ServePath Blog

Microsoft Windows 2008 Server is scheduled to be launched on February 27, 2008 and most hosting providers will not have it available to offer to their customers until some time in April 2008.

However, using the special “GoLive License” that Microsoft has created for hosting providers, ServePath can offer Windows 2008 Server NOW as a hosting solution.

ServePath, a Microsoft Certified Gold Partner and among the first hosting providers to provide Windows 2008 Hosted Servers, currently offers Windows 2008 Web and Standard editions. Pricing varies based on the number of processors, amount of RAM and the features required.

• Windows 2008 Web Edition is configured with IIS 7.0 and SMTP.
• Windows 2008 Standard Edition comes with Terminal Services Gateway, RDC, Application Server, Active Directory Domain Services, DHCP Server, DNS Server Windows Clustering and SMTP.

More information on ServePath’s Windows Server 2008 hosting can be found here. Be sure that you use promo code “ServePathWS08” (while available) to receive a Free Setup for your new Windows 2008 Server account. You can save between $250 to $1000 on the setup costs. Also be sure that you tell your sales representative that you heard about this offer from the blog! Call Sales at 1-866-321-PATH (1-866-321-7284).

Touted to be a revolutionary upgrade, Windows 2008 Server includes:

• Web
  • Internet Information Service 7.0 (IIS 7.0)
  • Hosting of Applications and Services
  • Management and Lower Infrastructure Costs
• Virtualization
  • Hyper-V Server Virtualization (not available at launch)
  • Terminal Services Presentation Virtualization
• Security
  • Network Access Protection
  • Read-Only Domain Controller
  • Active Directory Rights Management Services
• Solid Foundation for Business Workloads
  • Management
    • ServerManager
    • Windows PowerShell
    • Power Management
    • High Performance Computing
  • Reliability
    • ServerCore Installation Option
    • Next-Generation Networking
    • Failover Clustering
    • Dynamic Hardware Partitioning

Learn more about Windows 2008 Server at the Microsoft Windows 2008 Server Launch Site. Order your Windows 2008 Server Hosting Package from ServePath by calling 1-866-321-PATH (1-866-321-7284).

We are well into February 2008 now and people should have fully recovered from the 2007 holiday madness. So what better way to remember the holidays than to note some of the results of our 2007 charitable contributions.

ServePath participated in 2 notable drives, namely the San Francisco Food Bank and the Toy Bin Drive with the City of Dreams. We also hosted an employee charity basket raffle where we ended up actually contributing funds to 6 other charities!

San Francisco Food Bank

About the SF Food Bank: “We collect donated food from growers, manufacturers and grocers, then distribute it to people in need through food pantries, soup kitchens, child care centers, homeless shelters, senior centers and other human service agencies with meal programs. All in all, we will distribute 28 million pounds of food this year to hungry people in San Francisco.”

ServePath organized a corporate food drive program where employees were encouraged to bring in items as specified.

The Results: More than 300 organization in San Francisco participated in the Food Drive, resulting in more than 132,133 pounds of food and $133,919 for holiday meals and winter food distributions.

ServePath contributed 218 pounds of food which equated 170 meals!

City of Dreams – Toy Bin Drive

About City of Dreams: City of Dreams created a youth development and mentorship program specifically for At Risk Youth. We provide caring mentorship in group settings and one-to-one matches, designed to help young people understand the value of staying in school and avoiding teen pregnancy, drugs, and gangs.

The Toy Bin drive was set up to provide a way to “sponsor a child’s dream.” Children listed out their “dreams” (aka gifts) and contributors could fulfill those dreams. At ServePath, the drive consisted of employees donating new/unopened toys.

ServePath had 50% of the employees contributing to this drive which gave multiple donations to over 15 children!

ServePath Charity Baskets

One of the more exciting charity programs that really got tremendous outpouring from employees was the Charity Baskets.

The setup: Each ServePath department is given $250 to buy items for a raffle gift basket. Then, employees can buy tickets for the raffle of the basket of their choice. Each ticket cost $1.

The Charities:

• Larkin Street Youth Program – (SALES) – iPod Touch and Accessories
• Children’s Hospital of Oakland – (ADMINISTRATION) – Digital Camera and Accessories
• Association of Retarded Citizens of San Francisco – (MARKETING) – SouthWest Airlines voucher
• Marine Mammal Center – (SERVICES) – Nintendo DS Lite and Accessories
• Second Harvest Food Bank – (ENGINEERING) – Star Wars toys
• Sisters of the Missions of Charities – (OPERATIONS) – City Pass voucher

The Results:

The raffles where held at the annual Holiday Party. (I actually won the Marine Mammal Center prize – a Nintendo DS Lite which went to my daughter). A total of $1692 for all the charities was collected. Below is the breakdown:

• Larkin Street Youth Program – (SALES) – $491
• Children’s Hospital of Oakland – (ADMINISTRATION) – $364
• Association of Retarded Citizens of San Francisco – (MARKETING) - $221
• Marine Mammal Center – (SERVICES) – $205
• Second Harvest Food Bank – (ENGINEERING) – $205
• Sisters of the Missions of Charities – (OPERATIONS) – $205

All in all, it was a very successful and charitable 2007 Holiday Season!

At the last SF New Tech meetup, Paul Lancaster, Major Accounts Manager for ServePath, was interviewed by vator.tv. An innovative new service, vator.tv:

… is a catalyst for innovation. It is a professional network and marketplace for ideas and businesses. Anyone, across all industries, at any stage, can share ideas, products, services and businesses with the rest of the world, mainly through video.

I took some photos of the interview of Paul by vator.tv. It was great seeing the “behind the scenes” and believe it or not, Paul did his pitch in one take!

[View within vator.tv's site]

We plan on having John Keagy, CEO and Founder of ServePath, on vator.tv in the near future, so look for it!

Today I attended an event put on by SVASE, an organization “empowering entrepreneurs to realize their vision,” that had a very pertinent topic for Web 2.0 companies and start-ups. The topic was understanding how to validate whether your value proposition meets the need of a demanding market.

IT was a “round table” discussion headed by a 3 person invited panel. Jonathan Cobb, Founder and CTO of Kiptronic, was a member of the 3 person panel. (Kiptronic is a hosting client of ServePath’s.) The other two members of the panel were Skip Glass (Operating Partner of Foundation Capital) and Julie Wainwrite (former CEO of Pets.com, Reel.com, Bellamax, and Berkeley Systems).

The discussion was lively and very engaging, with seasoned and new entrepreneurs asking and answering questions. What I have compiled below is a list of 15 items that stood out in the discussions as offered by the panel members.

1. Listen to your customers
2. Have metrics showing how your compare to others in the same or similar market in a measurable way (like price per click or similar measurement)
3. Get some market research done for unbiased analysis
4. Be sure to evaluate the size and magnitude of the problem
5. Test your proposition with people who don’t have a vested interest
6. Don’t underestimate the number of people who will want to help you
7. Release your product early, release it often
8. Don’t go for a media/press push until your product, company and team are honed and fine tuned
9. Best way to kill a BAD product is with GOOD advertising
10. Skew your offering towards your largest target market; don’t try to hit everyone
11. People want to associate with a group; understand that group
12. Read any early adopter feedback through a lens or filter
13. Consider channel deals as they may be less expensive and faster to market
14. When finding a VC, build up a stellar advisory board of leaders; it will add value to your proposition
15. Find a good hosting provider, like ServePath, when you are ready to go to market (Ok, I added that one myself, sorry)

Here are some photos from the event.

The Panel (Left to Right) – Skip Glass, Jonathan Cobb and Julie Wainwrite

The Roundtable – at DLA Piper

ServePath client – Jonathan Cobb (Founder/CTO – Kiptronic) & Steven Buelow (Servepath)

More photos of this event can be found on the ServePath Flickr set.

Another solid SF New Tech meetup took place last night at Mighty in San Francisco, and once again, ServePath was there, and, as a sponsor. Companies doing demos included: Utterz, Triggit, Blogbard, ClickTale, Tripit and YowTrip.

A full photostream is now live on Flickr and here are some highlights.

Myles Weissleder (founder of SF New Tech) getting ready for the demos

Paul Lancaster & Steven Buelow (ServePath) talking to Devin Holmes (Startupers.com)

Denise Vardakas (TheConversationGroup) and Alexandre de Boni (ServePath)

Harris Loeser (ServePath) & Zach Coelius (Triggit – a ServePath customer)

A captivated audience

Zach Coelius (CEO – Triggit) giving a very impressive demo of the technology

Paul Lancaster gets interviewed by Vator.tv

Paul talks with Meliza Solan (Associate Producer – Vator.tv)

After a successful interview!

Check out the rest of the photos on Flickr.

Note: this post has been updated slightly to correct some minor errors. Also, commands may have been improperly formated due to WordPress’s treatment as such. Converted now to “code” formating.

1. Software Firewall – For security purposes, the software-based firewall that is included in all freshly deployed dedicated server operating system has been enabled and configured to allow on the minimal amount of connectivity required for you to access and configure your server. For Linux/UNIX users, this means that port 22 is permitting SSH connections. Port 80 (HTTP/Web) and port 443 (HTTPS/SSL Web) have been opened to allow all standard web traffic. In addition, the required ports for control panel access have been opened if you have ordered a control panel from ServePath. Finally, ICMP Ping has been permitted to allow our monitoring services the necessary access to aid in managing out network.

2. File Permission – There are certain files whose presence in the Linux file system can present a security risk and should be remedied as soon as possible. When the SUID (set user ID) or SGID (set group ID) bits are set on an executable, that program executes with the UID or GID of owner of the file as opposed to the user executing it. This means that all executables with SUID bit set and are owned by root are executed with the UID of root. This situation is a security risk and should be minimized unless the program is designed for this risk. To find all files on your file system that have the SUID or SGID bit set, execute the command:

# find / -path /proc –prune –o –type f –perm +6000 –ls

It is good practice to generate a list of SUID or SGID files on your server as soon as possible and re-run the above command on a regular basis to ensure new binaries with unsafe permissions are not being added to your server. World-writable files are a security risk as well. World-writable files and directories are dangerous since it allows anyone to modify them. World-writable directories allow anyone to add or delete files. To find all world-writable files and directories, execute the command:

# find / -path /proc –prune –o –perm -2 ! –type 1 –ls
 # find / -path /proc –prune –o –perm -2 ! –type l –ls

Another file permission issue is when files are not owned by any user or group. While this is not technically a security vulnerability, an audited system should not contain any unowned files. This is to prevent the situation where a new user is assigned a previous user’s UID so that the previous owner’s files, if any, are all owned by the new user. To find all files that are not owned by any user or group, execute the command:

# find / -path /proc –prune –o –nouser –o –nogroup\
 # find / -path /proc –prune –o –nouser –o –nogroup

3. Listening Ports – It is very important to ensure that all listening ports on your server are limited to only those that are necessary for you’re your server and its applications. To get a list of listening network ports, run the following command:

# netstat –tulp

Disable any ports that are not necessary. To do so, kill the PID (process ID) shown by netstat. The only port that your server must be listening on is SSH (port 22/tcp). Other ports that will need to be listening depend upon the specific purpose of your dedicated server. Note that by killing the PID of the process you are not preventing your server from starting the same service again on bootup. In order to see what programs your server is launching on startup, execute the following command:

# chkconfig –list |grep on (Red Hat systems)
 # chkconfig –list | grep on (Red Hat systems)

# ls -l /etc/rc2.d/S* | cut -d/ -f6 (Debian systems)

This command will show you which programs are to be executed in which run levels. In Red Hat, full multi-user mode is 3. To disable a service permanently, issue the following command:

# chkconfig <service_name> off where <service_name> equals the name of your service, such as httpd

To disable any service in Debian, simply execute the following command:

# rm –f /etc/rc2.d/S*<service_name>

Please note that the above commands do not actually disable the service, they simply prevent the service from being executed on startup.

4. Unlocked User Accounts – The first thing you should take stock of on a new server are the users with unlocked accounts. Users with unlocked accounts are allowed to login if assigned a valid shell, and should be kept to a minimum. To get a list of unlocked users, execute the following command:

# egrep –v ‘.*:\*|:!' /etc/shadow|awk -F: '{print $1}'
 # egrep –v '.*:\* | :!' /etc/shadow | awk -F: '{print $1}'

If you do not recognize any user returned by the above command, check to see if that user owns any files by executing the command:

# find / -path /proc -prune -o -user <user_name> -ls where <username> is the name of the user you do not recognize, such as jdoe

If the user does not own any files, or files that will not hinder the stability of your server, delete the user by executing the command:

# userdel –r <user_name>

5. Enable/Disable Features – All of the following lines and values should be added to the file /etc/sysctl.conf if you want to enable or disable the feature mentioned. You will need to restart your system for these changes to take effect:

6. Basic Access Control – One of the most important things you can do to protect your server is to implement very basic access control. Access control can eliminate a majority of the risk involved in running out of date services on the Internet. In order to implement an effective access control policy on your dedicated server, you will need the following pieces of information: The IP address or addresses of your Internet connection. For some, this may be one static address, while for others it is a pool of addresses. If you have more than one Internet connection, please be sure to get ALL the IP addresses you could be assigned at any time. You may need to contact your Internet Service Provider for this information.

7. Restrict SSH Connections – While we do not recommend anybody running outdated software, especially something as crucial as SSH, a not insignificant portion of the risks involved in running an outdated SSH server can be mitigated by only allowing certain IP networks to access your SSH server via iptables. Execute the following command to only allow SSH connections from certain IP address:

# $IPTABLES –A INPUT –p tcp –dport 22 –s <X.X.X.X/NN> –j ACCEPT

The above line will allow TCP packets destined for port 22 to be accepted if and only if the source of the packets are within the network denoted in <X.X.X.X/NN>. If you have more than one Internet connection, or have multiple networks, simply add another line, replacing <X.X.X.X/NN> with the proper values.

8. Access Control on Control Panel – If your server is running a control panel, you can also improve your security by implementing an access control policy on the control panel administrative port.

Plesk:

$IPTABLES –A INPUT –p tcp –dport 8443 –s X.X.X.X/NN –j ACCEPT

Ensim:

$IPTABLES –A INPUT –p tcp –dport 19638 –s X.X.X.X/NN –j ACCEPT

Cpanel:

$IPTABLES –A INPUT –p tcp –dport 2082 –s X.X.X.X/NN –j ACCEPT

9. Access Control on FTP – Another service you may want to implement an access control policy on is FTP. If you or a small handful of people are the only allowed users to FTP into your dedicated server, then you will certainly benefit from employing some iptables rules by entering the commands:

$IPTABLES –A INPUT –p tcp –s X.X.X.X/NN –dport 20 –syn –j ACCEPT
 $IPTABLES –A INPUT –p tcp –s X.X.X.X/NN –dport 21 –syn –j ACCEPT

Note that both of the above lines must be executed for each source network.

10. Enable IPTABLES – Lastly, if you do not have a hardware firewall you will want to enable iptables, the software firewall in Linux systems. For a detailed iptables tutorial from ServePath, please visit our Support Center pages at: http://www.servepath.com/support/iptables.htm.

Hope that helps you get your Linux Server get even more secured! For other helpful tips like this, be sure to visit the ServePath Knowledge Base.

It’s that time of month again. Time for the glorious SF New Tech Meetup, a ServePath sponsored event. There are two subjects at hand: “Pimp Out Your Blog!” & “Take a Vacation!” which definitely sounds like an interesting combination (I may take some tips for pimping my blog…can’t afford a vacation right now).

So if you had a good time last week at the SF New Tech Belly Up or at last month’s SF New Tech, I encourage you to come to this month’s Meetup.

This Meetup is at the Mighty (located at 119 Utah @ 15th Street in San Francisco). Date & Time: Wednesday, February 13th, 2008 @ 6:30pm.

Here are the companies taking advantage of the 5 Minute Demos (and if you don’t know what this is, essentially you are given 5 minutes for an elevator pitch and demo on your company or service) – descriptions taken from the Meetup page (thanks Myles):

PIMP OUT YOUR BLOG!

Utterz
Randy Corke & Simeon Margolis, Co-Founders
Utterz is the first way for you to instantly share your thoughts and experiences with the world — or just your friends — using all the capabilities of your cell phone; voice, video, pictures and text.

http://www.utterz.com

Triggit
Zach Coelius, CEO
Triggit is a brand new web application allows you to place media and ads on your blog with simple clicks and drags.
http://www.triggit.com

Blogbard
Manoj Bist, Founder & CEO
Blogbard is a browser based product that turns any blog to a personalized radio.
http://www.blogbard.com

ClickTale
Tal Schwartz, PhD, Co-Founder & CEO
ClickTale captures and analyzes customer interactions inside web sites, revolutionizing traditional web analytics that measure activity between pages.
http://www.clicktale.com

TAKE A VACATION!

Tripit
Gregg Brockway, Co-Founder & CEO
TripIt is a personal travel assistant that automatically organizes all your travel plans.
http://www.tripit.com

YowTrip
Felipe Coimbra, Founder & CEO
YowTrip is a social network site that connects you with other world travelers in your town or wherever you’re traveling.
http://www.yowtrip.com

And, if you feel up to it, you can take your chance at the 60-Second Soapbox.

Look for the ServePath table at this event. Also, I will be roaming the crowds taking pictures. Find me and give a good pitch on your company or service and I might write it up on the ServePath blog.

Hope to see you there!

While, unfortunately, I wasn’t able to attend last night’s SF New Tech Belly Up at Mars Bar, others from ServePath, a sponsor, were there and we got a few photos. Turnout was pretty high (over 100 people) showing up.

Without further ado, here are some snapshots.

Marko Gargenta (Marakana), Meli James (Nirvino) & Noel Chandler (Mosio)

Steven Buelow and Paul Lancaster (ServePath) at old ServePath building

Pascal Guinchard, Erin Clark (Eastridge Infotech) and Steven Buelow

Not sure who these guys are (anyone?)

Justin Kitagawa (ServePath), a guy from “down under” and Paul Lappas (ServePath)

Paul Lancaster (ServePath) and Liz Dizon (Doppleganger)

Pictures are also viewable on Flickr for all events and other photo ops. This event is here.

Hope to see some of you at next week’s SF New Tech meetup “Pimp Out Your Blog and then Take a Vacation”!

Have you ever simply forgotten your password to your server or had someone change a login without you knowing it? Passwords seem to be the bane of my existence. I seem to have passwords of varying levels of complexity, based on the sites or machines that I am managing and my brain is not growing any younger. I simply cannot remember them all. So, if you are in that situation, we can now help (assuming you are a ServePath customer, that is).

The Professional Services Team at ServePath has been hard at work trying to better your experience as a customer (or potential customer). Professional Services can help with a wide variety of challenges, including:

• Web Server Configurations
• Custom Backup/Recovery Solutions
• Emergency Data Recovery for Downed or Compromised Servers
• Consultative Services

One of these items is that of Password Recovery. In the past, this type of Professional Services request incurred a minimum charge (typically starting around $150 and billed hourly thereafter). Now it is being offered for FREE! But before you try getting “unlocks” on all of your servers, here is some important information about this service:

• You MUST open a standard Support Case or Professional Services Case to start the process — this should be done through your My.ServePath.com Customer Portal
• Previously $150/hr, the INITIAL attempt using a variety of tools and procedures, is now considered a “value-added” service and is FREE — this initial attempt works without “undue complexity or time being spent”
• Should the initial attempt fail or have additional complexities, you can still proceed down a recovery path. However, this process is considered “paid consultation” and will incur hourly charges from Professional Services.
  • If successful, you are billed the amount of time spent to recover your password
  • If unsuccessful, you are only billed the minimum 1 hour charge of $150

The Professional Services Team’s toolsets and experience now allow for password recovery or resets on just about any Operating System that ServePath offers, and typically within minutes of attempting. Just be sure that you initiate the process with a Support or Professional Services Case in order to authorize the procedure.

So don’t fret…let ServePath’s Professional Services Team save the day!

Mars Bar in San Francisco will be hosting the next SF New Tech Belly Up Meetup on Wednesday, Feb 6th at 7:00 PM.

This is one of those events that is a bit less “structured” in nature, unlike the plain ol’ SF New Tech Meetup that has formalized product demos and mini-demos. The Belly Up is all about just bellying up to the bar, throwing down a few drinks, and getting up the courage to give your elevator pitch on your company or service.

It’s like all the other meetups, just without the pressure! To quote:

“SF New Tech “Belly Up” is shaken, not Stirred. It’s more SF Alpha than SF Beta; more TechCream than TechCrunch.”

All you have to do is RSVP and show up. No cost aside from your bar tab! A few people from ServePath will be there so look for us!