New Server Upgrades for BWG*03 East

Note- IP addresses have changed and you should update your FTP access accordingly.

As we perform multiple upgrades to the servers, we also make incremental security upgrades. The new server has more power and more RAM. Nobody will have noticed the upgrade, as it is seamless. However, if you did notice an issue please login and open a ticket. We’ve upgraded the CENTos on the server, which required a series of other updates, so we’ve elected to make an additional series of server updates for security, and speed. Doing so may affect the way your server is accessed and behaves, for instance, the IP address is changed. The following notes are some key things your admin might need to know if you are are on the server labeled BWG-03-EAST.

* The FTP server configuration requires encryption to issue commands. If TLS for FTP is not enabled in your client, you will need to enable it at this point for connections to occur. The configuration has been modified to prevent the root user from accessing ftp at all.
* SSH settings have been modified in several ways to enhance the security of your server. The first change is that root user logins are disabled. This means you will need to log in as ‘sshuser’ and use the ‘su’ command to become the root user.
* The vulnerability scans we perform will be sent monthly to the contact email address that we have on file for your account. Please let us know if you would like this changed.
* We have also installed new ModSecurity rules. Few problems generally occur with these rules, however, if you notice you are denied access to pages that worked fine before, be sure to let us know, as we can disable rules for certain sections of your site, if necessary.
* Some configuration changes were made to php through the php.ini file, including some changes that disabled certain functions that are often used to propagate malware. We also ensured that php error reporting is not passed to the user.
* The Mail server configuration was adjusted to require a higher SSL/TLS standard, and will now require connections to use the secure ports. This may need to be adjusted in your email client configuration.
* The ConfigServer eXploit Scanner is available to you through WHM.