Remember rootkits?

Five years ago we were constantly fighting off hackers who would hack an insecure web site then try and install a rootkit so that they could own the server. Now? Nothing. They don’t even try and attack the server. We have all sorts of rootkit detection software on our servers (rkhunter, OSSEC, etc.) and I’m starting to wonder why we bother when a hacker has everything they need when they’ve compromise a web site.

Powder Day Bandwidth

When you host Ski Area web cameras like we do, bandwidth goes big along with the storms. Here’s what one of our web cam streaming server’s bandwidth looks like over the last week.  And yes, its been snowing for exactly the last three days!  I’d wager we could write an algorithm that would determine ski area snow fall amounts by the amount of bandwidth that their web camera’s are using…

Screen Shot 2013-02-22 at 9.45.11 AM

The new Brownrice Data Center!

Our existing server space is close to capacity so we’re building a bigger and more awesome-r one!

The new Brownrice data center will be larger, greener, and more secure than our existing server space and will utilize a smart, fresh air cooling system with air conditioning and generator backup, multiple layers of physical security, and will improve on our already robust physical network redundancy.

It will also look *super* cool.

So if you’ve been looking for a place to co-locate your servers or server racks, look no further than Brownrice. And feel free to come by anytime and we’ll give you a tour.

New Summit Cam!

I LOVE when ski areas put our cameras in far away and cool places.  Red River Ski Area installed this one and its called “The Summit Cam.”  Check it out:

This will only display if no Flash or Javascript


WordPress hack post-mortem

Yesterday morning we had a client who’s got a site on a virtual server email to say:

Hi Oban –

I just had a business colleague say that he went to my site, got a malware warning, and his entire hard drive was wiped out instantly.
Hard drive instantly wiped out instantly?!?  Pa-leeease!
Nonetheless, this is a WordPress site so Dave looked through the code and didn’t see anything immediately out of line.  We both visited the customer’s site and neither of our hard drives were instantly wiped out (we are craaazy risk takers!)   I also looked at what Google’s Safe Browsing site currently thought of our network – which was that everyone was clean a whistle.
Dave emailed the client to say that this sounded like a false alarm but to keep us posted.   I decided to run the site through Sucuri.net’s free site scan and bingo! a javascript exploit was found.

Hacker extraction – New personal best: 10 minutes!

Last night, just before turning off the lights and harassing my wife, I received a text message from our server monitoring software saying that the mail queue on one of our shared web servers had suddenly spiked.  Lots of emails being pumped out of a shared web server is almost always the sign of something bad.

10:25pm

Logged into machine and examined one of the emails in the mail queue.  Because we roll our own PHP its compiled with a patch that inserts the full path to the script that sent the email. Years ago, when we didn’t have this patch installed, determining which site and/or script sent an email could have taken hours – or be nearly impossible to figure out.   Here’s what the mail header looked like (note: the actual web site address has been modified to protect the client):

Continue reading Hacker extraction – New personal best: 10 minutes!