Hostirian will provide the EPIX production crew with advanced facilities

epix-presents-road-to-the-nhl-winter-classic-keyart-691x1024-01122017

St. Louis, MO, December 06, 2016 — Hostirian, L.L.C., a leading provider of business-class IT services announces its participation in the production of EPIX Presents Road To the NHL Outdoor Classics four-episode series.  Hostirian will provide the EPIX production crew with advanced facilities to process, download and transmit massive amounts of locally-recorded footage, on a daily basis, to their production facility in New York.  Hostirian’s state-of-the-art facilities are designed to provide the flexible solutions.

In November, premium TV network EPIX® and the NHL®, partnering for a third season, announced that EPIX Presents Road To the NHL Outdoor Classics will make its U.S. Television Premiere on Friday, Dec. 16, at 9 PM CT on EPIX with four weekly episodes.

This season, the series tells the stories of athletes and coaches from four teams and their journey to two games played on outdoor rinks. In commemoration of the League’s Centennial Celebration, the Detroit Red Wings and Toronto Maple Leafs will compete in the 2017 Scotiabank NHL Centennial Classic™ on New Year’s Day in Toronto, Canada. The Chicago Blackhawks and St. Louis Blues meet in the 2017 Bridgestone NHL Winter Classic® on January 2, in St. Louis. In addition to its airing on EPIX, U.S. hockey fans will be able to stream each episode of EPIX Presents Road To the NHL Outdoor Classics™ as a simulcast on EPIX.com, NHL.com and the websites for the four teams participating in the 2017 Scotiabank NHL Centennial Classic™ and the 2017 Bridgestone NHL Winter Classic®.

About EPIX Presents Road To the NHL Outdoor Classics:

EPIX Presents Road To the NHL Outdoor Classics is an EPIX Original series and presented in partnership with NHL Original Productions. Ross Greenburg is the executive producer; Steve Stern is the coordinating producer; Mike Greenburg, Peter Rogaris, Jonathan Fierro, and Eric Paulen are the producers; Aaron Cohen is the writer; Steve Lamme is the directory of photography; John Sands and Wayne Sharpe are the composers. Bill Camp is the narrator. Mark Greenberg, Jocelyn Diaz and Ross Bernard are the executive producers for EPIX, Jill Burkhart and Valerie Bishop Pearson are the producers for EPIX.

 

About Hostirian:
HOSTIRIAN, a division of River City Internet Group (www.rcig.net) was founded to meet the needs of regional businesses seeking a managed IT services partner capable of providing state-of-the-art and cost-effective hosting facilities, superb customer service and assistance in building and managing their business’s web infrastructure. Hostirian offers colocation, shared and managed web hosting services to businesses operating mission critical, multi-functional websites. In addition, Hostirian offers web hosting services to a rapidly growing number of application service providers, enabling them to more efficiently deliver application services to their customers over the Internet. Hostirian also offers value-added services, such as firewall management, 24×7 helpdesk and consulting services, including capacity and migration planning. Our services give the customer the option to use their own hardware and software or we can provide the hardware, software, network technology and systems management necessary. Hostirian’s core focus is to offer our customers comprehensive outsourced website and application hosting solutions.
Learn more about Hostirian’s solutions and offerings at www.hostirian.com or call us at (800) 615-9349.

Hostirian
Dave Naeger
314-216-7136
dave.naeger@rcig.net

 

Share This:

Vulnerable Joomla! Installation under active attack

joomla-logo

A Core Remote Code Execution Vulnerability (CVE-2015-8562) in the popular content management system (CMS) Joomla! was recently discovered. The vulnerability affects all versions of Joomla! prior to 3.4.6, and while updating the CMS to the latest version will patch the bug, there are still plenty of unpatched targets out there and Symantec has observed attackers actively scanning for and attacking vulnerable servers.

With over 50 million downloads Joomla! is one of the most widely used content management platforms and is used by some very popular websites, meaning the vulnerability potentially puts millions of users at risk. In an attack scenario, an attacker can use this vulnerability to execute commands on the server, tamper with the website or database contents, host malware on the server, or even redirect visitors to  other malicious websites.

How attackers find and exploit vulnerable servers
The exploit code is relatively easy to deploy and doesn’t require much skill, all that is needed is a single HTTP request. According to our telemetry, the methods attackers are using to scan for vulnerable versions of Joomla! is similar to methods we covered in a recent blog on an RCE vulnerability in the vBulletin platform. Attackers are scanning for servers running vulnerable versions of Joomla! by attempting to call a phpinfo() function or printing out an MD5 of a predetermined value. As with the vBulletin RCE exploit attacks, it is likely attackers are scanning and documenting vulnerable web servers for exploitation at a later time.

Let’s take a look at how attackers are doing this.

In one method used by attackers, if the targeted server is vulnerable, the MD5 hash for the value 233333 is printed in the response sent by the server.

Figure1_17.png
Figure 1. MD5 hash printed in the server response

Another method involves the attacker attempting to execute the eval(char()) function and waiting for any output from the die(pi()); function in the response. If this response is received it tells the attacker that the server is vulnerable.

Figure2_10.png
Figure 2. Server response from eval(char()) function

System administrators can look for the methods described previously as possible indicators of attack (IoA) or indicators of compromise (IoC). By examining web access logs, administrators can look for the requests and, if found, compare the time they were made to the time the server was patched to determine if the system was likely to have been breached.

Malicious script injection
Once a system is found to be vulnerable, the attackers can then proceed to the main attack. This usually involves the installation of a back door to enable the attackers to gain full access to the compromised computer.

The section of code shown in Figure 3 is part of an encoded PHP back door which is used against vulnerable Joomla! servers. Once the back door is established on the server, the attacker can execute commands, tamper with websites hosted on the server, or upload and download files at will.

Figure3_7.png

Read the full article at Symantec

Share This:

Facebook is once again putting the $41 billion computer network industry to shame

backpack-switch-sm1

Facebook has produced yet another computer network innovation that will once again floor the $41 billion network techindustry.

And Facebook will again share it with the world for free, putting commercial network tech vendors on notice. (We’re looking at you, Cisco).

The new innovation, revealed on Tuesday, is something called Backpack and it’s a second-generation computer switch, the successor to the one it released last year called the 6-Pack that directly challenged tech made by market leader Cisco (and others, like Juniper).

The difference is, the Backpack is way, way faster.

The 6-Pack was a 40G switch, which means it could stream 40G worth a data around a data center network. The Backpack is an 100G optical switch, which means it’s 2.5 times faster, and using fiber optics (aka light) to move data around instead of the traditional and more limited copper wires.

The Backpack is also a companion to the new switch Facebook announced last spring, called Wedge 100. The Wedge 100 is what’s known as a “top of rack” switch, that connects a computer rack of servers to the network. The Backpack then connects all the Wedge 100 switches together. In network jargon this is known as a “network fabric.”

Facebook is attempting to build itself a fully 100G data center and these two pieces get it much of the way there, along with the network equipment it announced last week that put the telecom equipment industry on notice.

Read the Full Story at Businessinsider.com 

Share This:

Hostirian Datavault Product Launch Party

hostirian-datavault-project-launch-party

We had a great time last night at our Datavault launch party. We would like to Thank our partners for making this such a great event.

Robert Hudson from Perficient for being our Speaker

Clarus Communications and T-Rex

Give us a call if you want to learn more about this fantastic new Cloud Backup solution that works on any platform. Learn More

 

Share This:

We Are Consolidating Our Branding

cropped-h-512-tiny-1.png

One brand. Same team. No confusion.

We are consolidating all of our messaging into the Hostirian brand. Over the next few months you will start to notice changes as we modify the branding on our invoices, maintenance window notices, support emails, and the websites. Our goal is to create a consistent message about who we are and the services we provide. You will not need to make any changes to your settings, servers, mail clients, etc. This is purely an effort to simplify our branding.

We will also be sending you updates on many other exciting projects. We are actively implementing upgrades to our network, updating our product lines, and installing new storage systems to increase the speed and performance of our services. In addition, we’ve enhanced our Security Operations Center, we’ve obtained our HIPAA certification, and are working on our SSAE16 certification. And there will be more projects that you will be hearing about in the upcoming months!

We appreciate your business and value your feedback. If you have any questions or suggestions, please let us know. You can email us at support@hostirian.com or give us a call 800-615-9349.

Share This:

St. Louis Companies Combine Technology For World Class Data Center

20772243319_8ddc56203b_o

Hostirian, a St. Louis based Hosting and Managed Services company, has chosen Enlogic cabinets, cold-row air containment and intelligent PDUs managed by No Limits Software’s RaMP Data Center Infrastructure Management for their new data center. Both Enlogic and No Limits Software are also headquartered in St. Louis.

“We love that we can work with local companies providing world class solutions for our newest data center in the Globe Building,” said Ken Cox, Vice President of Operations at Hostirian. The 26,000 square foot data center in downtown St. Louis is the largest carrier hotel building in the region. “The new cold-row containment pod provides 800mm wide cabinets, multiple PDUs for redundant power, and make a great home for your equipment,” added by Ken Cox. Both of the Hostirian data centers are SSAE-16 compliant, offer HIPAA compliant hosting, and security includes video surveillance, RFID badge readers, and 24x7x365 onsite team members.

Enlogic is a global power management provider and winner of the 2014 DCS Power and Cooling Product of the Year awards. They offer a full lineup of data center solutions including intelligent PDUs, smart cabinets, air containment solutions, and a comprehensive line of environmental monitoring devices.

No Limits Software is a leading provider of data center management solutions, including asset and change management, capacity planning, and real-time monitoring. Their RaMP software is the only DCIM (Data Center Infrastructure Management) solution which provides auto-discovery, automated change management, and real-time monitoring of virtual machines, IT equipment (servers, network, storage), and facilities equipment (power, cooling, environmental).

“We’re excited to be working with Enlogic and to be a part of one of the premier data centers in St. Louis,” said Dave Cole, president of No Limits Software. He adds that “the Hostirian team is very professional and their new data center is absolutely first class.”

ABOUT HOSTIRIAN
Hostirian is a St. Louis Hosting and Managed Services company providing Cloud Servers, Colocation, and Managed Services. Their around the clock Operations Support Services supplement customer teams by offering Help Desk, Monitoring, and SOC. They have 2 fiber connected data centers and over 14 years of experience working with small to medium sized businesses.
Learn more about Hostirian at www.hostirian.com.

ABOUT ENLOGIC
Enlogic was founded in 2011 by a group of former APC/Schneider Electric technology executives dedicated to providing innovative solutions to better address growing data center energy management needs. With a commitment to continuous innovation, Enlogic has become the technology leader and expert in data center energy management, helping data centers across the world to discover waste, improve operational efficiency and optimize energy utilization.
Learn more about Enlogic at www.enlogic.com.

ABOUT NO LIMITS SOFTWARE
No Limits Software is a leading provider of data center management solutions, including asset and change management, capacity planning and real-time monitoring. Their RaMP DCIM flagship solution allows you to more effectively manage your data center. RaMP eliminates the need for physical audits, dramatically reduces the time to find and repair equipment, improves systems availability and increases data center energy efficiency by providing accurate real-time monitoring.
Learn more about No Limits Software at www.nolimitssoftware.com.

Share This:

HTTP/2 Has Been Approved!

When the last version of the Hypertext Transfer Protocol 1.1 (HTTP/1.1) was approved in 1999, fast computers were running 500MHz Pentium III chips, Bill Clinton was president of the United States, and software engineers were working hard at fixing the Y2K bug. As for the internet, the US Federal Communications Commission defined broadband as 200 kilobits per second (Kbps), and most users connected to it with 56Kbps modems. Things have changed, and HTTP, the web’s fundamental protocol, is finally changing with the times, too.
http2
Read full article here: http://www.zdnet.com/article/how-http2-will-speed-up-your-web-browsing/

Share This:

We Now Offer SSAE 16 Compliant Hosting!

ssae-16

Hostirian, a St. Louis Hosting and Managed Services company is now offering SSAE 16 compliant hosting and colocation services. The SSAE 16 compliance audit reviewed and tested in-depth controls over the information technology and security used by Hostirian to deliver hosting products to their customers.

“Obtaining our SSAE 16 compliance shows that detailed policies and procedures for our operations and business are not only in place but tested thoroughly by an independent auditing firm,” says Ken Cox, Vice President of Operations at Hostirian.

“SSAE 16 compliance provides our customers with peace of mind that we are following repeatable, trackable procedures and shows a level of maturity to our business. We’ve also had customers whose partners or insurance companies are showing interest in SSAE 16 compliance,” continued Cox.

The SSAE 16 compliance covers all managed servers and colocation services provided by Hostirian including their cold-row containment pods which provide the ability to increase server density, locking doors, and dedicated surveillance cameras. The data center also logs and records on video all access to and from the data center.

About SSAE 16
SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70. The changes made to the standard will bring your company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402. The adjustments made from SAS 70 to SSAE 16 will help you and your counterparts in the US compete on an international level; allowing companies around the world to give you their business with complete confidence.

About Hostirian
Hostirian is a St. Louis Hosting and Managed Services company. Founded in 2001 Hostirian provides hosting for Websites, Cloud Servers, Dedicated Servers, and Colocation. Hostirian also has a 24x7x365 Operations Support Center providing Help Desk, Monitoring, and Security Services. Hostirian has over 14 years of experience working with small to medium sized businesses and their on-site staff is dedicated and available to you. For more information, visit https://www.hostirian.com.

Share This:

How To Protect Your Server From The GHOST Vulnerability

ghost-vulnerability-1
Want to know more about GHOST Vulnerability? It is listed as a Critical issue and is officially known as CVE-2015-0235. It is a vulnerability located in the glibc library of most Linux systems and takes advantage of a condition called a “buffer overflow” and can allow a remote attacker to gain complete control of a system. Any system running a version of glibc older than 2.18 is likely to be susceptible to an attack in this manner.

How to Check Your Server

Red Hat Enterprise Linux & CentOS
You can use rpm (the Red Hat Package Manager) to check the glibc version:
[root@box ~]# rpm -q glibc
The command will give an output similar to this:
glibc-2.5-123.el5_11.1
Note the version information, highlighted in red in the above example. If this version matches, or is more recent than the versions listed below, you are safe from the GHOST vulnerability:
- CentOS 6: glibc-2.12-1.149.el6_6.5
- CentOS 7: glibc-2.17-55.el7_0.5
- RHEL 5: glibc-2.5-123.el5_11.1
- RHEL 6: glibc-2.12-1.149.el6_6.5
- RHEL 7: glibc-2.17-55.el7_0.5

Any version older than these is vulnerable to GHOST and should be patched as soon as possible.

Debian & Ubuntu

The ldd command, used to check for dynamic dependencies, can be used to see the version of glibc on Debian-based systems, including Ubuntu:
debianbox:~# ldd -version
The output will look similar to this:
ldd (Debian EGLIBC 2.11.3-4) 2.11.3
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

Note the version information, highlighted in red in the example. If this version matches, or is more recent than the versions listed below, the system is not vulnerable to GHOST:

– Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
– Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20
– Debian 7 LTS: 2.13-38+deb7u7

Any versions older than these are vulnerable and should be patched as soon as possible.

How to Fix the Vulnerability

The simple way to fix the GHOST vulnerability, is to use the default package manager for your distribution to update the glibc version. Below, we will offer sample processes for a Red Hat/CentOS based environment, and for a Debian/Ubuntu based environment.

RHEL & CentOS
The default package manager for Red Hat Enterprise Linux, CentOS, and related distributions is yum:
[root@box ~]# sudo yum update glibc
When the system prompts you for confirmation, respond with ‘y’.

Once the system is done updating, you will need to reboot it. This is necessary because glibc is used by many applications, and those applications must be restarted to use the new library version. Theoretically, you could manually restart each application, but if you miss one, you will leave your system vulnerable to attack. You can reboot your system with either of the following commands:
[root@box ~]#sudo reboot
or
[root@box ~]#sudo shutdown -r now
Once your system has restarted, make sure the vulnerability has been patched by using the instructions from the earlier section.

Debian & Ubuntu

The default package manager for Debian, Ubuntu, and related distributions is apt. For currently supported versions of Debian and Ubuntu, update all of your packages to the latest version available. In most situations, we recommend doing a ‘dist-upgrade’, however, in some cases this may cause issues with certain packages, as the dist-upgrade command can add and remove packages in addition to upgrading them. If you are concerned that this is the case on your system, you can use ‘upgrade’ as an alternative, though make extra sure to check your system for the vulnerability afterwards if you do this.
debianbox:~# sudo apt-get update && sudo apt-get dist-upgrade
or
debianbox:~# sudo apt-get update && sudo apt-get upgrade
In either case, then respond to the confirmation prompt with ‘y’.

Once the system is done updating, you will need to reboot it. This is necessary because glibc is used by many applications, and those applications must be restarted to use the new library version. Theoretically, you could manually restart each application, but if you miss one, you will leave your system vulnerable to attack. You can reboot your system with either of the following commands:
debianbox:~# sudo reboot
or
debianbox:~# sudo shutdown -r now
Once your system has restarted, make sure the vulnerability has been patched by using the instructions from the earlier section.

For more information about the GHOST vulnerability, please see this link from the United States Computer Emergency Readiness Team (US-CERT):
https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability

Share This:

Twitter Boostrap 3.3.2 Has Been Released

For those of you currently using Twitter Boostrap in your website, Bootstrap announced version 3.3.2 yesterday! The release is focused on bug fixes, accessibility improvements, and documentation updates. It includes over 300 commits from 19 contributors.

Full details of the 3.3.2 release can be found on their blog post.

Twitter Bootstrap is an HTML, CSS, and JS framework that assists in developing responsive websites. They have lots of examples and great documentation to get you started.

BuiltWithBootstrap.com is a good resource to learn more and stay current on Boostrap. They have website examples and also provide Bootstrap news and tips.

Share This: