Please be aware of the following maintenance work taking place at our US1 Fremont facility. All customers hosted in this facility will be affected.
Window Start Time: Wednesday, May 11th, 12:01am PDT
Window End Time: Wednesday, May 11th, 12:30am PDT
Expected Impact: Two brief impacts during the window totaling less than 5 minutes
Reason: Switch software upgrades to improve security and stability.
Customers in our other data centers will not be affected.
Please be aware that installing an operating system from an ISO is only available on our KVM platform. If you have an OpenVZ service, please order a KVM VPS if needed. It is not possible to migrate from OpenVZ to KVM, you need to order a new machine.
Be aware ISO installers are likely to overwrite your existing VPS data. Take a backup of anything important on your VPS as it may be wiped.
Please take a note of your network config before starting your installation. You’ll need to note down your IP address, subnet mask and gateway. These are configured automatically for our standard Linux distributions but if installing an operating system from an ISO you may need to configure your network settings manually during the setup process.
ISO installation is provided as-is and we cannot provide any support in relation to the operating systems themselves.
Here’s a little about ISOs from Wikipedia:
An ISO image is an archive file of an optical disc, a type of disk image composed of the data contents from every written sector on an optical disc, including the optical disc file system. ISO image files usually have a file extension of .iso. The name ISO is taken from the ISO 9660 file system used with CD-ROM media, but what is known as an ISO image might also contain a UDF (ISO/IEC 13346) file system (commonly used by DVDs and Blu-ray Discs).
ISO images can be created from optical discs by disk imaging software, or from a collection of files by optical disc authoring software, or from a different disk image file by means of conversion. Software distributed on bootable discs is often available for download in ISO image format. And like any other ISO image, it may be written to an optical disc such as CD or DVD.
In reality the name ISO is a bit of an anachronism, as nowdays with disk images and virtualization they have little to do with physical CD ROMs!
Our platform allows you to mount an ISO so it behaves like it was a CD ROM that is connected to your VPS. You can then boot from that ISO and install anything on your VPS. This means you can run a wide variety of operating systems on BHost.
We have the following ISOs available to install. If your desired operating system is not present on this list, please log a ticket with support providing a URL to the ISO so we can make it available to you.
If you want to install your OS from an ISO, you should go into your services, and click “Manage Server” for the machine you’d like to configure.
On the CDRom tab, select the ISO you’d like to use, and click Mount:
On the settings tab, change the boot order to ensure the CD ROM (ISO) is booted first, followed by the hard disk:
Reboot the virtual machine and the machine will boot from the CD ROM / ISO. You can then follow the installation instructions for the specific operating system.
BHost currently offers two virtualization technologies for your virtual machines – OpenVZ and KVM. For many users it makes little difference which technology you use. However, there are differences between the two systems which are explained here.
OpenVZ is is a linux based virtualization platform based on the Linux Kernel. OpenVZ allows a physical server to run multiple isolated operating system instances known as containers. OpenVZ can only run linux based operating systems such as CentOS, Fedora, Ubuntu or Debian.
KVM is a hardware virtualization technology. This means the main OS on the server simulates hardware for another OS to run on top of it. It also acts as a hypervisor, managing and fairly distributing the shared resources like disk and network IO and CPU time.
With OpenVZ, you can change your plan (e.g. to get more memory or disk space) and you’ll instantly have your new system resources. On KVM, you’ll need to reboot your virtual machine for the change to take effect.
OpenVZ only supports Linux. KVM can operate Linux as well as other operating systems such as Windows or BSD. We are primarily a Linux VPS provider but we do allow installation of FreeBSD and offer Windows machines on request.
KVM requires a running kernel inside the VPS, whereas OpenVZ runs many containers using a shared kernel. Therefore, if you need control of your own kernel you should opt for KVM. For example, you might need to modify or patch the kernel. On the other hand OpenVZ has a shared kernel used by all containers. Having a shared kernel gives a slight performance advantage as there is no overhead from running a kernel within a kernel.
OpenVZ is simpler, and is easier to manage as a result. KVM has many more options and settings which can cause complication.
One of our customers recently told us they are using their BHost VPS to run Mail-in-a-Box. It’s a fantastic, easy to use way to create a mail / productivity server so we thought we’d blog about it here.
Importantly the developers of Mail-in-a-Box have been very security focused, for example by ensuring Let’s Encrypt based TLS encryption can be deployed easily.
Mail-in-a-Box lets you become your own mail service provider in a few easy steps. It’s sort of like making your own gmail, but one you control from top to bottom.
Technically, Mail-in-a-Box turns a fresh cloud computer into a working mail server. But you don’t need to be a technology expert to set it up.
They’ve also created a fantastic video running through the steps to install:
This type of attack is often utilised by criminals as a method of conducting Distributed Denial of Service (DDoS) attacks. In a DNS amplification attack the malicious actor executes a large number of DNS queries while spoofing the IP address of the intended target.
The open DNS resolvers are queried with the response being directed to the IP address of the target flooding the victim with unwanted data traffic. A degree of amplification is involved so that a small request can suddenly result in a huge response.
The result of this flood of data packets can be a reduction in the quality of service of the internet (slower web traffic), loss of availability of websites, or loss of network resources or services.
Check if you’re vulnerable
The easiest way is to see if the machine accepts a DNS query from an outside IP address. Do not test from the VPS itself, as it’s likely you want your DNS server to accept queries from localhost. Test from another machine.
For example, you’ll see Google’s public DNS servers (obviously) provide an output to the following:
dig @18.104.22.168 +edns=0 +ignore com ANY
But try on our test server lg-uk1.bhost.net
dig @lg-uk1.bhost.net +edns=0 +ignore com ANY
will produce no response.
Take Action to Mitigate
Please consider reconfiguring your resolver in one or more of these ways:
– To only serve your customers and not respond to outside IP addresses (in BIND, this is done by defining a limited set of hosts in “allow-query”; with a Windows DNS server, you would need to use firewall rules to block external access to UDP port 53)
– To only serve domains that it is authoritative for (in BIND, this is done by defining a limited set of hosts in “allow-query” for the server overall but setting “allow-query” to “any” for each zone)
– To rate-limit responses to individual source IP addresses (such as by using DNS Response Rate Limiting or iptables rules)