Knowledgebase : Hosting

If you tried to RDP to your server and you encountered the following message which you will not be able to login to the server.

“An authentication error has occurred.
The function requested is not supported.

Remote computer:
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

  

This message is shown due to your local machine, most likely has the latest Windows update installed for CredSSP updates, CVE-2018-0886 but your server does not have the relevant update install. 

For more information about the CredSSP update, kindly visit this url > https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

You will need to install the Windows update for CredSSP so that the message will not appear however to do that, you will need to use the current workaround on your local machine so that you can gain access to the server: 

  1. Press the Windows icon on the bottom left of the task bar.
  2. Type "policy editor" (without the quotes) and under the "Best match" section, select "Edit group policy".

 

  1. Click on "Computer Configuration" > "Administrative Templates" > "System" > "Credentials Delegation" and double click on "Encryption Oracle Remediation". 

  1. Click on "Enabled" checkbox and under "Protection level", click on the drop down menu and select "Vulnerable" and select "OK". 

 

  1. Attempt to RDP to the server and you should be able to do so without encountering the message.
  2. Then proceed to install Windows update for CredSSP in the server. 
  3. Once you have installed the update for CredSSP in the server, do step 1 to 4 again. However instead of choosing "Vulnerable" at step 4, choose "Not configured" which will set it back to default.

There is no RDP/SSH access to the server for shared hosting.

However for our VPS/Cloud/Dedicated Server, you can access the server through RDP or SSH.

  • VPS is a virtual server which is usually a part of a physical servers but has its own share of resources which are not shared by other VPS. Each VPS customer gets their own secure disk space, bandwidth, file system and process space, without sharing CPU load or applications with any other user on the VPS system.
  • Dedicated is a physical server and the resources of the machine are not shared with anyone else. Dedicated server mainly is for users who require more resources then VPS and seeking to upgrade to a physical platform. Dedicated servers provide you the full control over your server for its use. Like a VPS, you may choose the operating system or compatible software of their choice which is most appropriate for your business.
  • VPS is a virtual server on a physical server and local storage. If the server or its components like harddisk or memory fails, there will be replacement time be as per our hardware SLA.
  • The advantage of cloud server is that you have all the scalability, redundancy and performance and able to maintain your own private virtualized environment similar to that of a dedicated server. Cloud offer better redundancy for example, in the event the server components like processor, network card, memory or harddisk fails the backup components will take over and it will be transparent to the end user.

 

Due to the nature of (CMS) Open Source Content Management Systems like Wordpress and Joomla, although easy to use and customize they are very prompt to being hacked. Many users are usually not even aware they are using compromised themes and plugins when designing their CMS sites. Therefore causing their sites to be targeted. While our servers are properly hardened and secured, we will not have control over the security and software that customers upload or install on our servers.

Kindly refer below for the cleanup guide should your site be targeted and has been compromised.

 

  1. Clean out everything in the account (some files might have security issues)
  1. Install brand new latest version CMS (Wordpress/Joomla) in the account. 
  1. Set a different password (Control Panel/FTP/CMS/Database) and change it regularly.
  1. Scan your PC/Laptop for any infections.

 

These links can confirm that the site is truly hacked.

(Wordpress/Joomla)

https://sitecheck.sucuri.net/

http://www.unmaskparasites.com/

 

Backup the whole works database and files.

(Wordpress)

http://codex.wordpress.org/WordPress_Backups

http://codex.wordpress.org/Backing_Up_Your_Database

http://codex.wordpress.org/Restoring_Your_Database_From_Backup

(Joomla)

https://docs.joomla.org/Backup_Basics_for_a_Joomla!_Web_Site

https://phpmyadmin.readthedocs.org/en/latest/faq.html#how-can-i-backup-my-database-or-table

 

Give these a good read if you haven't already.

(Wordpress)

http://codex.wordpress.org/FAQ_My_site_was_hacked

http://wordpress.org/support/topic/268083#post-1065779

http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

http://ottopress.com/2009/hacked-wordpress-backdoors/

(Joomla)

http://forum.joomla.org/viewtopic.php?f=621&t=582854

https://docs.joomla.org/Security_Checklist_7

 

When you've successfully deloused your installation consider protecting and hardening it by going through official vendor references below.

(Wordpress)

http://codex.wordpress.org/Hardening_WordPress

(Joomla)

https://docs.joomla.org/Category:Security_Checklist



There are some 3rd party hardening tools which could aid in simplifying the process. However please note 3rd party applications provided below are for references only and support should be requested from the respective 3rd party vendors. APC takes no responsibility arising from using these tools which could cause but not limited to lost of data, corrupted databases and other issues related to usage of said tools.

(Wordpress)

https://wordpress.org/plugins/wordfence/

https://wordpress.org/plugins/gotmls/

(Joomla)

http://extensions.joomla.org/extensions/extension/access-a-security/site-security/admin-tools

One of the most popular question people asked when getting their hosting service is: Should I get Windows hosting or Linux hosting. Many of the hosters are unclear on those two types of hosting.

The only difference lies in the requirement of the site you want to host.

Requirement

Most of the windows hosting provider will provide you support for scripting langauage like ASP and database like MSSQL whereas most of the linux hosting providers will provide you support for scripting language like PHP and database like MySQL. If you need to use ASP or any .NET services, choose Windows server. However, do not be mistaken as you can run PHP scripting on a Windows server as well.

On the other hand, if you just need to use PHP, you can just get a Linux server for your hosting. If you don’t need to use any scripting languages, then you can freely choose between any of the two hosting platforms.

Cost

Another common question customers might ask is: Why is Windows hosting more expensive than Linux hosting? The answer is simple. Linux hosting is always cheaper as compared to Windows hosting due of the additional Windows licensing fee required. Also most of the sofwtares used on linux servers are open source that is free, thus making Linux hosting a cheaper alternative to Windows hosting.
Copyright © APC Hosting Pte Ltd. All Rights Reserved.