Website Hacked!

There have been several Website hacking incidents recently that I think I should publish for the benefit of the Webmaster community.

Hacking Websites Via FTP

We are only as strong as the weakest link, remember? The weakest link, when it comes to Website security, happens to be FTP. Being a plain text authentication protocal, FTP account information is easy to intercept. Also, if there is a spyware/malware on your PC, it can pickup your FTP details when you log into the Web Hosting account. Once the FTP account is in the hands of a hacker or hacking software, all other security measures on your Website and code is virtually useless! 

Hacked by Spyware, Virus or Malware

In few recent hacking cases, we have seen a virus or spyware on Web designer's local machine logged in to the FTP Server and replaced all index.php with another file that simply redirects to another Website. All visitors to the Website are automatically redirected to the target Website.  Do you see those Websites or Businesses offering thousands of unique visitors for 20 bucks? May be some of them are using these tools.

Hacked via a Network

In another hacking incident, the FTP Server was being used from IP addresses all over the world. An IFRAME pointing to a target Website was embedded in most HTML pages. Looked like they have a large network of proxy setup so they can't easily be traced. We are not sure how they obtained the FTP account details. Since FTP is plain text, it could have been picked up anywhere along the way. The Web Developer may have had a spyware on their PC. But looking at the number of IPs used to connect to the Server, it appears that this hacking network have a spyware installed on PCs all over the worl!

What is this spyware anyway?

So what is this spyware program or virus that is stealing FTP accounts from people? It could be a software running quietly in the background, a peer to peer networking/torrent client that is freely available, a browser plug in (Toolbar), an innocent freeware program or it could be anything! We don't really know. 

So how can we protect our Websites?

Make sure your PC is clean from Virus Spyware etc. Avoid plain FTP and try using FTP over SSH (SFTP) or SSL (FTPS). If your hosting provider does not support any of these, consider switching to one that does! The FileZilla FTP Client (Free and available for both Windows and Unix/Linux) supports these secure FTP protocols.

If you are in Bangladesh and looking for a secure and reliable Web Hosting Company: Try Alpha Net's Web Hosting in Bangladesh. 

Hyper-V Review

Hyper-V is the virtualization component included in Windows Server 2008. Although Windows Server 2008 has been released already, the Hyper-V component is still in Beta, so it is not ready for a critical review yet. However, while the feature set of Hyper-V can change, the current beta release is stable enough  to put this new virtualization environment to test. We have installed and tested several 32bit and 64bit Guest OS on a 64bit Windows Server 2008 Enterprise and there has been no critical issue with the current release of Hyper-V. Here is my early review of Hyper-V.

Hyper-V vs Virtual Server 2005 R2 

If you are familiar with Mircosoft Virtual Server 2005 and wondering how Hyper-V is different, here are some important highlights:

• Hyper-V is built ground up as an integrated component of Windows Server 2008.
• It utilizes the virtualization capabilities of the underlying processors and provide better performance.
• The abstraction layer between a virtual operating system (guest) and the hardware is supposedly much thinner, providing better performance than Virtual Server 2005.
• It supports multiple processors for virtual machines (guest OS). Upto 4 virtual processors can be assigned to a guest machine as opposed to only 1 processor in Virtual Server 2005.
• Hyper-V also supports 64 bit guest operating systems, when of course the host is also 64 bit OS.
• The IDE channels can support upto 2TB of virtual storage.
• Unlike Virtual Server 2005, where management of Virtual Server Host and Guest is done through a Web based interface, Hyper-V management is through MMC snap in.
• Apparently Microsoft has plans of releasing Hyper-V as an independent component that can be installed on a server hardware without any host operating system! So you could install Virtual Windows Servers and Linux Servers on the hardware without having to install and pay for a host Windows OS.
• The virtual network connections in Hyper-V appear as 10GB links as opposed to 100MB in Virtual Server 2005!
• You could specify VLAN IDs for virtual networks.
• Snapshots! It saves the state of a machine and makes a copy of the virtual hard disk without having to pause and shutdown the virtual machine. The snapshot feature can be used to backup entire virtual machines. The Hyper-V management also keeps a track of the snapshots created for a virtual machine and you can revert back to any earlier snapshot.
• As of the current Beta state, Fedora 8 flavor of Linux installs on Hyper-V without any problem at all. We had no luck installing Ubuntu or open SUSE though.

While these all seems great, there are some notable limitations of Hyper-V:

• You can't have a SCSI boot drive! A Hyper-V guest machine can only boot from an IDE drive. While the performance of the new synthetic IDE driver is supposed to be better, if the underlying inteface is SCSI, there has to be some overhead. Most servers are likely to have a SCSI interface. The reason why Hyper-V guest machines can't boot from SCSI has something to do with the new synthetic SCSI driver. Because it does not emulate a real and known SCSI hardware, it seems it can't be booted from! I think it's a lame excuse and a Hyper-V final release better be able to boot from SCSI.
• Unless you install the Integration Services (formerly virtual machine addons in Virtual Server 2005), the IDE drvier performs much worse in Hyper-V compared to Virtual Server 2005. Guest OS installations are horribly slow for this reason. If integration components are not available or installed on a Guest machine, you are going to suffer the same performance issue.
• Linux integration services are available, but they are still in beta with very limited support. I think currently only for SUSE Enterprise 10.x or so.
• Because the Web administration interface is no longer available, remote administration of Hyper-V guest machines can only be done by either Remote Desktop, Terminal Services, or if your local machine has Hyper-V MMC snap in, then connecting to the Host machine with the Hyper-V MMC snap in.
  
• The Virtual Machine Remote Client (VMRC) is no longer served over TCP! Which means you can't connect to a Virtual Machine console with the VMRC client or a Web browser from a remote location. The Hyper-V Virtual Machine connection is a wrapper around remote desktop client and as of now only works on the host machine. So if the host machine is on a remote location, you have to use remote desktop and then connect to the guest machine. They don't recommend it because of this RDC wrapped into another RDC and there are good reasons for it. Unless the virtual machine integration services are installed on the Guest OS, you practically can't use a mouse in this situation.
• Undo disk feature is no longer available! Virtual machines for test and development are going to suffer from the absense of undo-disks.

Initial notes and thoughts on Hyper-V

Microsoft laid out the foundation of enterprise level virtualization with Hyper-V. Eventually, it would like to compete with high end solutions like VMWare ESX Server I suppose. However, including something of that value in a base server license wouldn't be a good business choice! So while Hyper-V is a great virtualization solution, I believe it alone will never be a complete enterprise  level virtualization solution. Microsoft System Center includes many additional features for Virtualization like automated virtual machine reconfiguration, flexible resource control, and quick migration.

I have read in the early writings about Hyper-V that you could hot-add resources to a guest machine, meaning adding hardware resources like memory and hard drive would be possible without taking down a guest operating system. I do not see these options in the current Hyper-V management console as of this review. Like Virtual Server 2005, all hardware resources are locked out while a guest OS is running or in saved state.

Since the IDE performance without integration services is worse than Virtual Server 2005, and guest machines can't boot from SCSI, Linux virtual machines will greatly suffer unless stable synthetic drivers are available supporting major Linux distributions.

The lack of remote access of Virtual Machine Console over HTTP(S) with VMRC is a great problem. Specially when the host machine is not locally accessible. This also also makes it difficult for virtual server hosting providers and opens opportunity for third party solutions.

Virtual Server 2005 will continue to strive along side Hyper-V as Hyper-V is only available on Windows Server 2008 while Virtual Server can be installed on most Windows OS including Windows XP workstations. 

MS DNS Server Using Excessive Memory and hanging

Just in case you are using Microsoft DNS Server as a secondary DNS, and installed updates realeased late in December 2007 or early January 2008.

There is a memory leak issue with an update for the DNS server released around that time that causes MS DNS to use excessive memory, as much as several hundred MB. Even worse, at some point the server stops responding to queries. The problem may be difficult to detect as it happens only when there are a lot of secondary zones on the server and secondary DNS server failure may go un-noticed for a while.

To my knowledge, no update has been released by Microsoft so far that fixes this memory leak issue,  so if you are being affected by it, your best workaround for now is probably what some of the other DNS admins are doing: restart the DNS service at a set interval.

On our two secondary MS DNS servers, we are using dnscmd.exe /restart in a batch file scheduled to run every hour. The dnscmd.exe restarts the service (or resets it, to be more precise) very quickly. However, this tool is a part of the 'Windows Server 2003 Support Tools' package, and if you don't have it or want to install it, you can also use Net Stop "DNS Server" and Net Start "DNS Server" commands in a batch file and schedule it to run every hour or so.

In either case, the schduled task must be run with an Administrator privilege to be able to restart the DNS service. 

Since restarting is quick and these are secondary servers, it is not a huge problem. 

Lets hope an update with a fix to this memory issue will be released soon. 

My blog, finally

Welcome to Haiders' .net.

I intend to write about little discoveries i make in life everyday.

If you have interest in Web Development (.net in particular), Photography, Martial Arts and Anime, this place may be of interest to you. My life pretty much revolves around these.