Official Blog

How to modify hosts file

2018-08-13T08:20:00-05:00

Each operating system has a hosts file that allows you to overwrite IP addresses returned for domains/hosts from DNS server or assigning other names or aliases to IP address. Hosts files are widely supported and have been for name resolution prior to DNS servers, hosts files grew to massive sizes and had to be kept somewhat in sync. This comes in very handy if you want to preview your website on a new server after migration before updating your main domain DNS server records or simply lets you work on the website using a domain name that isn’t yet registered or using temporary URL’s. Changes to hosts file only affect the computer on which they are made.

Hosts file syntax is the same across all platforms. To modify your hosts file simply edit it like so

1.2.3.4 domain.com www.domain.com server.domain.com server

and save your changes. As a result of which any request made from that computer to any of those names will be sent to the server with IP address 1.2.3.4 regardless of what address is returned for domain.com or www.domain.com or server.domain.com or server by DNS server.

Hosts file editing instructions for specific operating systems

Windows 8 & 10

Press the Windows Key, in the search box type Notepad then right click on its icon in the search result and select Run as administrator.
When in Notepad click File - > open and hosts file located in C:\Windows\System32\Drivers\etc\hosts
Make your changes and click File - >Save for them to take effect.

Windows Vista & 7

Click Start -> All Programs -> Accessories then right-click on Notepad icon and select Run as administrator.
When in Notepad click File -> Open and select C:\Windows\System32\Drivers\etc\hosts.
Make your changes and don’t forget to save then File -> Save for them to take effect.

Linux

The hosts file is a system file thus requires root privileges to make changes. In a root terminal window using your preferred editor make your changes to /etc/hosts file much like so

vim /etc/hosts

Save your changes for them to take immediate effect.

Mac OSX

Open Applications -> Utilites -> Terminal in the terminal window edit /private/etc/hosts file like so

vi /private/etc/hosts

Make your changes and don’t forget to save them. For changes to take effect DNS cache needs to be flushed with command

dscacheutil -flushcache

How to change default SSH port

2018-08-08T04:47:00-05:00

Secure Shell communication by default takes place over TCP/IP protocol port 22 which doesn’t make it insecure by default. However, it’s common practice to change the default port to a nonstandard one. The reasoning for this is simply that while changing the default port doesn’t eliminate any service attack vectors it does limit the noise generated by automated attacks such as possible exploits attempts and very common brute force password guessing attacks made by bots to default service ports when scanning wide network ranges. SkylineServers recommends only permitting access through the firewall to SSH port to a set of trusted IP address for even better security access controls.

Warning: Do not lock yourself out

Before changing SSH port you need to take a couple precautionary steps to make sure you don’t lose access to the server over SSH in the process.

SElinux

Check if the server has SELinux, AppArmor or other similar system enabled as it will prevent sshd from opening other network port than policy allows, you can check this with

getenforce
apparmor_status

If the server does, in fact, enforces SELinux policies you will need to adjust it’s policy as well like so:

semanage port -a -t ssh_port_t -p tcp 22222

where 22222 is our new port.

Firewall

Double and triple check server firewall rules and adjust them as needed to permit SSH connections to new port as well. Your firewall configuration may vary. If your server is running firewalld you can make adjustments like so assuming public is the default zone configured in it.

firewall-cmd –permanent –zone=public –add-port=22222/tcp

and later (after testing ssh works on a new port you can remove old/default port rule with

firewall-cmd –permanent –zone=public –remove-service=ssh

Because we are using –permanent switch firewalld needs to be restarted to apply new rules with

service firewalld restart

After ensuring the above precautions we can now go on to actually change the sshd port. On a Linux server changing ssh service port is a very straightforward process, simply edit SSH server configuration file located in /etc/ssh/sshd_config and with your preferred editor much like so

vi /etc/ssh/sshd_config

change the default Port 22 to Port 22222 and save changes. You will need to restart sshd for it to reload configuration with

service sshd restart

Don’t forget to reflect the new port change on the client end when making a new connection.

ssh user@server.domain.com -p 22222
scp -P 22222 file user@server.domain.com:file

If you’re using fail2ban or other form or automated brute force protection mechanisms it’s configuration might need to reflect new SSH port as well.

Let’s Encrypt free SSL certificates available on all hosting plans

2017-04-06T01:00:01-05:00

We’re excited to announce that Free SSL certificates from Let’s Encrypt are now available on all of our hosting plans. Let’s Encrypt is a free, automated, open Certificate Authority (CA) offering free domain validated SSL certificates to the public benefit in an effort to make web browsing more secure. Web site running over SSL is not only more secure and trustworthy but also gets higher search engines ranking

Key Features of Let’s Encrypt SSL Certificates are:

it’s absolutely free
no validation emails to click through
no dedicated IP addresses required
trusted by all major browsers
autorenewal
easy to setup

To take advantage of Free SSL certificate simply navigate to your cPanel server interface SSL/TLS section or contact our support department for assistance.

Let’s Encrypt!

Simple offsite FTP/SFTP backups script

2017-03-09T01:34:00-06:00

Data backup and restore policies are critical to any business operations. Some hosting providers offer complementary emergency backup service for their clients or offer backup storage at additional cost. This is great to have in case of emergency as those can be restored usually in the least amount time needed. However often (but not always) being in same physical location as servers not providing any needed physical redundancy. Sometimes complementary backups do require additional configuration so don’t assume because web host offer says they’re included on our invoice you have all the backups you need. Hosting companies emergency backups are usually done less frequently, once a week seems to be a norm which can be a problem when latest backup for restore is 6 days old. Many times those emergency backups work on large data sets/entire virtual disk images thus making it harder to get a consistent point in time backup without causing service disruption to server thus posing a challenge in their consistency and reliability if its restore is even possible in the first place. If your server is terminated because of some billing or abuse issue chances are backups is as well, if a fire or natural disaster strikes the data center, hosting account or company is compromised and all your server data and backups gone or is hit with ransomware are you going to be able to recover and bring things back online? Do you think relying on hosting provider backup is sufficient?

We strongly encourage setting up and test proper backup and recovery policies in place. One of the simplest solutions to ensure reliable automated backup with redundancy anyone can implement them selfs in minutes is to periodically perform backup and sync to FTP/SFTP account in a separate location for redundant storage. A low budget option could be using another server you already have elsewhere with some extra space or purchase FTP backup storage space from one of many providers out there. The advantage of this solution is its simplicity and availability that you can access your data from anywhere anytime and don’t need a client software/agent software/license like many incremental backups solutions do in order to access the data in case the need of restore on a new server. The disadvantage of FTP backups is that it consumes more network bandwidth over incremental backups solutions thus SFTP option is recommended to maximize bandwidth efficiency with this method through more efficient synchronization process with rsync. Many servers hosting control panel like cPanel for example run on servers already have built-in intuitive options for enabling automated FTP/SFTP backups on the servers all you need to do is enabled them set credentials and server for remote backup storage schedule and what to back up and be done in seconds. If you’re not running any control panels it’s just as quick to setup as well with the little help of the simple and configurable FTP backup shell script we include below. It stores backup locally on the server (for fastest restore if still possible in some cases) and syncs it to the offsite storage location, it can be easily tuned to only do one of the two. other budget storage options could also be used instead of FTP/SFTP like S3, Dropbox for example. Script relays on OS packages to perform database backups, compression and FTP or SFTP sync thus we need to ensure we have those installed for it to work correctly, this can be simply done with following with keeping in mind lftp is only needed for FTP storage type and sshpass and rsync for SFTP storage type. The script will run on any major Linux/BSD distributions.

CentOS/RedHat

yum install -y sshpass rsync mysql-client

Debian/Ubuntu

apt-get install sshpass rsync mysql-client lftp

Backups script needs to be placed on the server with correct permissions first and configured for operations, it contains sensitive information like user credentials and needs root level access to run to ensure all access to files thus /root/bin/backup.sh might be a good choice.

backup.sh - Offsite FTP/SFTP backup script

#!/bin/bash
# https://skylineservers.com
  
# CONFIGURATION START
RETENTION=7 # how many days back to store the backup for
WHAT_TO_BACKUP="/home /etc /root" # directories on the server to be included in backup archive
MYSQLBACKUP=1 # 0/1 disable/enable mysql backup for all databases
DBUSER="username" # mysql username used for bacup
DBPASSWORD="password" # mysql user password used for backup
DBSERVER="127.0.0.1" # mysql server ip/hostname
TYPE=SFTP # offsite backup type possible options are FTP and recomended SFTP
SERVER="server.com" # offsite storage server hostname/ip
USERNAME="username" # offsite storage server username
PASSWORD="password" # offsite storage server user password
SFTPD_PORT="22" # option for specyfing custom port for SSH on the offsite servver
BACKUPDIR=/backup # local server directory to keep local backups in for fast restore
# CONFIGURATION STOP
   
DATESTAMP=`date +%d%m%y`
 
# create directory structure
/bin/mkdir -p ${BACKUPDIR}/${DATESTAMP} &&
  
if [ $MYSQLBACKUP = 1 ];then
 for i in $(mysql -u $DBUSER -p$DBPASSWORD -h $DBSERVER -Bse 'show databases;' | grep -v _schema) ; do
  mysqldump -u $DBUSER -p$DBPASSWORD -h $DBSERVER $i | gzip -c > ${BACKUPDIR}/${DATESTAMP}/$i-${DATESTAMP}.sql.gz
 done ;
fi
  
if [ "$WHAT_TO_BACKUP" ]; then
    tar -zcf ${BACKUPDIR}/${DATESTAMP}/backup-${DATESTAMP}.tgz $WHAT_TO_BACKUP;
fi
  
if [ $TYPE == "FTP" ];then
    lftp -q -u "${USERNAME},${PASSWORD}" $SERVER -e "set ftp:ssl-protect-data true; mkdir -p ${BACKUPDIR}/${DATESTAMP}; mirror --parallel=3 -n -R ${BACKUPDIR}/ ${BACKUPDIR}/; exit" 2>>/var/log/backupscript.log
elif [ $TYPE == "SFTP" ]; then
    rsync --rsh="sshpass -p $PASSWORD ssh -p $SFTPD_PORT -o StrictHostKeyChecking=no -l $USERNAME" -r --delete ${BACKUPDIR}/ $SERVER:~${BACKUPDIR}/
fi
  
find $BACKUPDIR/* -type d -mtime +$RETENTION -exec sh -c 'echo rm -rf "$1" | sh' -- {} \;

Configuration is straightforward and limits to changing the configuration variables in the script as explained in comments. Script contains sensitive information thus it’s critical to ensure correct permissions for it.

chmod 700 backup.sh

This would be a good time to run the script by hand and check everything is being backed up and uploaded to remote location correctly.

To ensure automatic execution server needs a cron job added as well, below is a daily backup at 3:30 AM example:

crontab -e
30 3 * * * /root/bin/backup.sh

There are better, more advanced systems that include features like incremental backup, data deduplication, encryption, bare metal restore and much more. Most backup solutions are reasonably priced depending on the end user needs. Main factors to consider when choosing offsite backup provider are the amount of data to be stored, how long will it be kept for, what’s the acceptable recovery time? We advise against completely relying on hosting provider for backups. those are nice to have however to provide sufficient level of redundancy allowing to recover from data loss prompts for multiple backups in separate physical locations. Keeping a local copy of data on a separate computer also might be acceptable for some as well. Never the less always ensure sufficient backup of critical data so that you have access to it at all times.

Is your SSL certificate still compatible with the browsers your clients are using?

2015-10-14T10:00:00-05:00

With the busy on-line shopping season coming up slowly ensure you’re not missing out on sales opportunities with SSL certificate that guarantees 99,9% browser compatibility, a lot has been going on in the SSL world last year. For example Google and other removed support for old SHA-1 certificates. Also last year Google changed their ranking system for organic searches slightly improving positioning of sites served over SSL. Nowadays SSL certificate not just improves your trust but also helps bring in more traffic to your site. If you’re still using smaller 1024 bit keys you should replace them with stronger versions and re-sign your certificates as soon as possible. We recommend using large key sizes at least 2048 bit RSA or 256bit ECDSA keys. We still see a lot of servers running weak ciphers or running SSLv3 for example leaving them vulnerable to a famous poodle or other attacks.

SSL certificates imply a lot more trust from the client that the transmission of personal information to your site is encrypted and secure. If you run an online store perhaps you want to consider going the extra step with Extended Validation certificate for the well-known web browser green bar instantly boosting user trust helping your store conversion rates.

We’re being asked a lot won’t SSL slow down my website? To answer this concern we’ll simply put it this way, SSL does generate extra overhead on the server CPU and can affect server overall load by few percent under traffic compared to unencrypted traffic. The benefits of encrypted private transmission between the site and the client web browser, and trust it builds generally outwit slightly higher resource requirements.

With those revolutions mentioned Skyline Servers would like to offer SSL certificate installation/update service on all Linux/BSD based servers for any applications. We are pairing that with an additional 10% OFF it and all SSL certificates with promo code “SSLFORALL”. This offer will expire on December 24th.