How to patch your Linux Server against newly discovered glibc vulnerability?

There is a very critical security problem detected with linux server which allow hackers to gain access to your Mailserver and SSH without ever knowing it’s password.

It is a buffer overflow caused by Glibc known as GHOST, it is vulnerability # CVE-2015-0235 which announced on 27th January. More details about this issue is here.

You can patch your C Library (Glibc in CentOS or libc in Debian) easily know. they have published fix and all you need to do is to update your server and then reboot it.

In CentOS (5,6,7) you can run following commands to fix this issue:

yum update glibc

and then you need to reboot your server:

shutdown -r now

And you are on safe side now!

In Debian or Ubuntu, you can use:

apt-get update
apt-get upgrade

to update your OS.

again, type reboot command to reboot your server:

reboot

and now your servers are safe 🙂

 

 

How to boost your online campaigns using Hitsteps?

To get most of your online campaigns, you need to have a good analytics solution to track it for you. Lesson learn while tracking your campaign will be priceless and best experience for your next campaigns.

Measurement is key for success, if you don’t set goals, you’ll never reach your goals! and that’s first step in Hitsteps.

Create your goal in hitsteps. Your goal is ultimate/final page where you want your clients to go or click, and then create campaign start page. Connect your campaign to your goal.

Next step is to Label each key page funnel along the way. It allow you to view where your visitors are at any given stage. You can search visitors based on labels they trigger, or see label tag next to each visitor in Hitsteps dashboard or any other lists. You can make a label for your Landing page, Funnel page, Another funnel page and Final page.

In labels page, you can see progress of each label. you can see exactly how many visitors trigger main page, how many proceed to next page, and how many finally made it to goal page.

In campaign page, you can see those who started campaign but haven’t finished it yet. you can checkout their behaviour in your website to understand why.

Calculating your ROI never been easier.

Don’t go having your next campaign without tracking them first, it’s like throwing eggs down to the floor!

Customize Your Web Analytics Dashboard

How’dy!

We’ve took one step toward personalization!
Some of you have asked us how to customize dashboard, here it is now!

Open your dashboard, and move widgets around. put them wherever you prefer them to be.

You can even resize that big active visitors widget and make it smaller!

If you think our current default layout of dashboard widgets is not appealing, share yours with us at sales@hitsteps.com

We would like to see it from your side 🙂

move

Copy large files between servers

There is an issue we faced while part of our database to another server far far away for performance and stability. However, SCP appears to transfer at 2MB/s where network was 10MB/s. we cancelled transfer and used alternatives.

What are alternatives you can use?

First, you can speed up SCP by turning on compression which will have a slight effect:

scp -C -o 'IPQoS throughput' -o 'CompressionLevel 9'  -c arcfour file

however, there seems to be some issue when transfer time passed 5 minutes, it just get slow and slower due to network latency. Rsync was not an option as we needed a parallel way.

If your both servers are in same data center, then either rsync or scp would do just fine, but in our case, We came up with Axel! it is not quite similar to others, but does job perfectly. It works excellent when data centers are far away.

Axel is a parallel HTTP downloader which support resume, and can download as fast as available bandwidth. Transfer time has been cut down to 30 minutes and 10MB/s (fastest our network support)

A simple command can such as:

axel -a -v -n 8 http://domain.com/somerandomfolder/largefile.zip

can do the job and use maximum capacity of your internet. However be aware that once you copy a file in your HTTP address it will be accessible to the world, make sure URL is kept secret and you delete file from URL as soon as download is finished.

You might need to install axel via

yum install axel
apt-get install axel

DNS Load Balancing and Auto IP Failover

We had a scenario here, which we needed to distribute load between few servers, buying a load balancer was not an option (or at least we wanted to experiment with DNS Load balancing) and it worked great.

Afterall, A load balancer is just another point of break in case your load balancer crash!

Please note that this load balancing won’t check status of servers and randomly return IP addresses (but your visitor won’t see a crashed server!)

Another side effect is that DNS load balancer won’t keep same visitor on same server on each page refresh or link change, so you need a shared session for all servers.

PHP’s default session uses file system and isn’t made for sharing between servers, so you’ll need a shared session manager. memcached is a great option here. sync all your server PHP sessions by connecting them to memcached of a server.

Next step, you need to make sure your database is replicated as master-master and file system is synced (you can use lsyncd for file system sync)
If you have more than 2 servers, you might need to use MySQL 5.7 above, because they offer multi-source master replication, so your slave server can connect to 2 masters at same time.
Before MySQL 5.7, multi-master replication was done using round robin replication which causes big problem in case one of servers go offline.

Now, lets see what will happen when you add multiple A records to your DNS.
so, lets say we have this record:

A   www.hitsteps.com   123.123.123.123

We change it to:

A   www.hitsteps.com   123.123.123.123
A   www.hitsteps.com   123.123.123.124

Where 123.123.123.123 is your first server’s IP address and 123.123.123.124 is your second server IP address.

And it is done!

So here is what happens in our experience. Browser randomly choose one of these IP addresses. since file system and session and database is cached, visitor will always see correct page regardless of which server he is connected to.
It is really random and we cannot

Now, if one of your servers crash and IP address become unavailable, browser will choose another available IP address, therefor your visitors won’t see any downtime. Once crashed server come back online, browser will start serving pages using this server again.