Support Helpdesk

Latest Updates
Apr
8
Security Advisory: Important OpenSSL Security Vulnerability
Posted by Kevin Stange on 08 April 2014 06:57 PM

A vulnerability has recently been disclosed in OpenSSL which affects all systems running CentOS 6.5 or Debian 7 "Wheezy."  This vulnerability is serious and may allow a remote user to discover the private key for any SSL certificates used with a service powered by OpenSSL.  This typically includes most web servers, control panels and mail servers running on Linux.

This vulnerability has existed for over two years in OpenSSL.  CentOS did not include a vulnerable version of OpenSSL until the 6.5 release, which became available on December 1st, 2013.  Debian 7 has included a vulnerable version of OpenSSL since it was released on May 4th, 2013

This issue is known as the "heartbleed" bug.  Further technical information may be found at the Heartbleed information site.  It has been assigned the ID CVE-2014-0160 in the Common Vunerabilities and Exposures database.

Users of CentOS 5 and Debian 6 "Squeeze" are not affected.  Windows servers do not use OpenSSL by default.  You may wish to check any third-party software you have installed for bulletins and updates, if applicable.

CentOS and Debian have patched this vulnerability as of April 7th, 2014.  To completely patch this vulnerability, you must update your OpenSSL package and then restart all services that use OpenSSL.  Please review the following directions for your installation below.

Important: As this vulnerability has existed for a long time and it is not possible to know whether it has been exploited, you should use your control panel or OpenSSL tools to generate a new private key and certificate request for each certificate you have on your server.  Then, use the "re-key" feature at your SSL certificate provider to generate a new certificate based on the new CSR file.  If your SSL private key was able to be downloaded through the exploit, someone on the Internet might be able to view encrypted data when it is transmitted to or from your server or fool users into using a fake web site with your actual SSL certificate on it.  You should not publish a new certificate until after you have applied the fix for your system.

CentOS 6.5

To check which version of OpenSSL is installed, run the following command:

rpm -q openssl

The version number should be greater than or equal to 1.0.1e-16.el6_5.7

The notable number to look for is the ".7" at the end.  If the last number is not 7 or higher, you will need to upgrade.  If your version does not match, please run the following command and ensure an update to the openssl package is included:

yum -y update openssl

If no update is available, please try the following commands, then repeat the command above:

yum clean metadata

After the upgrade processes, you should restart your web server and any other services for which you have enabled SSL certificates.  For example, to restart your web server, you can run the following command:

service httpd restart

If you have a control panel, you should step through each service listed in the "Services" area of the control panel and restart them one by one.  If you have any doubts about which services to restart, we recommend restarting your entire server.  You can do this by running the command:

reboot

Red Hat published the following advisories regarding this vulnerability:

  • https://access.redhat.com/security/cve/CVE-2014-0160
  • https://rhn.redhat.com/errata/RHSA-2014-0376.html

Debian 7

To check which version of OpenSSL is installed, run the following command:

dpkg -l openssl

The version number should be greater than or equal to 1.0.1e-2+deb7u6

The notable part to look for is the "+deb7u6" at the end.  If the last number is not 6 or higher, or the part after "+" is missing, you will need to upgrade.  If your version does not match, please run the following command and ensure an update to the openssl and libssl1.0.0 packages are included:

apt-get update
apt-get install -y openssl libssl1.0.0

After the upgrade processes, you should restart your web server and any other services for which you have enabled SSL certificates.  Debian will list services that appear to need to be restarted.  It is recommended that you accept the default list.

If you have a control panel, you should step through each service listed in the "Services" area of the control panel and restart them one by one.  If you have any doubts about which services to restart, we recommend restarting your entire server.  You can do this by running the command:

reboot

Debian published the following advisory regarding this vulnerability:

  • https://www.debian.org/security/2014/dsa-2896

If you have any questions or need assistance performing these upgrades, please contact us and we'll be happy to help.


Read more »



Apr
7
chi02 Power Maintenance
Posted by Kevin Stange on 07 April 2014 07:36 PM

Digital Realty has scheduled a major power maintenance for our chi02 data center (350 E Cermak Rd, Suite 240 West, Chicago).  This power maintenance is not expected to be disruptive due to the improvements made during the work completed last fall.

Date: Saturday, July 26th through Sunday, July 27th, 2014
Start Time: Saturday at 7:00 AM CDT (GMT -5)
End Time: Sunday at 12:00 PM CDT (GMT -5)
Maintenance Scope: Power Systems in Suite 240 West (chi02)

Customer Impact:

This maintenance will involve transferring all data center electrical load over to generator, then shutting down the UPS and utility power systems completely for de-energized maintenance.  During the maintenance, the PDUs will be set to bypass all of the systems being shut down, and will remain online.  They will be inspected using infrared technology to validate that they are operating properly.  If any problems occur, maintenance will be stopped and all systems restored to normal operation.

There is NO planned power interruption for any customers, however due to the temporary removal of redundancy, it is possible for a fault of the generator or a breaker could cause one or more PDUs to be interrupted.  Using A+B power redundancy in your cabinet reduces the risk of an interruption due to a fault.  Dedicated server and shared colocation customers in chi02 are already served by redundant A+B power.

chi02 hosts the Chicago core network, so in the event of a catastrophic failure, it is possible that the network connectivity for Chicago could be interrupted.  Facilities outside of Chicago should be unaffected.

If you have any questions or concerns about this maintenance, please contact us via our helpdesk or by email.


Read more »



Apr
7
Planned Maintenance: oob-1.chi02 Software Upgrade
Posted by Manny Reyes on 07 April 2014 03:02 PM
We will be conducting maintenance on our Out-of-Band network switch in our chi02 facility.  The maintenance that will be performed is to correct a stability issue.

Date: Sunday, April 13th 2014
Start Time: 1:00 AM CDT (GMT-5)
End Time: 3:00 AM CDT (GMT-5)

Maintenance Scope: Upgrade our out-of-band switch JunOS Software.   The switch oob-1.chi02 currently handles the routing functionality for our customer support systems and our phone system.

Customer Impact: During the upgrade to new software there will be loss of network connectivity for our customer support applications, but this will not affect customer production traffic. The phone system will also be unavailable during this outage.

The maintenance is expected to take between 20 to 30 minutes with intermittent periods of downtime during the maintenance window.

This maintenance will not affect any customer equipment or services.

If you have any questions regarding this maintenance, please feel free to contact us in response to this email at noc@steadfast.net.
Read more »



Apr
2
Management Portal Upgrade
Posted by Kevin Stange on 02 April 2014 06:11 PM
We have scheduled a minor upgrade to our management portal. This upgrade fixes a number of minor bugs that have affected back-end management. There are no customer-facing changes.

Date: Tuesday, April 8th, 2014
Start Time: 1:00 PM CDT (GMT -5) 
End Time: 2:00 PM CDT (GMT -5) 
Maintenance Scope: Management Portal at https://manage.steadfast.net

Customer Impact:

No customer services or systems will be impacted. Access to billing, bandwidth graphs, remote reboot control and account management will be unavailable at points during the maintenance period. We do not expect this upgrade to require the entire maintenance period.

If you have any questions, please feel free to contact us via our helpdesk or by email.
Read more »



Mar
22
Planned Maintenance: Core Router move in NYC
Posted by Jose Madrid on 22 March 2014 01:09 PM
We will be conducting maintenance on our core routers in 111 8th Avenue, New York City. 

Date: Saturday, March 22, 2014
Start Time: 10:00 PM CST (GMT-5)
End Time: 4:00 AM CST, Sunday, March 23, 2014 (GMT-5)
Maintenance Scope: Core Routers being physically moved in NYC for NYC16
Location: New York
Customer Impact: Possible Period of suboptimal routing

We will be relocating our core routers at 111 8th Avenue due to our provider changing suites.  We will be shutting down one router at a time, completing the move and bringing it up in its new location.  This work is necessary as our provider is requiring it due to a physical move on their part. 

We expect the customer impact of this maintenance to be minimal, though some brief periods of localized inaccessibility and suboptimal routing may occur. While the work itself may only take a few minutes of configuration, we are allowing extra time to allow for extensive testing. This will give us the ability to ensure that no further issues will occur. 

If you have any questions regarding this maintenance, please feel free to contact us in response to this email at noc@steadfast.net.
Read more »