All posts for the month November, 2014

Social Login for Hosting Control Panel -

Social Login for Hosting Control Panel –


Two months ago, we enabled a social login option for all resellers and shared hosting customers.

Now this capability is also available with all semi-dedicated servers, as well as with all Virtual Private Servers and dedicated servers ordered with the Hepsia Control Panel.

Just like on the shared hosting platform, the social login option works with Facebook, Google+ and Yahoo! social media profiles.

This is a very useful one-login solution for users who manage several accounts, since it will save them from having to work with tons of usernames and passwords.

How to use the social login option

The social login option is available with all semi-dedicated servers, since they use the Hepsia Control Panel by default.

VPS and dedicated customers can take advantage of this option if they choose to use the Hepsia Control Panel with their server at signup.

In the Control Panel, users will be able to quickly link their hosting account(s) with their social media profile(s) and thus gain instant access to their Control Panel anytime they open the Login page.

You can find detailed instructions on how to use the social login option in our previous social login post.

Backend improvements to the social login functionality

Apart from enabling the social login option on all Hepsia-equipped servers, our developers have also made a few essential improvements to the functionality’s backend.

Thanks to a tweak to the interface through which we communicate with the social networks, now the connections between the social media profile(s) and the Control Panel will be 3 times faster than before, which means zero waiting time at login.

Also, a glitch causing occasional connectivity hiccups was smoothed out and now users can stay logged in their social media profiles over a truly stable connection.

Semi-dedicated servers and OpenVZ VPSs in  FinlandSince the new data center in Finland was added to our platform, the number of websites hosted on our shared hosting servers there has been growing steadily because of the favourable conditions and the secure image of the facility.

To open up the cool Finnish facility for the more advanced users, we have also added semi-dedicated servers and OpenVZ VPSs to the list of services offered in the Ficolo data center.

Semi-Dedicated Servers in the Finnish Data Center

You and your customers can enable any of the semi-dedicated server packages (Semi-dedicated 1 or Semi-dedicated 2) by selecting the Ficolo data center on the order form:

Semi-dedicated servers in the Finnish data center

Like with the servers in the SteadFast data center in Chicago, USA, a semi-dedicated server in the Ficolo data center will be set up within a few minutes after the purchase.

OpenVZ VPSs in the Finnish Data Center

Тhe Ficolo data center is ready to accommodate all 10 OpenVZ VPS configurations that we are offering. The prices will remain the same:

OpenVZ VPS servers in the Finnish data center

Like with the OpenVZ VPSs in our US, UK and Australian data centers, the virtual machines in the Ficolo data center will be set up within a few minutes after the purchase itself if they are ordered with the Hepsia Control Panel, and within up to 3 hours – if they are ordered with the cPanel Control Panel.

Did you take some time to market the new super-cool Finnish data center to your customers? If you haven’t done so already, here is a short overview of the data center’s advantages:

>> a disaster-proof geographical location – Finland is a country with an extremely low risk of natural disasters like hurricanes, tsunamis, etc.

>> energy efficiency – a decreased amount of energy is needed for cooling purposes due to the facility’s location in a naturally cool network of underground tunnels; the electricity used by the data center is 100% generated by wind power

>> perfect connectivity conditions – direct connections to major fiber-optic network operators like TeliaSonera, Elisa and DNA; for optimum connection speeds, the Internet connections within the country are routed directly to the end customer through the operator’s network, and to international users – through top-level international Internet gateways.

>> maximum data security – a full range of first-class data security solutions, including CCTV surveillance, mantraps, onsite security personnel, firewalls, etc.

Semi-dedicated servers in the UK and in Eastern EuropeThe geographical expansion of our server network continues with the addition of semi-dedicated servers to the data centers in the UK and in Bulgaria.

Now you can offer this custom server hosting solution to a much larger customer base across the globe.

Offering your customers a closer location for their resource-consuming sites will translate into better loading speeds and an amazing website performance.

Semi-dedicated servers in the UK data center

The data center near London, UK, can now accept semi-dedicated server setup requests from you and your customers. It would be a great choice for webmasters from Western and Central Europe and from Africa.

You can enable any of the semi-dedicated server packages (Semi-dedicated 1 or Semi-dedicated 2) by selecting the Pulsant data center on the order form:

Semi-dedicated servers in the UK data center

Semi-dedicated servers in the Bulgarian data center

Our partnering data center in Sofia, Bulgaria, can now also accommodate your resource-heavy sites and apps at the same price. It is a recommended option for users from Eastern Europe and the Middle East.

Again, you and your customers can enable the semi-dedicated server packages by selecting the TelePoint data center on the order form:

Semi-dedicated servers in the BG data center

Semi-dedicated Servers – key service highlights

Here is a list of the key advantages of the semi-dedicated servers, which differentiate them from the other server hosting setups:

  • a guaranteed 99.9% service & network uptime – since the semi-dedicated servers are part of our shared hosting network, they offer a 99.9% service uptime guarantee, not just a 99.9% network uptime guarantee as is the case with the Virtual Private Servers and the dedicated servers;
  • no server management required – our administrators will be taking care of each semi-dedicated server, so you will not be responsible for any server administration duties (monitoring, troubleshooting, maintenance, etc. duties) whatsoever;
  • a free Hepsia Control Panel – our Web Hosting Control Panel comes with each semi-dedicated server by default, so there’s no need for additional setup procedures;
  • instant account setup – a new semi-dedicated server will be set up as quickly as a shared hosting account – right after the payment has been verified by our Sales Department;
  • large CPU quotas – each server will be allocated generous amounts of CPU time, which will empower users to host more resource-intensive sites, including busy WordPress blogs, community portals, e-shops, etc.;
  • large MySQL database query quotas – as with the CPU time, database-heavy website owners can take advantage of large database query quotas;
  • bigger email allocations – semi-dedicated server users can send more emails without an hourly outbound email limit, which gives them more power and flexibility, especially in terms of their email marketing campaigns;
  • a free dedicated IP – each semi-dedicated server will come with a free dedicated IP address, which can be used for SSL setup purposes, for example;
  • free VPN access – 5 GB of free VPN traffic will be ensured for each semi-dedicated server for trouble-free access around the globe;
  • Varnish – this web app accelerator, included with each package, will help users cache their traffic-heavy sites and make them load faster;
  • Memcached – this caching system is also included with each setup and will help users speed up their dynamic applications by reducing database load;
Backup Name Servers -

Backup Name Servers –


The NS records turn a floating domain into a fully functional host by anchoring it to a certain server on the web.

Since the availability of a web server might at times be compromised, most domain names have two name servers – the main one (NS1) and a backup server (NS2), which takes over if the  first one is experiencing problems.

To further secure the customers’ online presence, we’ve also added a second (NS3) and a third (NS4) backup name server to each host

 Most hosting providers provide only two name servers per host

It is a common practice in the web hosting industry hosts to be assigned only two name servers by default. This means that they will have only one backup server, which is usually  located in the same data center. Even if the provider offers more than one backup server, the second one will still be located in the same data center.

This way, if a major problem in the data center’s network occurs, which  is not uncommon in the industry as practice has shown,  the customers’ sites will be left out of the game.  

Thousands of users still keep bitter memories of the major network outage at the EIG’s data center in Provo, Utah, earlier this year, which took many servers down and left their sites offlinein the course of days. EIG keeps customers of leading hosting providers like Hostgator and BlueHost under one roof, so we can all imagine the scope of the issue.

Only users who had their own backup name servers in other data centers, were able to survive the crash.

A location-based name server backup service

We’ve learned from experience that the use of different networks to handle name resolutionwithin one and the same data center is not a solid guarantee for online availability. This is why, our admins implemented backup name servers in three different locations around the globe – NS2  in the Chicago data center (already existing), NS3 in the UK data center and NS4 in the Finnish data center.

This way, in the event of a massive network disruption in the Chicago data center, each next-level backup server will be able to take over the job from the previous one in the chain.

A backup name server (NS3) in the UK data center

While implementing the location-based backup service, our admins first added a name server in the Pulsant data center in Maindenhead, UK.

The UK facility has direct connections to international backbones and a very secure infrastructure. Also, the UK is a country with a lower risk of natural disasters like tsunamis and hurricanes, as compared to the USA.

A backup name server (NS4) in the Finnish data center

We’ve selected the data center in Finland to house the fourth name server for a reason. Located in an underground compound, which used to accommodate the Finnish Defence Forces, the data center can withstand even an atomic bomb attack.

Apart from the natural protection against disasters of all sorts, the facility offers an iron-clad security system, which further guarantees the flawless performance of the sites hosted there.

With the implementation of NS3 and NS4 name servers in different locations, you can now offer your customers a much more stable web hosting service, resistant to network failures and natural disasters, which, as we know, no host is immune to nowadays.

This addition will help you convert those clients of yours who only have a domain into actual hosting customers, since you will offer them triple online protection for their sites – something, which is unthinkable with their current host.

[Fri, 28 Nov 2014] – Thousands of CMS sites threatened by CryptoPHP malware. Learn how to protect your sites.

Our admins located a series of unauthorized attacks on CMS-based sites on our platform over the weekend, which appeared to be part of the CryptoPHP hacker ‘campaign’.

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plugins to compromise web servers.

This turns out to be a global phenomenon, which was discovered by experts in the Netherlands through a compromised Joomla plugin on a customer’s site.The plugin had been downloaded from a legitimate-looking site that offers a list of free, compromised themes and plugins.

What is the CryptoPHP malware all about?

By downloading and installing pirated CMS themes and plugins on their own sites, users also install the CryptoPHP backdoor, which empowers attackers to exercise remote control over their sites.

The CryptoPHP malware can inject infected content into the compromised sites and even update itself.

However, the main purpose of the malware is to conduct blackhat SEO operations. Experts have detected links and text injected into the compromised pages with the sole purpose of tricking crawlers into giving the hacker sites backlink credit and a pagerank.

Experts have identified thousands of plugins that have been backdoored using CryptoPHP, including both WordPress and Joomla plugins and themes and Drupal themes.

The exact number of websites affected by CryptoPHP has not been determined yet. However, specialists have reasons to believe that they are at least a few thousand.

How are sites on our platform affected by CryptoPHP?

Unfortunately, a few CMS sites on our platform became the target of CryptoPHP hackers as well. Upon locating the attack, our admins made a thorough investigation of the affected sites and found out that they all contain files like ‘social.png’, ‘social0.png’, or ‘social1.png’, etc.  in their code, which are actually PHP scripts instead of PNG files.

They have managed to clean all infected sites of the malware. However, they cannot guarantee that CMS users will not be compromised again if downloading a pirated CMS theme or plugin from the web.

What should I do to make sure I am not affected?

If you have ever installed pirated or untrusted WordPress/Joomla/Drupal plugins/themes/templates, you are potentially susceptible to a CryptoPHP attack.

This is why, you need to take immediate measures and check your sites for files named ‘social.png’. If the file is a PHP script instead of a PNG file, you are probably backdoored.

Also, if you realize that you are infected, you can resolve the problem temporarily by activating the Outgoing Connections Firewall from your Web Hosting Control Panel:

The backdoored sites are trying to make outgoing connections to certain IPs, so this will help you pause the attack until you find a way to resolve the problem.

The best way to protect yourself from the CryptoPHP malware is by making sure you download CMS themes/plugins from from trusted developers’ sites and popular marketplaces.

Here you can find the whole report by the Dutch company, which diagnosed and publicized the CryptoPHP malware:

Jail Host option in the Control PanelNot long ago, we enabled the ModSecurity anti-hack firewall on all our servers to shield your hosting account from malicious online activity around the clock.

As the global practice has shown, however, hackersmay find ways to infiltrate into the systemsurreptitiously (we all know that no one can possibly offer a 100% anti-hacker insurance) and manage to take over one of your hosts. Well, if that happens, it’s time for them to get ‘jailed’ in that host.

Through the new ‘Jail Host’ functionality, our web hosting system will outsmart the intruder by ‘jailing’ them.

What does the ‘Jail Host’ option stand for?

By activating the ‘Jail Host’ option for a given host, you practically isolate it from the other domains within the www/ directory of the same hosting account.

This way, if hackers try to attack the given host, they will be immediately ‘punished’ and ‘jailed’ in that host.

By being ‘jailed’, the intruders will not be able to use the host as a doorway to the rest of the system where the other hosts of yours are located.

This restriction works at the Operating System level, which will guarantee its efficiency in all cases of hack attacks on the given host.

When could I use the ‘Jail Host’ option?

The ‘Jail Host’ functionality can come in real handy when you hire a webmaster to work on your site. If you do not know the webmaster in person, then it would be reasonable to take all measures to protect your host.

In this case, most hosting providers would recommend giving the guy limited FTP access to the particular host. However, if the guy comes with cruel intentions, they will still be able to break the FTP barrier and to litter your account with malicious scripts. If you ‘jail’ the host first, you’ll never risk putting your hosting account as a whole at risk.

How do I activate the ‘Jail Host’ option?

The ‘Jail Host’ option is integrated into the Hosted Domains section of the Web Hosting Control Panel. It is available with all shared hosting plans, semi-dedicated servers and dedicated servers. The option is not available with our Virtual Private Servers because of its incompatibility with the virtualization technology.

In the Hosted Domains section, click on the Edit Host icon at the end of the Actions column:

Jail Host option - Edit Host panel

The ‘Jail Host’ functionality is located at the bottom of the Edit Host form. Just tick the box andclick on the Edit Host button:

Jail Host checkbox  in Hepsia

Does the ‘Jail Host’ option involve any other restrictions?

From a ‘jailed’ host, you will not be able to access the files hosted under a different domain within the same account. So, if you want to use them, you will need to deactivate the ‘Jail Host’ option first.

However, all the other domains in the account will have access to the ‘jailed’ host’s file system.


The ‘Jail Host’’ option helps users address a very specific security glitch, which lies deep under the surface.

Thus, it will add a new level of protection to your customers’ sites and will give you a very strong selling point in the eyes of prospective customers who are sensitive about online security. Actually, who isn’t?

What’s more, ‘Jail Host’ is a completely innovative option on the web hosting market and cannot be currently found readily implemented on any other hosting platform.

So what are you waiting for? Talk to your customers about security in a new and different way.

Base64 attacks are becoming more and more common these days. They involve exploiting a PHP vulnerability on a website and injecting malicious, base64-obfuscated code. The main targets of such attacks are poorly coded plugins that feature security holes.

The encoded code is decoded when the infected .php file is loaded and the actual attack is carried out. A popular attack is to forward a website to another page, which grants the attacker an affiliate bonus.

Here is an example of what a base64 hack looks like in a .php file:

eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=”)); – this code will output “this is a test” when decoded. A regular base64 code snippet will be significantly longer.

On our web hosting platform, there are several ways to deal with such hacks:

Restore a backup

With our cloud hosting accounts, we offer multiple daily backups, so anyone can easily revert to a previous version of a website with just a click. And we keep backups for up to 30 days.

Here is how to choose the correct backup:

– Log into the Hepsia Control Panel and navigate to the File Manager section;

– Head to the folder pertaining to the hacked website;

– Sort the files by modified date;

This way, anyone can see when the files were last updated. When there are multiple .php files that were updated 10 days ago, simply load an earlier backup with clean versions of those files.

If there are problems restoring a backup, our support team reps will be happy to assist.

Clean the files manually

To clean the files by hand, simply download them to a computer and clean them using a text editor. The Windows/OSX-compatibleSublimeText or the Windows-compatible Notepad++, both of which are available for free, will do a great job.

Once the files are downloaded, load them in the text editor and search for any base64 code. To see if there is any base64 code on the website, use the following search term:


Once you discover an instance, copy the actual code snippet and search again. Simply replace the code with an empty space to get rid of it. If there are still any other base64 instances, repeat the procedure until non are left.

Regular expressions can also be used to target base64 code on the website. Again, simply replace the regex matches with an empty space to clear them from the pages.

Here is a sample regex search term: /eval\(base64_decode\((.*)\)\);/i

Keep in mind that this type of search with target all base64 instances. This means that if any plugin or element of the site is using base64 encoding as well, it will also be removed.

Clean the files over SSH

When using terminal access, all infected files can be cleaned with just a few commands over SSH. If SSH access is not enabled for the account, it can be done with a request in theUpgrades section of the Hepsia Control Panel.

The first thing that needs to be done is to get a sample of the infected base64 code. Use this as a reference for cleaning all infected files.

See which files are infected by using the following command:

$ find . -type f | xargs grep “dGhpcyBpcyBhIHRlc3Q=”

This command will search for all files in the current folder that contain the following string:


Here is how the output of that command will look like:

 ./themes/default/single.php:<?php   eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=));

./themes/default/search.php:<?php   eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=”));

This will list all the infected files in the current folder and its subfolders. Once the list is ready, it’s time to eliminate the code.

We’ll use the sed program and our function will look like this:

find . -name “*.php” -print | xargs sed -i ‘s@eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=”));@@g’

Use the search function one more time to make sure that all the files are now clean. If the search returns no results, the website has been cleaned.

Preventing base64 attacks

As we’ve noted, a base64 hack will target a vulnerability in the code. So the best course of action is to always keep apps and plugins updated to the latest versions available. A good rule of thumb is to only download plugins that are actually needed. If a plugin is not used anymore – remove it from the application.

Also, when downloading new plugins, always keep track of the number of downloads and the update dates. If the last update is more than one year old, the plugin in question may be susceptible to an attack.