Apis Networks

August 1: Mandatory Spam Cleanup Fee

A one-time $15 spam cleanup fee will be assessed per incident beginning August 1, 2015. This is to offset labor costs of cross-checking servers against a variety of realtime DNS blacklists, and manually checking with other sources that keep DNSBL data hidden from public consumption.

This fee will be automatically charged to your account. Failure to maintain a properly secure account and Internet connection may result in recurring fees until your account is properly secure.

Steps to secure your account

There are several methods to keep your account secure from attacks:

First, if you run software like WordPress or Drupal, always make sure it is updated. We take several steps to minimize the accessibility of an attack, but even these steps can’t protect you if your application is 2+ years old. Exploits do happen.

Creating a user in the control panel? These are the most often hacked by brute-force methods. Hackers cull your e-mail addresses from publicly available bulk listing services, then periodically over the span of 6-12 months, gradually try multiple password combinations in batches. Eventually, if the password is weak, they get a match and your account will begin relaying spam.

Third, don’t create throwaway accounts! This means never create an account named “test”, never create a password that you wouldn’t feel safe using every day.

Fourth, use password utilities like KeePass and LastPass. There is a multitude of programs to generate unique passwords and keep them in a safe place.

Fifth, use anti-virus software. Trojans lurk everywhere on the Web. Zero-day exploits are like bear traps waiting for an innocent victim – you – to spring it. Some trojans are purposed to steal confidential information, like logins, passwords, and credit card numbers from your computer. Always use an anti-virus. Popular AV software includes AVG and Microsoft Security Essentials for Windows and ClamXav for Mac.

Follow these five simple steps and you’ll remain safe and obscure from attackers.



Augend RFO

On Monday, May 11 2015 8:30 AM EDT (-0400 GMT) Augend suffered a failed I/O controller, which resulted in dropped data streamed from its hard drives. No data loss was encountered; however, no data was written either during this window effectively rendering Augend inaccessible. The root cause was a bad capacitor embedded in the board. Resolution was further compounded by a faulty spare on-site requiring physical transfer of capacitors from the dead donor controller to the dead controller by desoldering/soldering parts.

Service was restored by 11:20 AM EDT after a few trips between the data center and office to perform repair. Because this was an extended outage window, we will be offering clients a 3-day prorated refund for those affected during this outage. Please open a ticket within the control panel to request a SLA refund.

Additionally, I will be inspecting all servers shortly for signs of failing capacitors (bulges) and replace as preventative maintenance when necessary. This is the third component to fail in 9 months as a result of a bad capacitor.

And always remember to follow @apisnetworks on Twitter. Outages are always communicated over Twitter, en masse, to all clients. You can stay updated with what’s going on real-time and we can work quickly to get your site back up and running.

– Matt



New apnscp update: 105 changes, embedded terminal, SSL app, bulk mailbox support

A new apnscp update has been released to the servers. Of importance (and the most prolonged development time), is a new SSL application that allows you to manage your SSL certificate from the control panel. We’re testing the correctness of everything, before putting SSL management on auto-pilot. You can do everything except install a new certificate at this time. Just open a ticket within the control panel to have us update your SSL certificate.

SSL certificate management app

SSL certificate management app

Mail > Manage Mailboxes now supports a simple syntax to bulk-add mailboxes following the form:
<mailbox to create> <address1>, <address2>, <addressN>

Bulk add dialog in Mail > Manage Mailboxes

Bulk add dialog in Mail > Manage Mailboxes

Reports > Storage Tracker now includes a historical graph of storage usage for users, giving you a better indication of their historical growth rates.

Historical storage usage in Reports > Storage Tracker.

Historical storage usage in Reports > Storage Tracker

And finally, for accounts that qualify for terminal support, Dev > Terminal includes a built-in terminal!

New terminal interface in Dev > Terminal

New terminal interface in Dev > Terminal

We added some more features under the hood, including argument decomposition, a new process spawning via fork, and vanquished a throng of bugs. Enjoy!


  • NEW: initial SSL app release
  • NEW: bulk mailbox creation (Manage Mailboxes)
  • NEW: DNS bypass file to skip domain verification process (Aliases)
  • NEW: file manager command: create file, creates an empty file named after input
  • NEW: historical storage usage graph (Storage Tracker)
  • NEW: decompose() – break a string down into its command and arguments (Util_Process)
  • NEW: embedded terminal for Developer+ accounts (Terminal)
  • NEW: process Fork class, for when you need to fork a process off (Util_Process)
  • FIX: compat fix, mounting procfs with hidepids=1 masks crond process (Crontab)
  • FIX: remove_transport()- auto-detection failed to remove MX record on positive (Email)
  • FIX: null arguments bypass remainder of arguments (Module Skeleton)
  • FIX: change_domain()- refrain from passing null to dns_get_records_external, invoker misinterprets argument list as finalized (Auth)
  • FIX: jQuery browser detection bitrot (AJAX Unbuffered)
  • FIX: delete()- remove symlinks to which the referent does not exist (File)
  • FIX: help formatting error on apps with hidden breadcrumbs (Page Template)
  • FIX: workaround for visible hidden mounts in systemd (Stats)
  • FIX: move()- moving multiple files to a directory fails (File)
  • FIX: update multiselect compatibility with jQuery 1.9
  • FIX: XSS in DNS parameter field (DNS Manager)
  • FIX: balance quotes in TXT records if quotes exist adjacent to start/end (DNS)
  • FIX: retain key association on message buffer sort (Page Container)
  • FIX: correctly populate subdomain/domain host maps, include subdomain domain maps for flipping between reference (Mail Routing)
  • FIX: incorrectly sync directories outside user-writeable filesystem (Transfer)
  • FIX: verification hash fails, because site/info/current directory not always accessible by other users (Aliases)
  • FIX: session cache clobbered (afi)
  • FIX: hidden wiki text appears outside viewport resulting in elongated horizontal scrollbar (Page Template)
  • FIX: sudo process wrapper incorrectly asserts domain check for admin (Util_Process:Sudo)
  • FIX: fixup file transfer sources (Transfer)
  • FIX: busted downgrade logic (CLI::Transfer::Fixup)
  • FIX: keep DNS if domain unauthorized to handle mail on server, resolves migrations in which mail is remotely handled (Transfer)
  • FIX: ACLs not set properly on Majordomo directories on platforms 4.5+ (Majordomo)
  • FIX: lookup decomposed domain from hostname to determine if domain can carry e-mail transports (Transfer)
  • FIX: severity class sort broken (Page Container)
  • FIX: files improperly synchronized during xfer (Transfer)
  • FIX: formatting (Site Map)
  • FIX: mysql database transfer fails from unbraced multi-line if block (Transfer)
  • FIX: terminal single-row height in IE (Terminal)
  • FIX: fix PEAR base class for PHP5 deprecation notices
  • FIX: autofill yellow background overrides field images (Login)
  • CHG: visibility of crm_get_subject_id_by_name (CRM)
  • CHG: truncate decimals from file size (Trouble Tickets)
  • CHG: include distinction between backend/frontend stack trace (Error Reporter)
  • CHG: ignore certificate backup copies when determining if SSL certificates installed (SSL)
  • CHG: rewrite Traceroute app (Traceroute)
  • CHG: add proxy cookie to track server to proxy requests to (Login)
  • CHG: perform CP server lookup + redirect if domain not on server (Login, Auth_UI)
  • CHG: only initialize rvm gemset in edit hook if procfs is present (Ruby)
  • CHG: recursively resolve SSL chain (SSL)
  • CHG: convert between DER and PEM formats as necessary (SSL)
  • CHG: ignore “info” message types (Util_Account::Editor)
  • CHG: clear_buffer(class) now strips the class from the error severity (Error Reporter)
  • CHG: rename Use SSL to Require SSL (MySQL Manager)
  • CHG: prevent ability to name subdomain “www”
  • CHG: during migration, port_index cannot be guaranteed. Unset this value and let the server negotiate an appropriate port (Transfer)
  • CHG: add general template inheritence to PostgreSQL db creation (SQL)
  • CHG: remove fst prefix for Majordomo wrapper (Majordomo)
  • CHG: always ensure vsftpd configuration files have root ownership, obviates custom patches (FTP)
  • CHG: separate DNS bypass logic into _is_bypass() and _remove_bypass() (Aliases)
  • CHG: remove_transport()- add warnings if no MX present upon deauthorizing a server from handling Mail (email)
  • CHG: add note if no domains are configured to handle e-mail (Mail Routing)
  • CHG: prefer meta domain over apnscp db domain (CRM)
  • CHG: DNS verification workaround for migrated accounts (Aliases)
  • CHG: add select all to clipboard (File Manager)
  • CHG: follow 302 responses (File Manager)
  • CHG: confirm database name in status on MySQL/PgSQL database creation (SQL)
  • CHG: disable garbage collection globally (apnscp Core)
  • CHG: update wiki links to kb links
  • CHG: match pma cookies on word boundaries (phpMyAdmin)
  • CHG: cleanup auth code (Auth)
  • CHG: disallow p tag on pasting (Trouble Tickets)
  • CHG: encode/decodeEntities JS helper functions (apnscp.js)
  • CHG: add prepopulated state/province support for CA/MX/IT/AU/BR/IN/BE countries (HTML Kit)
  • CHG: upgrade TinyMCE to 3.5.11
  • CHG: make AJAX status indicator global instance (DNS Manager)
  • CHG: cleanup strict warnings (Billing)
  • CHG: raise error on record deletion with no records selected (DNS Manager)
  • CHG: ignore swap reporting on swapless servers (Server Info)
  • CHG: update Rails Quickstart to new KB (Code Frameworks)
  • CHG: reduce TTL on IP changes from 1 day to half day (Change DNS)
  • CHG: clean-up Mail Routing
  • CHG: get_package_type() – retain response only 12 hours at most (Billing)
  • CHG: implement array_column() backwards-compatibility for older apnscp installs
  • CHG: cache quota tracking data (Account)
  • CHG: upgrade Mousewheel, Event.Drag jQuery plugins (Flot)
  • CHG: disable FOLLOWLOCATION for phpMyAdmin auto-login (phpMyAdmin)
  • CHG: require change of primary domain to use hosting nameservers (Auth)
  • CHG: Server Uptime stat to Last Reboot (TemplateConfig)
  • CHG: only support mysql user creation by IP or IP + wildcard, deny creation by hostname (SQL)
  • CHG: drop DNS view cache from 5 minutes to 1 minute (DNS Manager)
  • CHG: update e-mail login link to new KB (Manage Mailboxes)
  • CHG: auto-detect if suitable to add/remove MX records on mail authorization/deauthorization based on presence of custom MX records (Mail Routing)
  • CHG: add note that login request expired because of single-use (Login)
  • CHG: use pcntl_exec() for forked processes (Util_Process::Fork)
  • CHG: don’t validate subdomain existence when adding virtual transport to domain (Email)
  • CHG: shared_domain_exists() now returns true if domain parameter is primary domain (Aliases)
  • CHG: separate blocking subdomains and domains that must be removed before dropping a user (User)
  • CHG: move inaccessible subdomain warnings to separate function, validate_subdomains() to reduce message pollution (Web)
  • CHG: make domain verification process more clear (Addon Domains)
  • CHG: clean-up MySQL constructor
  • CHG: Apache 2.4 compatibility: turn off DirectoryIndex to prevent rewriting index file (Terminal)
  • CHG: PHP 5.6 compatibility, ensure always_populate_raw_post_data is off
  • CHG: isSSL() helper function (Util_HTTP)
  • CHG: enabled() may also be called by users to validate if ssh is enabled (ssh)
  • CHG: rename Page_Container::getLogin to Page_Container::getLastLogin to avoid potential overwrites (Page Container)
  • CHG: extract method password reset for AJAX callback (Login)