BitFolk Announcements

announce@mailman.bitfolk.com

1 participants
265 discussions

BitFolk's DNS resolvers are currently blocked from querying URIBL

by Andy Smith

Hi, I noticed that as of at least yesterday, BitFolk's DNS resolvers are blocked from querying URIBL¹. URIBL is a DNS-based blocklist of URIs mentioned in email spam. It is used by default in SpamAssassin and other anti-spam products. The usual reason for being blocked from querying URIBL is excessive query volume. Their web site mentions a figure of 100k queries per day. I've had a look at the usage from BitFOlk's SpamAssassin service² and the cluster is only checking about 7k emails per day. Possibly 7k emails expands to over 100k URIs to query, or possibly other customers are doing excessive DNS queries - anyone using BitFolk's resolvers to query will add to the count. I have asked URIBL for clarification of what the issue is. If the issue is query load then we will pay for a feed. Until that is sorted out you will unfortunately be unable to query URIBL usefully. It returns a value that SpamAssassin recognises as "query blocked". Cheers, Andy ¹ https://uribl.com/ ² https://www.bitfolk.com/customer_information.html#toc_2_SpamAssassin -- https://bitfolk.com/ -- No-nonsense VPS hosting

4 years, 9 months

Bitcoin payments not avaialable temporarily

by Andy Smith

Hi, TL;DR: Bitcoin payments are broken, hopefully fixed today or tomorrow. If you need to make a payment that way please wait a little bit. If your service will be terminated for non-payment please contact support for an extension until it's fixed. More detail: It seems that our bitcoind is crashing, I think because I made the mistake of running it as 32-bit (see repeated threads about the death of 32-bit) and it now needs to allocate more memory than a 32-bit process can. I could give it a 64-bit kernel but the bitcoind itself would still be 32-bit so I'd have to recompile it as well. I'm instead going to rebuild that host. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

4 years, 10 months

Rescue VM maintenance from 16:00Z today

by Andy Smith

Hi, At some point between 16:00Z and 17:00Z today I'm going to upgrade the rescue VM¹ image from Debian 9 (stretch, oldstable) to Debian 10 (buster, stable). This will only take a few seconds, but as the rescue VM is an NFS-mounted squashfs image, replacing the image will prevent all currently running copies of the rescue VM from functioning. If you are using the rescue VM at the time, you will start to see I/O errors on its on root filesystem and will have to kill it and start it again. At its next boot a new image based on Debian 10 will load. If you are or expect to be in the middle of something important with the rescue VM between 16:00 and 17:00 then let us know and we'll postpone the work. Cheers, Andy ¹ https://tools.bitfolk.com/wiki/Rescue -- https://bitfolk.com/ -- No-nonsense VPS hosting

4 years, 10 months

Intermittent packet loss between ~2153Z and ~2240Z

by Andy Smith

Hi, Briefly: At around 2153Z today we started receiving alerts for basically "everything" flapping up and down due to between 20 and 30% packet loss. In short, this was due to a distributed denial of service attack aimed at another customer of our colo provider. Around 2240Z they deployed some mitigation and hopefully we don't see any more issues. TL;DR: I'd only got as far as determining that it affected "everything" before it stopped again shortly before 2200. It then started up again around 2215 and I was able to see that it also affected our colo provider. I was able to make contact and they started investigating around 2215. There wasn't anything for me to do at this point except watch. It was a large UDP DDoS, random source and destination ports. At about 2240 they put in some mitigation. The degree to which you were affected during this time will vary based on how your legit traffic reached us (or didn't reach us). Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

4 years, 12 months

New installs of 32-bit guests are deprecated

by Andy Smith

Hi, I've added a warning to the Xen Shell "install" command that new installs of 32-bit guests are now deprecated, and pointing you to: https://tools.bitfolk.com/wiki/64-bit_guests Those of you with existing 32-bit guests, which I know is many of you, should be okay for a few years yet. Even after the Xen hypervisor officially ditches support for 32-bit guests we will ensure they are still bootable. But I would encourage you to choose 64-bit at your next install or operating system upgrade for an easier life. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

5 years

Reboots will be required for security patching, most likely 29/30/31 October

by Andy Smith

Hi, Some security issues have been found in the hypervisor software we use, which we have to fix as they can theoretically allow privilege escalation. They are under embargo until Thursday 31 October, so we will most likely do the work in the early hours of the morning (UK time) on 29, 30, and 31 October. As usual this will entail a clean shutdown of your guest and then a boot again 20–30 minutes later after the patching is done. Some time next week an email will go out telling you of the two hour window in which this work will take place for each of your VMs. If the assigned window is unacceptable to you, we can most likely move your VM to an already-patched host at a time of your choosing before 31 October. When the direct email comes to let you know of your maintenance window, if it's not acceptable then you can reply to it to open a support ticket and we will work it out. As usual, if you have opted in to suspend/restore then your guest will be suspended to disk and restored again instead of shutdown and booted. More info on that: https://tools.bitfolk.com/wiki/Suspend_and_restore For our own maintenance work we like to give more than 2 weeks of notice. Unfortunate when dealing with security issues there is an agreed embargo process and notice periods are much shorter. It is preferable that there is ~2 weeks of notice rather than a "0-day" exploit being unleashed. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

5 years

Switching to Prometheus+Grafana for graphing (away from Cacti)

by Andy Smith

Hi, A few customers have been testing this for a while now, and it's been a while since the last issues were addressed, so now seems like a good time to announce it. We're going to be retiring our Cacti instance¹ in favour of the new setup which can be found at: https://tools.bitfolk.com/grafana/ You all already have access to it. Those who are familiar with Prometheus and Grafana may be a little disappointed: this is not intended to be a full hosted instance, only a fairly locked-down replacement for what Cacti provides. I'm satisfied that it goes beyond the functionality and usability of Cacti, but it isn't like having your own setup and isn't intended to be. Everyone has a default dashboard exposing graphs similar to those provided by Cacti, plus a few more besides. The offer was always open for more of your metrics to be graphed by Cacti, but as of today only one customer was making use of that. The offer is still open for us to graph extra metrics from you if you wish. To do that you'll first need to install Node Exporter² and then send a support ticket. You'll then get an additional dashboard that looks like a bit like this: https://tools.bitfolk.com/grafana/dashboard/snapshot/fysbHKJGqJm3Fq6KmtqlRJ… Over the next week or two a wiki article for our Grafana will appear and any references to Cacti on our web sites and docs will start to disappear, except for a pointer to historical Cacti graphs. Update of Cacti graphs is going to be disabled very soon. Feedback on the service is still welcome of course, though the general approach is by now pretty much decided. Cheers, Andy ¹ https://tools.bitfolk.com/cacti/ ² Available as your usual kind of single Go binary from here: https://github.com/prometheus/node_exporter but also available in modern Debian (at least) as a package. -- https://bitfolk.com/ -- No-nonsense VPS hosting

5 years

Yet another Exim remote execution security bug (CVE-2019-16928)

by Andy Smith

Hi, Another serious bug has been found in Exim, which is installed by default on Debian and some other Linux distributions: https://seclists.org/oss-sec/2019/q3/253 The impact is remote execution as an unprivileged user, although it cannot be ruled out that there might be other routes to the same code running in a privileged context. If your distribution is still under security support then I expect they will push out new packages in the next few days. If not then you will need to upgrade it or rebuild the package. It's quite a simple fix. There's been no embargo this time, so attacks could be out in the wild already. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

5 years, 1 month

Installing CentOS 8 at BitFolk

by Andy Smith

Hi, TL;DR: Read this to learn how to install CentOS 8 https://tools.bitfolk.com/wiki/Installing_CentOS_8 Unabridged edition: Given that CentOS 8 was released a few days ago I had a look at adding its installer. Unfortunately it seems that CentOS 8 has dropped kernel support for PV-mode Xen guests, which are the only type of guests that BitFolk currently supports. It is therefore not possible to use the official CentOS installer or core kernel package at the moment. We are in the process of moving to PVH mode¹ guests, but that's not ready yet. It all works; the main difficulty now is supporting both modes without it being a terribly confusing user experience. In the meantime, it is pretty simple to install CentOS 8 from another Linux. This could be any distribution including an earlier version of CentOS, though I would suggest that doing it from the BitFolk Rescue VM² makes most sense as it's always available and runs from RAM. As the core kernel package of CentOS 8 also does not support PV mode guests, it is also necessary to enable ELRepo³ and install the kernel-ml package. Here is a transcript of me installing CentOS 8 from scratch by this method with full explanation of every step. https://tools.bitfolk.com/wiki/Installing_CentOS_8 Don't be put off by the massive amount of text here; the vast majority of it is command output which I have only included so you know what to expect. The only issue I have found with this method are some odd 1–2 minute pauses around creating initramfs / bootloader config. This only happens inside the install chroot and is probably something trying to probe and timing out. It appears to be harmless, just irritating. If you know what that is about or have any other improvements to make, please do edit the page⁴; it is a wiki. Cheers, Andy ¹ https://wiki.xen.org/wiki/Xen_Project_Software_Overview#PVH_.28x86.29 ² https://tools.bitfolk.com/wiki/Rescue ³ https://elrepo.org/tiki/kernel-ml ⁴ I would suggest refraining from adding purely optional things that are a matter of taste though, as otherwise the page will become incredibly long and opinionated. -- https://bitfolk.com/ -- No-nonsense VPS hosting

5 years, 1 month

Another serious Exim security bug - CVE-2019-15846. Make sure you're updated!

by Andy Smith

Another bad one for Exim: http://exim.org/static/doc/security/CVE-2019-15846.txt Please make sure you have updated/patched against this. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

5 years, 2 months

← Newer
1
...
5
6
7
8
9
10
11
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

BitFolk Announcements