This blog has seven days to get hacked

I’m speaking at Wordcamp Albuquerque 2013 a week from today.  My session is called Hacked!  How they hack it and how you clean it where I’ll dissect a real-life WordPress hack and show everyone how I suavely and bravely root out the hacker, sleuthily determine how he got into the site, and then kick him out and slam the door behind him.

However, there’s a problem.  I figured there would certainly be a WordPress hack on one of our hosted customer sites between when I signed up for the talk a few months ago and now.  I’ve waited and waited, and shockingly, all of our customers have listened to us and have been keeping up with their WordPress updates.   So we haven’t had a single WordPress hack to clean up.

So I need this blog to get hacked.  The sooner the better.

Oh, and to speed this thing along and I’ve reverted this blog’s WordPress code back to WordPress 3.0.  This blog currently has more vulnerabilities than a president asking congress to approve a bombing on a mideast country.

I’ll update this blog and our twitter account with daily updates on my situation.  Stay tuned.   This could get interesting.  Or embarrassing.

The Brownrice data center energy efficiency

This is an outlet
This is an outlet

So how does the new Brownrice data center measure up to the rest of the data center industry?  First some background and then the numbers!

The Metric: PUE

The data center industry uses a fairly simple metric called Power Usage Effectiveness, or “PUE.”   While there is legitimate debate about whether PUE is the best way to measure power efficiency it does seem to get right to the core of the matter:  How much extra power do you consume to cool your servers and keep the lights on?

Continue reading The Brownrice data center energy efficiency

How many visits can a virtual server handle?

 

There are a lot of variables that go into how many hits and visits a virtual server can handle; from how efficient the site’s code is, to how beefy the host server is, to how over-sold the host server is (among other things.)   Regardless, I still thought you might be interested in seeing some real numbers from a popular web site that we host on a virtual server:

Month Total Visitors Visitors per Day Unique Visitors Unique Ratio Pages Hits BW
April 2013 285,598 9,519.9 183,722 64% 3,521,151 31,729,312 1,149.2G

 

In April, on a 4GB RAM virtual server, this site served pages to 285,000 visitors and had 31.7 million hits.

Breaking this down further we might assume that a similarly coded web application could handle about 70,000 visitors on a 1GB RAM ($39.95 per month) virtual server and about 35,000 visitors on a 512MB RAM ($19.95 per month) Brownrice virtual server.

 

What security tools do we use?

Clamav
Clamav

 

What tools does Brownrice use to alert us to a compromised hosted web site or server?  Let me show you:

OSSECA great open source tool that constantly monitors server log files and file systems in real-time. OSSEC’s log monitoring helps with an important part of PCI Compliance, it can be configured to automatically block bad guys from doing bad things, and its a fantastic tool for post-mortem hack analysis.  We have OSSEC installed on all of our hosting servers, virtual servers, and managed customer servers.  It reports back to a mother-ship server so we can keep an eye on things from a central location.

Continue reading What security tools do we use?

Remember rootkits?

Five years ago we were constantly fighting off hackers who would hack an insecure web site then try and install a rootkit so that they could own the server. Now? Nothing. They don’t even try and attack the server. We have all sorts of rootkit detection software on our servers (rkhunter, OSSEC, etc.) and I’m starting to wonder why we bother when a hacker has everything they need when they’ve compromise a web site.

Powder Day Bandwidth

When you host Ski Area web cameras like we do, bandwidth goes big along with the storms. Here’s what one of our web cam streaming server’s bandwidth looks like over the last week.  And yes, its been snowing for exactly the last three days!  I’d wager we could write an algorithm that would determine ski area snow fall amounts by the amount of bandwidth that their web camera’s are using…

Screen Shot 2013-02-22 at 9.45.11 AM