If there is one thing every internet user agrees on, it has to be this: SPAM sucks. We have come a long way in the past few years - we now have sophisticated spam blocking software, authentication technologies like SPF, even hardware spam filters like the Mail Foundry we use here at SingleHop to provide spam filtering services for our client’s mail servers.

One method of keeping SPAM under control on the internet is to keep track of SPAM recieved and then prohibit the author of the SPAM to send further mail to your system. This method, called a blacklist, sounds simple in theory but has a number of non-trivial implementations in practice. Blacklisting an address might work for a short time, but addresses are easy to come by, and domains only slightly more difficult to obtain. The next step would be to blacklist the IP address the SPAM originated from. Since there is a limited number of IP addresses, and their allocation is managed rather tightly, banning an address from ever sending mail to your system is actually a pretty good way to keep up your signal-to-noise ratio.

If you decided to keep your own blacklist of addresses, it might take you awhile to get wise to the spammer hosts online. Luckily, there are existing systems to publish lists of offending addresses and make it easy for mail software to reject mail from those addresses. For instance, the DNSBL system, invented by Paul Vixie (of vixie-cron fame) as part of his MAPS system, allows mail servers to look up offending addresses using the DNS system. If you are a large email provider like Hotmail and Outblaze, you could quickly build your own lists of spammers, and in fact these providers maintain their own internal blacklists.

All of this infrastructure sounds great for end users trying to keep their inbox clear. But it is a huge bother for service providers like us. Like most hosting companies and dedicated server providers, our terms of service and spam policy prohibit sending spam. But occasionally, clients use their machines to send unsolicited mail anyway, or host their ’spamvertised’ websites with us. Occasionally, also, client’s machines are hacked and used to send SPAM. As a result of the SPAM originating from our network, portions of our IP Address space are sometimes placed on blacklists. If we are lucky, only the addresses used to send spam are blacklisted. Often, the entire customer subnet is blocked. In particularly egregious instances, entire class C subnets have been blacklisted!

This is a potential problem for you, our clients. When you buy IP addresses from us, you don’t want to find out that huge segments of the internet won’t accept mail from you! And we don’t want that either - our job is to make your server with us can do all the tasks you require of it.

As a result, we have spent, and continue to spend, a lot of man-hours dealing with blacklistings of our IP space. We are in constant communication with well-known DNSBL providers like Spamhaus and email providers like Outblaze, removing blacklistings, improving our policies and keeping our networks clean. Recently, however, I have created software tools which make the job more manageable for us and more reliable for you. Here are some of the things we now do to ensure you can send your email:

* Automated tools now check every subnet before it is assigned to a client to make sure it’s not blacklisted.

* Spam complaints from services like Spamcop are automatically processed and forwarded to your account executive, ensuring we know about spam problems instantly and can deal with them right away.

* Many mail servers require that reverse DNS information be correct before they accept mail from you - we set this information automatically!

* Without valid whois information, individual customer subnets cannot be identified and so entire Class C networks are sometimes blacklisted. We set your whois information automatically, so you will never be affected by other problems on your Class C subnet

These new tools have enabled us to be proactive in keeping our networks clean. Other providers wait until you’ve complained to them about mail delivery problems to take action. We have already cleaned up your subnet before you even began using it! So go ahead, run your own mail server with us. We promise, we’ve made it easy for you.

Hello Everyone,

I’ll keep this blog post very simple. We received word today that SingleHop has been awarded a coveted industry award from FindMyHost’s FindMyDedicatedHost.com. The award, which is for excellance and innovation in the field of cPanel Dedicated Hosting is the coveted Editors’ Choice Award. This is the third time SingleHop has been awarded by FindMyHost. Previous Editors’ Choice Awards from FindMyHost were awarded to SingleHop in April 2008 and April 2007.

I am especially proud of SingleHop winning this award twice in one year. While in different categories, the two awards symbolize our commitment to the industry.

In the caption about the award, FindMyHost said:
“SingleHop has shown they are here to stay, with their excellent take on how to service all customers. Their a la Carte suite of managed services is impressive and caters to all consumers (from beginner to advanced). Keep an eye out for some eye catching specials as SingleHop makes a statement within the industry”

Their words, not ours.

Anyways, thats it for today. Check back tomorrow for more exciting blog updates from SingleHop and team

-Dan

Hello World!

This is the first post from the development team here at SingleHop. Luke, my co-developer, and I tend to stay pretty busy writing code, and when we do get a moment to talk to our co-workers we are so busy raving about javascript errors and mySQL queries that nobody really knows, or cares, what we’re talking about. This post will be in a similar vein - prepare to be nerded at!

We here at SingleHop owe much to the open-source movement. Like many of our clients, we use Linux on our administrative machines, and we run open-source software like MySQL and Apache on those machines. So, it makes us feel good to be able to give back to the open-source community.

We help out in small ways, of course, by submitting bug reports and participating in online development discussions. Unfortunately, however, most of the development around here is pretty specific to our operation, allowing our sales and technical staff keep better track of our thousands of servers, switches, clients, IP addresses and sticks of ram. This code is heavily customized and not really interesting as an open-source project. Every once in awhile, though, we do create a tool that seems generally useful, and when we do we’ll put it up here to make it available to the general public.

As you can imagine, we have a lot of DNS zones around here, us being a hosting company and all. We use industry-standard DNS server BIND to serve these DNS zones to the outside world. However, it was becoming quite a chore for us to keep track of all our zone files, and even more difficult to automate operations that require manipulating those files.

To solve our DNS problems, we decided to migrate to BIND DLZ, a patch to standard BIND which allows zones to be hosted in an SQL database. We wrote a nifty user interface to the database, and we set up the infrastructure which will, one day soon, allow our clients to manage their own reverse DNS entries or even host their zones on our servers.

However, when we finished setting up and testing this new system, we ran into a little snafu. There did not seem to be a readily available tool to migrate our existing zone files to our SQL database. After scouring the internet for such a tool, I decided to write one, which is available here for you if you are faced with a similar task:

DNS Parser Script
.

This script is written in Python and operates as a finite-state automaton. We have successfully used it to migrate hundreds of zones, both normal and reverse. It spits out SQL statements in a format suitable for our own database layout, which hews pretty closely to the layout recommended by the DLZ website. Some customization may be required if you’re using it for your own DLZ database, but thanks to the beauty of Python, even someone who has never used the language before can probably find their way around the code.

This tool is being released under Creative Commons Attribution 3.0 license. Do what you want with it, give SingleHop credit, and, of course, use at your own risk. Or better yet, hire our management staff and let us take care of the rest!

After you have decided to go the Windows route while shopping for a dedicated server, you will be presented with multiple options for the platform. We provide the Windows Server 2003 Web, Standard, and Enterprise editions for use on our servers, with the 32 and 64 bit flavors of Standard and Enterprise. Most people will only need either Web edition or Standard, depending on what their needs are. Enterprise is used as well, but it is far less common than the latter two. Enterprise is built more for people that know exactly what they need from the operating system, such as clustering, so I will just be covering Standard and Web editions today.

There are several factors that one needs to consider when deciding between Microsoft SQL server 2005 Standard Version and Microsoft SQL Server 2005 Workgroup edition. There is a vast pricing difference, per processor, $220.00 per month for the Standard version and $55.00 per month for the Workgroup version, so I will be examining the major differences between to the two.

Wireless technology(wifi) is everywhere. Having wifi in your home means you can transfer files, share the internet between computers without wires and you can use your computer anywhere inside or outside that the wifi signal reaches. These are exciting times we are living in.

However, once people get their wifi working they generally forget about securing it. I know, because I see it all the time when wardriving. Wardriving is where you use software to scan for WIFI access points(AP). One of the programs I use is called Kismet, it categorizes all the APs by color: Encrypted & SSID Changed (GREEN), Not Encrypted & SSID Changed (YELLOW) and Not Encrypted & Default SSID (RED). Whenever I run the program, my screen is mostly Yellow and Red

While Windows Server 2003 can be more secure than its predecessors, it is only as secure as the weakest link. Therefore, you will want to have everything as secure as possible. This includes, but is not limited to, using software firewalls, hardware firewalls and the Microsoft auto-update feature built into windows 2003. The easiest way to have an unsecured server is by not having the latest updates. This is why enabling the Microsoft auto-updates will be talked about first, which we believe to be the most important.

Before we go anywhere, I wanted to say that I hard a hard time writing this article. The reason I say this is because CentOS and RHEL are essentially the same thing. Both distro’s use the same binary package format (RPM). Both use the same kernel version (I briefly discuss what a kernel is below). Both use the same versions of critical system packages
including glibc, zlib, openssl, coreutils, which are coincidentally free software that can be downloaded, built, and distributed as RPM’s by anyone compelled to do so. Really the only big difference is the mandatory support bundled with RHEL.

Supported users of RHEL can use the provided up2date application to install, and/or upgrade different RPM packages, including the kernel. Supported users also receive membership to the “RedHat Network”. The RHN compliments up2date by providing user’s with priority update email notifications, errata, and an automatic update facility. CentOS users also have a similar application called “yum”, which is detailed below. Depending on the level of support included with your RHEL purchase you are entitled to phone, and or web-based/email support.

CentOS does not provide any “official” support. However, there are many (archived) mailing-list and forum posts that share the same knowledge for free. Granted, it may take slightly longer to find the answer if you are the one actually posting to a list with your issue. This is exactly why we provide our own support services (for a nominal fee). One of our
skilled server administrator’s can login to your server, resolve the issue, and then show you the steps taken to fix the problem, were it ever to recur. I was not able to find a figure for RedHat’s support time-to-resolution, however they do guarantee time-to-respond (depending on the level of support you have). We guarantee a time-to-respond of 1 hour or less and our time-to-resolution via our support portal, on average, is slightly more than 1 hour.

CentOS does provide “supported” updates. Not because CentOS officially supports them, but because they are supported (tested/proven stable/secure) with the distribution’s base and committed as stable. Instead of ‘up2date’, ‘yum’ is used with CentOS. In the end, both of the package management systems complete the same upgrades. Actually, it strikes us as funny, because both package managers install the same RPM’s, the exact same versions, built with the same compilers, with the same tree of dependencies. For those who do not already know, RPM is the RedHat package management system, which is similar to an .msi installer in windows.

In addition to our General Management Package, SingleHop also offers kernel and OS updates. It’s true that we do use the package manager to update the applications included with the operating system, but we install a custom kernel with additional security and scalability features to every server. Also, we are very attentive to the security community, so as soon as a new vulnerability is discovered, we are ready with a workaround and/or patch.

Speaking of kernels, now is a better time than ever to explain what a kernel consists of and to denote the differences between the CentOS and RedHat kernels. A kernel or an operating system kernel, is the interface between software and hardware. The kernel is also responsible for managing process scheduler and TCP/IP stack. If you don’t want that
means, imagine your car without the engine. The kernel used in CentOS is identical to the kernel used in RHEL; both are based on the 2.6.9 tree and are heavily patched. The Linux kernel is released under the GPL (GNU Project General Public License), so RedHat is required by the terms of the GPL to release any modifications that they make to the kernel source to the open source community.

At Single Hop we are more than capable of supporting RHEL, CentOS, Debian, Fedora, FreeBSD, Gentoo, SuSE, or even Slackware. We specifically recommend CentOS for a few different reasons. Of these, the main reason is consistency. Nearly 90% of our Linux servers are currently running CentOS. Using the same distribution allows us to test updates on staging servers before applying them to your production machine. CentOS also functions perfectly with cPanel, which is our recommended hosting control panel.

Hopefully the article above answers your questions on the differences between the two operating systems. If you have any questions or would like to discuss this issue further, please feel free to contact us at contact@singlehop.com!

Thanks for reading,
John Skopis
Senior Systems Administrator
SingleHop Inc.