Apis Networks

New apnscp release: new Dashboard, htaccess driver, and more

A new apnscp update has been released featuring a brand new Dashboard. In fact, it’s the first major Dashboard since apnscp was released 7 years ago. Let’s discuss the Dashboard for a moment:

Dashboard

New Dashboard with integrated Google Analytics

New Dashboard with integrated Google Analytics

Of notable, and quite prominent change is Google Analytics integration. With a few clicks of the mouse you can have Google Analytics – with live user traffic – available on login. It ties into Pagespeed, which is another Google feature to optimize and minify your site content thereby making your web site load faster. Because who wants a slow website anyway?

This feature is only available on v5+ platforms (CPU limitations on older platforms, sorry!) If you’re on an older platform, open a ticket for a complimentary server migration.

htaccess Driver

In addition to Analytics, we created an app that makes managing your htaccess files easy: “Personalities” available under Web. It provides a few directives with error-checking and rollback support, so it’s impossible (on paper at least) to irreversibly break something. Personalities are still very new, so as always, I’m excited to hear your feedback!

htaccess driver under Web > Personalities

htaccess driver under Web > Personalities

Timezone Support

Timezones are now utilized for any date/time reporting. You can customize from the default America/New York timezone under Account > Change Information.

Control Groups

Control groups provide a reasonable way of guaranteeing CPU and memory for accounts on v5+ platforms by enforcing limits on others. For Developer+ accounts, memory limits are enforced to ensure a single user doesn’t monopolize all available server resources (you’d be surprised to see how often apps accidentally take up 4 GB+ of memory).  CPU is monitored, but not enforced at this time; consequently, CPU usage will always appear as 50% in the Dashboard. CPU includes user (non I/O) + system time (I/O) and memory lists current + peak usage to give you an idea of how your Passenger/CGI apps, e-mail logins, and web page requests are doing.

For convenience, CPU and memory utilization is available in the Dashboard below Google Analytics. It’s also available under Account > SummaryDev.

Changelog

  • NEW: (v5+ platforms only) dashboard! integrated Google Analytics + control group resource usage
  • NEW: personalities module, htaccess driver with input validation
  • NEW: cgroup module, hooks into cgroup controllers (memory, cpu) on Linux
  • NEW: timezone configuration under Change Information
  • NEW: batch processor, execute command when load permits (Util_Process)
  • NEW: control groups on v5+ platforms, enforce CPU + memory
  • NEW: module hook: _housekeeping(), invoked once on backend startup to assert permissions and, well, do housekeeping (Module_Skeleton)
  • NEW: cgroup module (Cgroup)
  • NEW: Chroot process execution (Util_Process::Chroot)
  • NEW: AutoSpam participation in Mail > SpamAssassin Configuration
  • NEW: process management module (pman)
  • FIX: wrong cgroup module name (Cgroup)
  • FIX: oversight on ER init, handler never installed (Error Reporter)
  • FIX: append username + domain on logout
  • FIX: memory.limit_in_bytes integer overflow on v6 platforms, compare as double, then cast to int after determining if overflow (Cgroup)
  • FIX: add_subdomain() improper world octal permissions applied if subdomain located in user home directory (Web)
  • FIX: convert absolute to relative symlink if subdomain document root is an absolute link that apache cannot follow (Web)
  • FIX: getpwnam()- ensure uid and gid are integers (User)
  • FIX: missing semicolon in Domain Preview (Dashboard)
  • FIX: retain whitespace in parameter presentation (DNS Manager)
  • FIX: overzealous trimming of whitespace can cause a record removal to fail if parameter ends or begins with whitespace (DNS)
  • CHG: flip storage/bandwidth gauges to be consistent with page template (Dashboard)
  • CHG: default call_app() return value now json (apnscp.js)
  • CHG: prefer in order sha512, sha256, and sha1 when generating a new private key (Ssl)
  • CHG: follow 301 codes as well
  • CHG: populate/depopulate cgroup filesystem on account creation/deletion (Cgroup)
  • CHG: cleanup svn rev/date keywords (Util_Process)
  • CHG: use transparency on refresh png
  • CHG: add KB to template (Page Template)
  • CHG: retry dns_get_record() in case of network interruption (DNS)
  • CHG: upgrade jQuery to 1.10.2
  • CHG: cleanup subdomain HTML (Subdomains)
  • CHG: inline reset.css in core.css to reduce http requests
  • CHG: UI fixup
  • CHG: get_bandwidth_rollover()- change date to be consistent with func description: date bandwidth rolls over, not rolled over (Site)
  • CHG: edit_mysql_user()- check if user/host exists before editing user (SQL)
  • CHG: default to login domain (Util_Process::Sudo)
  • CHG: add exec callback before proc_open (Util_Process)
  • CHG: default stream delay from 0 (blocking) to 5 sec (Util_Process)
  • CHG: support autoloading third-party vendor/ libraries (apnscpFunction)
  • CHG: replace storage/bandwidth gauges with CSS gradients
  • CHG: skip non-device mounts when reading /proc/mounts (Stats)
  • CHG: skip cgroup mounts (Stats)
  • CHG: store configuration constants in memcached if apc_store() unavailable on v6+ platforms (apnscpCore)
  • CHG: move basic memcached configuration into Cache_Mproxy
  • CHG: refactor create_maildir_backend() into pure PHP implementation (Email)
  • CHG: refactor module, replace mailbox indicator chars with constants (Email)
  • CHG: add location in the CP to fix dangling domains/subdomains on user deletion (User)

Comments

 

August 1: Mandatory Spam Cleanup Fee

A one-time $15 spam cleanup fee will be assessed per incident beginning August 1, 2015. This is to offset labor costs of cross-checking servers against a variety of realtime DNS blacklists, and manually checking with other sources that keep DNSBL data hidden from public consumption.

This fee will be automatically charged to your account. Failure to maintain a properly secure account and Internet connection may result in recurring fees until your account is properly secure.

Steps to secure your account

There are several methods to keep your account secure from attacks:

First, if you run software like WordPress or Drupal, always make sure it is updated. We take several steps to minimize the accessibility of an attack, but even these steps can’t protect you if your application is 2+ years old. Exploits do happen.

Creating a user in the control panel? These are the most often hacked by brute-force methods. Hackers cull your e-mail addresses from publicly available bulk listing services, then periodically over the span of 6-12 months, gradually try multiple password combinations in batches. Eventually, if the password is weak, they get a match and your account will begin relaying spam.

Third, don’t create throwaway accounts! This means never create an account named “test”, never create a password that you wouldn’t feel safe using every day.

Fourth, use password utilities like KeePass and LastPass. There is a multitude of programs to generate unique passwords and keep them in a safe place.

Fifth, use anti-virus software. Trojans lurk everywhere on the Web. Zero-day exploits are like bear traps waiting for an innocent victim – you – to spring it. Some trojans are purposed to steal confidential information, like logins, passwords, and credit card numbers from your computer. Always use an anti-virus. Popular AV software includes AVG and Microsoft Security Essentials for Windows and ClamXav for Mac.

Follow these five simple steps and you’ll remain safe and obscure from attackers.

Comments off

 

Augend RFO

On Monday, May 11 2015 8:30 AM EDT (-0400 GMT) Augend suffered a failed I/O controller, which resulted in dropped data streamed from its hard drives. No data loss was encountered; however, no data was written either during this window effectively rendering Augend inaccessible. The root cause was a bad capacitor embedded in the board. Resolution was further compounded by a faulty spare on-site requiring physical transfer of capacitors from the dead donor controller to the dead controller by desoldering/soldering parts.

Service was restored by 11:20 AM EDT after a few trips between the data center and office to perform repair. Because this was an extended outage window, we will be offering clients a 3-day prorated refund for those affected during this outage. Please open a ticket within the control panel to request a SLA refund.

Additionally, I will be inspecting all servers shortly for signs of failing capacitors (bulges) and replace as preventative maintenance when necessary. This is the third component to fail in 9 months as a result of a bad capacitor.

And always remember to follow @apisnetworks on Twitter. Outages are always communicated over Twitter, en masse, to all clients. You can stay updated with what’s going on real-time and we can work quickly to get your site back up and running.

– Matt

Comments off