.
Using Git repository hosting platforms like GitHub, developers can test their projects in a web-based graphical environment:

With Git enabled on our web hosting platform, developers will be able to push, pull or clone their projects from GitHub, or any other platform that’s hosting their repository, to one or more web hosting accounts on our servers. This is all best done over SSH, which opens a secure connection and executes Git operations on the server as required.

The use of SSH eliminates the need for deploying a daemon service on the server to push requests, which is one of the main security concerns of web hosts.
Using Git to deploy a simple script or an entire app on a web hosting server is a fast and easy way to spread that version controlled content over a few web hosting accounts at the same time.

This will save developers all the hassle of uploading the content to all the accounts successively over FTP. The same holds true for updates – instead of having to use FTP to upload script or app updates to each web hosting account separately, the developer will just need to push an update from the Git repository with a simple Git+SSH command.

How to create a Git repository on a web server?

With Git now supported on our web hosting platform, you will be able to create your own repository directly on the server where your websites are located, instead of using third-party services like GitHub.

First of all, you will need to have SSH access enabled for your web hosting account.
We include SSH access by default with the Enterprise and with all VPS and dedicated server solutions on our platform. With all other packages, SSH is available as an upgrade.

Example Usage
Here, we’ll examine a very basic Git repository usage scenario that will allow us to track and deploy a local (as in residing on our workstation) copy of a dev app in our production environment on the hosting web server.

Step 1: Prepare the remote (web server) Git and SSH environments

Let’s assume that our production app directory resides in ~/www/my-domain.tld/ and that our Git repository is located in ~/git_repos/my_app/.
We need to execute the following in our web server environment:

$ ssh username@my-domain.tld -p 2222
After you supply your password and are logged in, you may proceed with:

$ mkdir -p ~/git_repos/my_app 
$ cd ~/git_repos/my_app
$ git init
This will initiate the Git repository and will allow us to take advantage of all the ‘goodies’ that the Git tool suite provides.

Now we need to tell Git to accept pushes to our working directory (~/www/my-domain.tld/):

$ git config receive.denyCurrentBranch ignore
The next step is to create a post-receive hook that will help us deploy my_app’s code directly into our working directory:

$ editor_of_your_choice ~/git_repos/my_app/.git/hooks/post-receive
Fill the file with the following contents:

GIT_WORK_TREE=~/www/my-domain.tld/ git checkout -f
Save it and make the hook file executable:

$ chmod 0750 ~/git_repos/my_app/.git/hooks/post-receive
And a small step that will help us set up SSH:

$ mkdir -m 0700 ~/.ssh/
$ touch ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/authorized_keys

Step 2: Prepare the local (workstation) Git and SSH environments

Let’s assume that the app you’re developing resides in ~/projects/my_app/ and contains only one example file: index.php – we’ll set up a Git repository in the same directory:

$ cd ~/projects/my_app/
$ git init $ git add index.php
$ git commit -m 'initial version'
$ git remote add origin username@my-domain.tld:git_repos/my_app
We need to generate a cryptographically strong SSH public/private key pair:

$ ssh-keygen -t rsa -b 4096
This will create two files: ~/.ssh/id_rsa (private key) and ~/.ssh/ (public key).
Create a ~/.ssh/config file and add the remote host info:

Host my-domain.tld
Port 2222
PreferredAuthentications publickey,password
If you already have this file, you only need to update it using the information above.
Now add the SSH public key to the production environment:

$ cat ~/.ssh/ | ssh username@my-server.tld "cat >> ~/.ssh/authorized_keys"

Step 3: Deploy your app’s code to production

Now we only need to push my_app’s code into production via Git:

$ git push -u origin master.
That’s it! Your app (index.php in this example) is now deployed on the remote web server in the ~/www/my-domain.tld/ directory.
Git is enabled by default with all Thexyz Server-managed hosting solutions including:

Subscribe by email

Enter your email address:

Subscribe to more feeds

Trending Posts

Blog Archive


News (65) Web Hosting (48) security (25) Email (19) webmail (19) Advertising (15) Thexyz Cloud (14) Tutorials (13) Video (4) resellers (2)