Steve Hanson's blog

Cloudflare and Drupal

We've recently signed up to be a Cloudflare partner. We have occasionally been using Cloudflare for some of our clients, and we've become believers. At least for a lot of our clients.

What is Cloudflare?

It's quite a few different things.  It's a Content Distribution Network.  Content from your site will be cached at data centers around the world, and served up from those data centers. Also your DNS will be distributed through these data centers, which will make your DNS lookups much faster. It also provides you with protection against web threats - requests that look suspicous will either be blocked if they are severe, and if they are less severe, they will provide a human challenge to the person trying to access the web site. This protection is adjustable, and is particularly valuable if you are fending off a serious DDOS or other form of attack.

Things we are working on

We're working on a lot of new hosting infrastructure projects we though you might be interested in.  A lot of this is in preparation to provide a better development and hosting enviornment for Drupal 8. We are re-imaging web servers and other servers to do a better job for modern Drupal hosting.  Things you can look forward to include:

  1. Composer baked into our servers for easier development.
  2. Compass baked into the servers for better development with CSS pre-processing.
  3. Starting to move new servers into CentOS 7 to provide newer hosting binaries.
  4. Better support for resellers.
  5. Easier setup for use of varnish and memcache on our higher-end server packages.
  6. Better support for Drupal 8 on shared hosting.  We want to be able to offer a reasonably-priced environment for hosting Drupal 8 sites.

This is all part of our commitment to provide useful hosting services to the Drupal community. We expect that although Drupal 8 is great, it's going to require more specialized hosting in a lot of cases.  We're committed to the Drupal community, and look forward to getting more input from you on your Drupal hosting needs now and in the future.

GHOST Busters!

You may have seen reference to the GHOST exploit that was recently announced.  You also may have seen some random reboots of our servers, taking you out of commission for 10 minutes or so.  We're patching all of our systems against this exploit (Just about done now) - this is  a fairly serious one that allows arbitrary script execution on servers, and is not really all that hard to do comparatively.  And unfortunately since it's a glibc issue, we really need to reboot all of the servers to completely protect.  So -- if yo

POODLE Attack!

You may have heard the recent information about the POODLE attack. Essentially this is an issue where SSL connections may revert to the known-unsafe SSLV3 protocol. There's really no fix for SSL V3, but there IS a cure that amounts to disabling the fallback to older SSL protocols such as V3. We're going to be doing two things about this:

  1. We are in the process of rolling out the recent Openssl fix that uses TLS_FALLBACK_SCSV to stop the rollback to older SSL protocols
  2. We are in the process of setting up to make our SSL servers no longer accept EITHER SSL2 or SSL3 as protocols.   This is really the right thing to do, but it WILL mean that people using browsers that do not understand recent secure connection protocols will be in trouble.  This specifically includes old versions of IE. The upshot of this is that once this is completed, people on Windows XP will no longer be able to make secure connections to our servers (with IE).  We see this as a minor issue compared to the possibility of compromised security.  We are NOT doing this step in the near future, but will be doing it as a normal consequence of a larger operating system upgrade some time in the next few months.

More details on POODLE below the fold:

Drupal 7.32

It's security update day in Drupal land.  Drupal 7.31 has a fairly serious SQL Injection vulnerability, which is fixed in Drupal 7.32. At the moment we're testing Drupal 7.32 (already did this site) and will be rolling it out on sites that are under maintenance for us as the day goes on.

This is in fact a REALLY serious problem and exploits are already in the wild.

We strongly advise that people do this upgrade.

Bash Security Issue - update

Update -

New versions of bash were released overnight that fix the remaining security flaws in the shell. We are in the process of rolling out the second patech to all of our servers and will be finished some time around 10 AM Central Time.

Some of you may have seen the news yesterday about a serious bug in bash allowing code injection.  We are currently in the process of applying updates to all of our servers for this security issue.  Unfortunately it has been discovered that the current available updates are only a partial solution.  We are installing the partial upgrade and looking into some security workarounds until such time that we receive new patches from CentOS.  We're working to continue to provide security to our customers.

What We Do

Cruiskeen Consulting is a general Internet consulting company, and we do multiple things. Primarily we provide high-capacity custom hosting for people who need high-performance reliable hosting for their Content Management Systems sites.  We primarily work with Drupal, and also do Drupal consulting and web design. Our hosting is tuned to be optimized for Drupal use, although it is also very effective for Wordpress sites.

Our servers are set up for the Drupal developer, and have Drush, git, and other useful services pre-installed.  We will happily work with you to provide other custom services for your site, such as Varnish, Apache Solr, and memcached. Our servers all use the APC PHP cache and our default MySQL servers are set up to be successful for using Drupal.


Subscribe to RSS - Steve Hanson's blog